Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

EmpowerID is an extendable Identity and Access Management (IAM), Single Sign-On and workflow development platform that uses hundreds of workflows and thousands of workflow operations with real-time access checks to give organizations the security tools needed to control who can do what, where and when with their resources. Workflow Studio is the process designer and developer tool used by EmpowerID to create these workflows. As a developer, you can access these workflows from Workflow Studio, using them as templates for your own workflows. Or you can create new workflows and workflow processes to meet any evolving needs your organization may have.

WHAT IS A WORKFLOW?

A workflow is a series of activities that model the steps involved in a business process. It is a logical, sequential representation of the actual activities performed by the people or systems that interface Workflow Studio is EmpowerID's integrated development environment (IDE) designed specifically for developers to create, modify, and extend workflows. With Workflow Studio, you gain access to a comprehensive set of tools that streamline the design and customization of workflows to fit the unique needs of your organization.

Key Features of Workflow Studio:

  1. Pre-built Workflow Templates – Workflow Studio offers a vast library of pre-built workflows, covering common IAM and SSO scenarios. Developers can leverage these templates to save time and effort, ensuring a solid foundation for their custom workflows.

  2. Visual Process Designer – The intuitive drag-and-drop interface of Workflow Studio allows developers to easily design and modify workflows without extensive coding. The visual process designer simplifies the creation of complex workflows and enables rapid development.

  3. Extensibility and Customization – Workflow Studio is built with extensibility in mind, empowering developers to create custom workflow activities, integrate with third-party APIs, or develop unique functionality to address specific organizational needs.

  4. Version Control and Collaboration – Workflow Studio supports version control and collaboration features, allowing development teams to work together efficiently, track changes, and maintain a history of workflow modifications.

  5. Debugging and Testing – Workflow Studio includes debugging and testing tools that enable developers to validate and troubleshoot their workflows before deploying them in a production environment.

By harnessing the power of Workflow Studio, developers can effectively create, customize, and deploy robust workflows that cater to their organization's specific requirements, streamline operations, and enhance overall security and access management.

What is a workflow?

A workflow is a sequence of activities that mirrors the steps in a business process. It provides a logical, orderly representation of the actual tasks carried out by individuals or systems interacting with a business model. In EmpowerID, workflows serve as the workflow is the primary means by which users interact primary method for users to engage with IT resources to accomplish achieve specific organizational tasks. All workflows have at least two layers:

  • process layer that represents the workflow and how it functions in a business environment

  • and a data layer that represents the information being captured by the workflow.

Workflows using these layers are generally automated and initiated by pre-determined processes and can be used to capture data for reporting, compliance, and other needs.

Other workflows are user-centric. They do not occur in response to automated system events, but require human interaction, whether that involves simply clicking a button to initiate a workflow or entering and manipulating data at various points of the workflow's lifecycle. Like automated workflows, user-centric workflows comprise process and data layers, but they contain an additional layer as well as:

  • presentation layer that presents itself to the end-user.

Known as the form or lookup, the presentation layer gives users functional access to a workflow by providing the interface that allows them to work with business objects and dataobjectives.

There are three primary layers in a workflow:

  1. Process Layer – This layer represents the logical flow of the activities within a workflow. It defines the sequence and conditions of tasks, decision points, branching, and parallel execution paths.

  2. Data Layer – The data layer captures and manages the information processed throughout the workflow. It includes input and output data, intermediate variables, and any data transformations or manipulations required by the workflow activities.

  3. Presentation Layer – This layer is specific to user-centric workflows that require human interaction. It provides the user interface (UI) through which end-users interact with the workflow, input data, or make decisions.

Info

In the EmpowerID model, users never directly interact with a workflow; rather, they interact with what is known as a request workflow. A request workflow is one of the resource types registered in the EmpowerID Identity Warehouse that is related to resource acquisition and management. A specific request workflow is an Identity Warehouse resource record corresponding to an EmpowerID workflow that is used to control who may interact with the workflow.

A typical EmpowerID workflow is comprised of a number of components. Depending on the purpose of the workflow, not all of these need to be present.

...

Forms

Forms provide offer components that allow enable users to enter input information into a workflow, which can then subsequently be captured collected and used utilized throughout the workflow. Form data is incorporated Workflow Studio incorporates form data into a workflow in this way through a compilation and publication process by which Workflow Studio creates a special , creating a specific type of activity , known as called a "Form activity." Once publishedUpon publication, Form activities can be added to integrated into workflows, where the Workflow Studio's drag-and-drop property binding capabilities of Workflow Studio can be used to send facilitate the transfer of form data to and from other workflow objects at during runtime.

Form Components

Form components used in Workflow Studio comprise two category types: Primitives and are divided into two categories: Primitives and RBAC Components. Primitives allow you to place enable the inclusion of simple objects, such as drop-downs, calendar controls, and fields, on a form. Conversely, while RBAC Components allow you to place for the incorporation of properties of from objects bound to EmpowerID-protected resources on a form. Each of these RBAC components can be used employed to return retrieve the properties of these protected resources for use in within a workflow.

For exampleinstance, if you want need to capture data specific to a workflow initiator with an EmpowerID identity, you can add an RBAC Component for a Person object to a form, incorporating into your form design only those . This allows you to integrate only the relevant properties (person attributes) relevant into your form design, according to your data needsrequirements.

Form Types

Workflow Studio provides for offers two types of forms in for workflow useusage: the  User Input  form forms and the  User Decision  formforms. The type choice of form used depends on the type of desired functionality needed at a given specific point in a the workflow.

  1. User Input forms – These forms allow users to

...

  1. input information and submit the data back to the workflow for use in

...

  1. subsequent activities.

...

  1. User Input forms appear to any user running the workflow at

...

  1. the point in the process

...

  1. where the

...

  1. form is placed.

...

  1. They can be used anywhere within a workflow and

...

  1. are often the first form encountered

...

  1. . For example

...

  1. , in a workflow that

...

  1. enables users to

...

  1. request

...

  1. resources or

...

  1. other

...

  1. actionable

...

  1. events, you can add

...

  1. a shape derived from a User Input form

...

  1. , allowing users to enter and submit

...

  1. their request details back to the workflow

...

  1. . The workflow then moves to the next step

...

  1. as

...

  1. dictated by the business requirements

...

  1. .

  2. User Decision forms – These forms appear within

...

  1. a workflow when the process

...

  1. requires further user input or

...

  1. approval to

...

  1. proceed.

...

  1. Typically, User Decision forms derive their data from

...

  1. a User Input form and are used when a response to that data is

...

  1. necessary. Based on the User Decision Form Base Activity developed by

...

  1. EmpowerID, these forms offer routing options

...

  1. , create workflow tasks

...

  1. for approvers, and send email notifications about the request to all

...

  1. relevant parties. When a workflow

...

  1. encounters a User Decision Form activity,

...

  1. it enters an

...

  1. idle state until a response

...

  1. or

...

  1. escalation occurs

...

  1. . Continuing the previous example, after a user submits a resource request

...

  1. via a User Input form, you could add

...

  1. a shape derived from a related User Decision form as the next step

...

  1. , requiring a user decision for the workflow to

...

  1. advance.

ACTIVITIES

Activities, or shapes, are the building blocks of the EmpowerID workflow and contain the logic that defines a specific step or process within a given workflow. In EmpowerID, workflow activities can be serve as the foundational elements of EmpowerID workflows and encapsulate the logic defining specific steps or processes within a workflow. Workflow activities in EmpowerID can be categorized as Form activities, Lookup activities, or Operation activities.

Form and Lookup activities comprise make up the presentation layer of an EmpowerID workflow. They are what users see and interact with when working in a workflow, representing the user interface elements that users interact with during the workflow process. EmpowerID captures the data entered into the form fields and/ or drop-downs of these user interface elements of a workflow, binding it to the workflow in a way manner that ensures the integrity of the data is maintained maintains data integrity throughout the workflow's lifecycle.

Operation activities are activities based on the EmpowerID workflow authorization framework that , which the workflow uses employs to determine at runtime if the current user in a workflow process can has permission to execute the code in that activity against a specific object (such as changing his or her e.g., changing their own profile picture). If the person can user is authorized to perform the task, the workflow continuesproceeds; if the person cannot perform the tasknot, EmpowerID routes the task to any designated approvers, who must approve the request for the code to be executedexecution. Activities are joined to one another connected by lines to allow , allowing the workflow to progress advance from one workflow process to another.

In Workflow Studio, activities are comprised of can be divided into two types: Form activities  and and Operation activities.

Form Activities

When you publish a form is published in Workflow Studio, a special activity, known as a unique "Form activity," is generated and published to the EmpowerID Identity Warehouse. In this activity type of activity, the form fields are generated created as dependency properties, enabling allowing you to use leverage the drag-and-drop property binding capabilities of Workflow Studio to send data to and from the form. To use incorporate an existing published form in a workflow, you simply add the generated activity into to the workflow.

Operation Activities

Operation activities are activities , based on the EmpowerID workflow authorization framework used to , determine if the current user in a workflow process can execute the code contained in within that activity. They determine at runtime At runtime, they ascertain if the current user has possesses any EmpowerID roles with the necessary operations operations to perform the attempted action against the target resource(s) to perform the action being attempted, and handle any approval process required if they do notand manage any required approval process. Approvals are routed using the EmpowerID Rights-Based Approval Routing (RBAR) technology to any individuals that have been granted the ability to perform the operation against the target resource. The operation Operation activities protect safeguard the execution of the "action" code for that activity as designed in Workflow Studio.

Each operation activity is derived from the the OperationWorkflowBase  activityactivity, which exposes a number of various methods and other members implemented by the deriving activities. Workflow Studio provides offers templates that allow for the quick creation of several different types of facilitate the swift creation of diverse operation activities, depending on the number of resources involved in the workflow process. These include:

  1. Single Multi-Operation Activity

...

  1. – Utilized for creating Operation activities with one

...

  1. involved resource capable of executing multiple operations.

  2. Dual Multi-Operation Resource Activity

...

  1. – Employed for creating Operation activities with two

...

  1. involved resources capable of executing multiple operations.

  2. Triple Multi-Operation Resource Activity

...

  1. – Applicable for creating Operation activities with three

...

  1. involved resources capable of executing multiple operations. An example of a triple operation is

...

  1. changing a person's primary business role and location operation. To perform this operation, security is checked on the Person, Business Role, and

...

  1. Location.

BUSINESS RULES

Often when When developing workflows, business requirements call for the possibility of different outcomes depending on conditions at the time a workflow executes. For exampleoften demand varying outcomes based on the conditions present during workflow execution. For instance, some users may be able to initiate a workflow but may not have lack the appropriate permissions to perform all the operations associated with some of the certain activities in that workflow, while others may have possess all the necessary permissions necessary to execute every operation encountered by within the workflow. In these such cases, outcomes need to differ. In the case of users lacking permissions, the process should route their actions must differ. Users without permissions should have their actions routed for approval before executing them and remove them execution and be removed from the process if approval is denied. And users Users with full permissions should be able to complete each business process task in the workflow without interruption. You meet these These requirements are met through the use of Business Rules.

In Workflow Studio, Business Rules are Boolean expressions that you write create and apply to the lines that connect connecting activities to one another at points where the process can flow in different directions depending diverge based on the conditions encountered by the activities. When you apply a Business Rule is applied to an activity line, you are setting it sets the conditions that determine dictate whether the process can flow through that line or not. If the Business Rule expression evaluates to to true, the process flows through the line and on proceeds to the next activity; conversely, if the Business Rule expression evaluates to to false, the process cannot flow through the line and must take another follow an alternative path. Generally speaking, one Business Rule applies to any two lines that exit exiting a given activity and must evaluate to true for one of the lines and false for , evaluating true for one line and false for the other.

Business Rules can only be implemented with Flow Chart workflows only because only Flow Chart workflows allow you to create , as they allow the creation of multiple exit points on a single activity. Other workflow types of workflows require you to use using IfElse activities and branching to create the same achieve a similar effect. The use utilization of flow chart charts and Business Rules allows you to simplify enables process flow simplification.

The below image shows an example of following image illustrates how Business Rules determine the outcome of a workflow's outcome. In the image, a user initiates a workflow and encounters the first activity without eventany issues. The activity executes any the code, and the process flow flows to the Operation Activity, which contains operations against protected resources. In order to To execute the operations, the user must have those operations allowed permitted for the resources being acted against targeted by the Operation Activity before continuing. If the user has is granted or approved for those operations allowed or is approved to perform them, the code in within the Operation Activity is executed executes against those the resources, and the process continues to other activities in the workflow. If the user does not have those operations allowed lacks the necessary permissions for the resources in question, and is denied them by an approver, the code in within the Operation Activity is not executed remains unexecuted, and the process flows to the Exit Workflow activity. In both cases, the controlling factor for which path the process flow is the Business Rule applied to the activity lines serves as the controlling factor for the process flow.

...

In this example, the same Business Rule is applied . It is only to both activity lines, but the evaluation of the rule's logic that differs. For this example, the The logic of the Business Rule could look like might resemble the following code:

Code Block
return CurrentWorkflow.OperationActivity.OperationExecuted

This code simply returns the value of OperationExecuted. When using a Business Rule with activity lines, you direct control the flow by applying the evaluation of the Business Rule to the lines. Thus in In the above image above, the line connecting the Operation Activity to the other activities has a Business Rule applied with an evaluation of true and , while the line connecting the Operation Activity to the Exit Workflow activity has a Business Rule applied with an evaluation of false. This approach ensures that the workflow proceeds based on the user's permissions and the outcomes of the Operation Activity.

ESCALATIONS

In a Workflow Studio workflow application, Operation and Form activities can be configured with rules , known as called Escalations, that which direct the workflow to take specific actions when conditions required to complete a business task process do not occur within a specific timeframe. They certain conditions are not met within a predefined timeframe. Escalations are scheduled time interval objects you create to raise certain designed to trigger specific events within the workflow when the defined time interval defined by the escalation expires.

These events can range from the sending of emails and dashboard notifications to users when a workflow process requires human interaction to continue, to directing the workflow to complete the process if human interaction with does not occur within a given period of time. Escalations ensure that a workflow process does not idle indefinitely while waiting for user input and become disabled when tasks pertaining related to them are completed.

Workflow Studio provides offers several default actions that you can apply to an escalation to define what occurs happens when the Escalations job raises triggers the escalation. These actions are coded events that occur according to based on the schedule parameters entered in the wizard that allow , allowing you to define what occurs happens when the escalation is raised in a workflow without the need to write code for that eventwriting custom code. These default actions are available accessible via the Escalations wizard, and you can add them to an escalation at any time. They include the following:

  • Complete Task —This – This directs the escalation to complete the activity with a hard-coded form decision if human intervention does not occur after a specified amount of time. If a succeeding rule has been added to the activity, you can direct the escalation to override that rule.

  • Notify Approvers Manager —This – This directs the escalation to send an email notification to the manager of the approver in if the event the approver does not respond within a specified amount of time. This requires that the manager be set on an account owned by the person.

  • Re-Notify Approvers —This – This directs the escalation to send a reminder email of the task awaiting their approval in the event if the approver does not respond within a specified amount of time.

PUTTING IT ALL TOGETHER

Using these components, the process of a typical EmpowerID workflow could look like that depicted below. In the image, the Presentation Layer is separated from the Data and Process Layers to allow you to more easily see what happens when a workflow is initiated. Although we have separated the layers for depiction purposes, in reality, all three layers contain elements of one another and are inseparable in the workflow process.

...

From

In the image, we can see that the workflow contains a number of example provided, the EmpowerID workflow comprises several activities, data bindings, and Business Rules. Each of these workflow components , which work together to direct what happens in a control the workflow and how it happens.

...

its processes. The typical workflow process can be outlined as follows:

  1. A user initiates the workflow.

  2. EmpowerID presents a form or lookup (the Presentation Layer) to

...

  1. the user, which requires

...

  1. data input

...

  1. .

  2. The data entered in the form or lookup is bound to a second activity, which uses the data to perform some type of work.

  3. The workflow progresses to an Operation Activity, which checks the access of the

...

  1. user initiating the workflow before allowing its code to be executed. If the

...

  1. user lacks the authority to proceed, EmpowerID routes the operation to

...

  1. designated approvers, placing a task on their dashboards and sending email notifications as appropriate. At least one approver must approve the request before the workflow can progress.

...

  1. The process flows to one of two activities based on the response of the approver and the logic of the Business Rule applied to the lines connecting the Operation activity to those activities. In

...

  1. this example, the red line

...

  1. represents the process

...

  1. flow if the approver denies the request, and the green line

...

  1. represents the process

...

  1. flow if the approver approves the request.

  2. If the request is approved, the workflow proceeds to the Wait activity (designated by the diamond shape), which idles the workflow for a predetermined period

...

  1. to allow the initiator to perform some tasks. If the request is denied, the workflow proceeds to the Final activity

...

  1. (designated by the oval shape

...

  1. ) and exits the workflow.

  2. Once the idle time passes, the process flows either to the second Operation activity or the Final activity, depending on the logic of the Business Rule applied to the two lines connecting the Wait activity to

...

  1. those activities.

  2. If the request is approved, the workflow loops back to the Wait activity, where the process outlined in step 6

...

  1. repeats itself. If the request is denied, the workflow proceeds to the Final activity and exits the workflow.

This workflow example demonstrates how EmpowerID uses various components to manage and control the flow of a typical process, ensuring that tasks are performed as expected and that users with appropriate permissions can execute the necessary operations.