1.2 Workflow

More than likely, user access to many of the resources in your organization doesn’t require anyone’s approval. However, access to other resources might be restricted and require approval from one or more individuals.

Identity Manager provides workflow capabilities to ensure that your provisioning processes involve the appropriate resource approvers. For example, assume that John, who has already been provisioned with an Active Directory account, needs access to some financial reports through Active Directory. This requires approval from both John’s immediate manager and the CFO. Fortunately, you’ve set up an approval workflow that routes John’s request to his manager and, after approval from his manager, to the CFO. Approval by the CFO triggers automatic provisioning of the Active Directory rights needed by John to access and view the financial documents.

Figure 1-6 Approval Workflow for User Provisioning

Workflows can be initiated automatically whenever a certain event occurs (for example, a new user is added to your HR system) or initiated manually through a user request. To ensure that approvals take place in a timely manner, you can set up proxy approvers and approval teams.