Workflow overview

A workflow defines a sequence of activities that represent a business process. We can use workflows to customize account provisioning and access provisioning, and lifecycle management.

A workflow is a set of steps or activities that define a business process. We can use ISIM workflows to customize account provisioning and lifecycle management. For example, you can add approvals and information requests to account or access provisioning processes. We can integrate lifecycle management processes (such as adding, removing, and modifying people and accounts in Security Identity Manager) with external systems. Security Identity Manager provides these major types of workflows:

Operation workflows
Use operation workflows to customize the lifecycle management of accounts and people, or a specific service type, such as all Linux systems.

Operation workflows add, delete, modify, restore, and suspend system entities, such as accounts and people. We can also add new operations that the business process requires, such as approval for new accounts. For example, you might specify an operation workflow that defines activities to approve the account, including notifications and manager approvals.

Account request and access request workflows
Use account request and access request workflows to ensure that resources such as accounts or services are provisioned to users according to the business policies of our organization. The term entitlement workflow was previously used for this workflow type in Security Identity Manager Version 4.6.
  • An account request workflow can be bound to an entitlement for an access or an account.

    In provisioning policies, an entitlement workflow for accounts adds decision points to account requests, such as adding or modifying an account. If the request is approved, the processing continues; if the request is rejected, the request is canceled.

    The account request workflow is started during account provisioning requests, including adding and modifying an account, made by a Security Identity Manager user or made during account auto provisioning. An account request workflow can be also started during an access request if there is no access request workflow defined.

  • An access request workflow is bound to an access by the access definition, rather than by a provisioning policy. This workflow can specify the steps and approvals that authorize access to resources in a request.

    The access request workflow is started only for access requests that are made by a Security Identity Manager user. The workflow is not started if the access is provisioned for the user as a result of an external or internal account request. An external account request is an account request made by a Security Identity Manager user. An internal account request is an account request made by the ISIM system. For example, an auto account provisioning gives the user a default or mandatory group that maps to an access.

Parent topic: Technical overview