16.1 Adding a Workflow

By default, the Add Workflow option is enabled. If you do not find this option in Roles and Resources page, you must first enable it from the Settings page. For more information, see General Settings.

You can add a workflow in Roles and Resource catalog based on system templates. For more information on system templates, see System Templates and Template Forms. Let us understand the workflow addition process through a two-step serial approval workflow example.

To add a workflow:

  1. Click Administration > Roles or Administration > Resources option.

  2. Select the required Role or Resource that you want under workflow control and click Add Workflow.

  3. A new WORKFLOW TEMPLATE SELECTION window is displayed. Select Approval Step(s) as Two and Approval Type as Serial and click Next.

    These workflow templates are obtained from the System Templates bundled in Create Workflow Templates package for with User Application Driver in Designer.

  4. A new Create Workflow Form window is displayed. Under General, specify the tabulated details and click Next.

    Field

    Description

    Identifier (CN)

    Specify the unique CN (common name) for the workflow.

    Name

    Specify the display name for the workflow. This is the name that is displayed to the user in Designer and Identity Applications (idmdash).

    Description

    Specify the description for the workflow.

    Status

    Specify the status for the workflow creation as either:

    Active:Select this option to make the workflow available for use in the Identity Applications after successful creation.

    Inactive:Select this option to make the workflow temporarily unavailable for use in the Identity Applications. Administrator has to use Designer to make the workflow active and deploy to Identity Applications.

    You can use this option when you want keep the roles of the person who develops the workflow separate from the person who activates the workflow. For example, a developer could be responsible for marking the workflow as Inactive, and an administrator could be responsible for changing the status to Active.

    NOTE:Use Designer for editing workflows created through Add Workflow for Roles or Resources.

    Permission

    Displays the selected role or resource for which the workflow is being created. This field is not editable.

    Permission binding

    Specify if you want the workflow to have either request binding activity or request activity.

    The request binding activity directly approves or denies the permission without going through further approval process set on the permission. Whereas the request activity makes a request for the permission and then go through further approval process set on that permission.

  5. Under Request Info, select the required request form, specify the details, and click Next.

    You can use this view to map data from the data flow into fields in a form (pre-activity mapping) and to map data from the form back to the data flow (post-activity mapping).

    For pre-activity mapping, specify the Source Expression for the item that you want to map. For post-activity mapping, click in the Target Expression field for the item that you want to map, and specify an expression.

    For more information, see Workflow Activity Reference in the NetIQ Identity Manager - Administrator’s Guide to Designing the Identity Applications.

  6. Under Approval Info, specify the tabulated details for approval activity. Depending on the number of approval step(s) selected for the workflow initially, provide the details for those number of approvals.

    Fill in the details for First Approval and Second Approvalhere and click Next.

    Field

    Description

    Approvers

    Specify the approver for the workflow. An approver can be a manager, initiator, user, or group.

    Select Approval Form

    Lists all the forms displayed under Approval forms category. Select an approval form from the list.

    Escalation Timeout

    Specifies a dynamic expression that defines (in terms of number of days) the period of time allotted for the approver to complete the activity.

    Escalation Addressee

    Specifies a dynamic expression that identifies the user who should get this task if the escalation timeout limit has been reached. The escalation addressee is determined at runtime, based on how the expression is evaluated.

    Approval Timeout

    Specifies a dynamic expression that defines (in terms of number of days) the period of time allotted for the escalation addressee to complete the task.

    Timeout Action

    Determines the final state of the request in the event that the workflow times out. The choices are:

    • Approved

    • Denied

  7. Under Finish, specify the notification details and click Create Workflow.

    Field

    Description

    Notification Required

    Specifies whether approvers are notified by email about pending approval tasks, and whether initiators are notified by email of workflow completion.

    Trustees

    Specifies the users, groups, or containers that can read, compare, and browse the roles. (Read, compare, and browse are the default privileges.)

The created workflow is successfully attached to the selected Role or Resource. Now when a user request for the workflow to request a Role or Resource, the request and approval process will be as per attached workflow.

The workflows are saved in the Identity Vault which can later be imported into Designer for modifications.

NOTE:

  • Note that a workflow created using Add Workflow cannot be modified or deleted in Identity Applications.

  • If workflow addition to the selected Role or Resource fails, check catalina log file for error messages in order to debug the issue.