> For the complete documentation index, see [llms.txt](https://docs.personify.be/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.personify.be/concepts/workflows.md).
# Workflows
All changes on entity objects are a possible subject of a defined workflow.
{% hint style="info" %}
Consider the following subtle difference between authorization and execution : somebody **can** assign a entitlement to somebody, but if it is going to be **effective** can be determined by a workflow.
{% endhint %}
If you go to the vault and select the tab *>governance>workflowconfigurations*, you will see an example of some defined workflows.
editing a workflow configuration
A workflow configuration is a combination of a **action**, possible **concept type**, a **type of workflow** and some configuration.
By default a workflow with approval of a organisation administrator is configured, amongst others.\
The workflow engine finds back the organisation for the related concept/entity and creates a workflow task for the organisation administrators of that organisation.\
You can check the configuration of this workflow as an example.
Possible actions are :
* CREATE
* UPDATE
* DELETE
Possible concept types are:
* IdentityType
* OrganisationType
* Identity
* Organisation
* Entitlement
* Transformer
* ProvisioningUnit
* OrganisationTypeAssignment
* OrganisationAssignment
* EntitlementAssignment
* EntitlementRequest
* Device
* EntitlementConflict
* Application
* Scope
Possible workflows are:
* APPROVAL\_ROLE
* APPROVAL\_ORG\_ADMIN
* APPROVAL\_ATTRIBUTE\_MATCHER
## Organisation administrator approval
This workflow is try to find back the **organisation** linked to the entity. Then it is creating a task for each identity linked to that organisation having the role organisation administrator. \
If no approvers found, it throws an exception and the concepts remain locked.
Following **configuration** can be changed
| Name | Description |
| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| roles | configuration defining the roles/entitlements of the identities that have to approve within the organisation, separated by a comma if multiple roles are allowed (OR), defaulting to ADMIN\_ORG |
| linkApprove | the link used to approve the entity ( in the email ) |
| linkReject | the link used to reject the entity |
| mailTemplate | the name of the template to use while sending the notification |
| autoApproveIfSelfRequest | automatically approve the task if the requestor is the same as the approver, defaults to true |
| createNotification | create a notification for the approver, defaults to true |
| maximumNrOfTasksToCreate | maximum number of tasks to create, defaults to 10 |
## Role/Entitlement approval
This workflow is going to create a task for all identities having the roles that are defined in the configuration
Duplicate identities are filtered and auto approve is supported when the requestor is matching the approver.
Following **configuration** can be changed
| Name | Description |
| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| roles | required configuration defining the roles or entitlements ( cross organisation ) of the identities that have to approve, separated by a comma if multiple roles are allowed (OR) |
| autoApproveIfSelfRequest | automatically approves the task when the requestor is also assigned as an approver. no notification is sent ( default true ) |
| createNotification | creates a email notification containing a link to immediately approve or reject ( default true ) |
| maximumNrOfTasksToCreate | the maximum number of tasks ( for different identities ) to create, if the treshhold is reached, no more tasks are created ( default 10 ) |
| linkApprove | the link used to approve the entity ( in the email ) |
| linkReject | the link used to reject the entity |
| mailTemplate | the name of the template to use while sending the notification |
## Attribute matcher workflow
This workflow is going to create a task for identities that contain a matching attribute with the related concept.
Identity A has a attribute manager that contains value BB.\
Identity B has a attribute managerid that contains the value BB.
It can now be configured that a update of identity A has to be approved by identity B by setting the *conceptAttribute* to manager and the *approverAttribute* to managerId.
| Name | Description |
| ------------------------ | ----------------------------- |
| approverAttribute | the attribute of the approver |
| conceptAttribute | the attribute of the concept |
| autoApproveIfSelfRequest | |
| createNotification | |
| maximumNrOfTasksToCreate | |
| mailTemplate | |
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.personify.be/concepts/workflows.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.