Workflows are automatically started when a user starts a provisioning request by requesting a resource. In addition, the User Application driver listens for events in the Identity Vault and, when configured to do so, responds to events by starting the appropriate provisioning workflows. For example, you can configure the User Application driver to automatically start a provisioning workflow if a new user is added to the Identity Vault. You configure the User Application driver to automatically start workflows using Identity Manager policies and rules.
You can use filters and policies with the User Application driver in the same way that you can with other Identity Manager drivers. When an event occurs in the Identity Vault, Identity Manager creates an XML document that describes the event. The XML document is passed along the channel to the connected system (in this case, the connected system is the identity applications). Filters and policies associated with a driver allow you to define how to respond to the event, and in the process transform that XML document to the format that is expected by the connected system. Identity Manager provides several categories of policies (for example, Event Transformation, Command Transformation, Schema Mapping, Output Transformation) that you can apply, in a prescribed order, to transform the XML document.
This section provides an example of starting a workflow based on events in the Identity Vault. Although any of the policies can be used to trigger a workflow, the example presented in this section demonstrates the easiest and most useful method.
When you create a User Application driver, an Event Transformation Policy is created for use by the driver. The Event Transformation Policy is responsible for creating the XML document that is processed by the remaining Subscriber channel policies.
NOTE:Do not change the Event Transformation policy that was created when the User Application driver was created. The DN of this policy begins with Manage.Modify.Subscriber. Changing this policy might cause the workflow process to fail.
An empty Schema Mapping Policy is also created. You can use this policy as a starting point for triggering a workflow, based on events in the Identity Vault.
The Policy Builder provides a Start Workflow action that simplifies the process of setting up a workflow to start automatically.
In iManager, expand theRole, then click .
Specify a driver set.
Click the driver for which you want to manage policies. Theopens.
Click the policy that you want to edit.
Clickto open the Policy Builder.
Type a name for the policy.
iManager displays a screen that lists defined policy rules.
iManager displays the.
Type afor the rule.
Selectfor the condition in
Use thebutton for the field to specify the Identity Vault attribute that you want to use to start the workflow.
For example, to start a workflow when a telephone number changes, select theattribute.
Use thelist to select the operator to use to test the specified attribute.
For example, to start a workflow when a telephone number changes, select.
Selectfrom the list.
Use the Object Selector in thefield to select the provisioning request definition that you want to be executed when the condition is true.
Theand are filled in automatically.
Type the password for the identity applications administrator in thefield.
We recommend using a named password, because typing a password in clear text is a security risk.
In thefield, specify the DN of the recipient of the workflow in LDAP format.
The expression for the recipient DN must evaluate to a DN that conforms to RFC 2253 format (in other words, cn=user,ou=organizational unit,o=organization). For example, you can click thebutton in the field to create the following expression to pass the recipient’s DN to the workflow:
Specify the arguments for the workflow in thefield.
You must use this field to specify theattribute, which is required by the workflow. You can click the button in the field to specify the attribute and create a value for the attribute (for example, “the recipient’s telephone number has changed”).
Clickto close the Rule Builder.
Clickto close the Policy Builder.
Clickto close the Policies screen.
Make sure that you add any attributes needed by the workflow to the filter.
In the example described in this procedure, you would need to addand to the filter.