Table of Contents

New Workflow Engine

The IdStory IDM includes a proprietary workflow implementation for use in approval processes. The goal is to enable administrators to configure approval processes easily and flexibly, with full control over the sequence and conditions of approval steps. Auditability and robustness of the entire process are ensured.

New Workflow Engine Adds Agendas:

Workflow Agenda

The workflow agenda serves to create definitions for individual workflows. A workflow defines a sequence of steps in the approval process using visual programming nodes, where each node represents one step of the approval process by a specific group (or individual) of approvers. The sequence of steps is visually displayed in the workflow definition and edited directly in the IDM editor.

Each node in the approval process has a specific type, and depending on the type, may have additional attributes. The result of each node’s evaluation is an output state (e.g., “approved” or “rejected”), which leads to the next node in the approval process.

Node Types

Control Nodes

Control nodes are not approval steps themselves but govern the evaluation of the approval process:

Condition Types in the Process

Approval Nodes

Approval nodes define a specific approval step with a set of approvers (could be a single approver). If the WF engine does not find anyone in the set of approvers (e.g., because no one has an assigned role), the approval task is automatically created for the administrator (login: admin).

Types of Approval Nodes

Approval Process Agenda

An approval process assigns a workflow to a specific event in IdM that requires approval. The system allows the same workflow to be used repeatedly for multiple events; however, some types of approval nodes (e.g., approval by role guarantor) can only be used with specific approval processes (e.g., those concerning role assignments).

Approval Processes

Each approval process includes:

Approval Process Management

Approval processes can be managed by an admin (controlled by IdM permissions) in the approval process agenda where:

Concurrency with Old Workflows

In the current IdM version, approval processes can be configured using both old workflows and the new system. In such cases, users will see two task agendas (Tasks and Tasks WF), each handling tasks from the respective approval processes.

Request ~ Task Relationship

A role change request can include multiple different changes - removal, addition, modification of individual roles. Each change creates its own instance of an approval workflow = process, according to the applicable approval process rules.

In the approval process, individual users approve or reject tasks. The request is executed = roles are assigned in IdM only after all approval processes are completed (approved or rejected). After the request is executed, provisioning to systems follows, and only approved changes are implemented.