You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Overview of No Code Flows

In the interplay between business operations and IT, administrative tasks often necessitate orchestrating an array of actions and workflows. Traditional approaches often rely on coding expertise, which can introduce a barrier to rapid and secure workflow management. EmpowerID's No Code Flows serves as a secure solution to this constraint, affording administrators a framework to design, manage, and enhance intricate workflows without traditional coding.

Built on a component-based architecture, EmpowerID’s No Code Flows offers administrators a variety of predefined elements for workflow construction. This modular approach aids in seamlessly connecting disparate stages of a business process, from data acquisition to approval mechanisms and task delegation.

For administrators, comprehending the No Code Flows system is vital. This article provides an introductory look into its key components, features, and functionalities, equipping you with the knowledge needed to effectively utilize No Code Flow in your organization. It also serves as a gateway to specific how-to topics for further guidance.

Benefits of No Code Flows

Unlike traditional coded solutions that may require frequent security assessments for each line of custom code, No Code Flows are built on a secure, audited framework. This reduces the attack surface and enhances the system’s security posture. Its modular nature also means that each predefined component undergoes rigorous security testing, offering an added layer of trust and compliance.

The architecture facilitates real-time monitoring and auditing, delivering transparency into who has initiated or modified a process and at what time. This is critical for organizations where compliance with industry regulations is required. Tracking and auditing functionalities within No Code Flows instills confidence in the system and contributes to the organization’s overall security measures.

No Code Flows' inherent scalability and flexibility enable an agile response to evolving business requirements and security landscapes. Whether you are tasked with automating approvals, steering user onboarding, or coordinating complex workflows, EmpowerID’s No Code Flows delivers a secure, efficient, and adaptable tool for managing contemporary business processes.

Understanding the Core Components of No Code Flows

No Code Flows is a powerful and flexible platform specifically designed to simplify the automation of business processes. It consists of interconnected components, each playing a vital role in enhancing operational efficiency. Instead of relying on coding skills, No Code Flows adopts a set of easily configurable and well-defined building blocks, offering businesses the scalability and logical framework needed to create workflows that align with their unique requirements. These components seamlessly integrate to provide organizations with the agility and efficiency necessary to automate their operations effectively and at scale. In the following sections, we will examine each of these components to demonstrate how No Code Flows can enhance the operational landscape of businesses.

Flow Events

Flow Events are essentially the starting point of any workflow. They act as triggers that initiate a business process. For instance, a Flow Event could be a new employee joining the organization, which would then trigger a series of onboarding tasks.

When an event is triggered, it is directed to the Flow Event Inbox. This inbox serves as a queue, holding the events until they are processed by the system. Other examples of Flow Events could include "Mailbox Discovered," "Account Takeover," or "Person Leaver." Each event represents a unique scenario that necessitates specific actions.

Person Leaver Flow Event

Here’s a closer look at each of the above-mentioned examples:

Mailbox Discovered

In the context of managing user identities and resources, discovering a new mailbox is an event that may trigger a series of actions. For instance, you might need to verify the new mailbox, add it to certain distribution lists, or set up appropriate security and access controls.

Account Takeover

The “Account Takeover” event would be a critical security-related trigger. This event could signify potential unauthorized access or control over an account. To detect this event, the No Code Flow may involve suspending the account, notifying security teams, initiating an investigation, or implementing additional security measures.

PersonLeaver

The “Person Leaver” event is triggered when an individual, such as an employee or a contractor, leaves the organization. In response to this event, a No Code Flow might involve disabling the person's account, removing them from groups, archiving their emails, or revoking access to company resources.

Flow Events Library

Flow Items

Flow Items are the specific tasks or actions to be performed in response to Flow Events. Each is designed to handle a particular facet of the event response. For example, if a Person Leaver event is detected, Flow Items could include actions like "Remove this person from all groups" and "Disable all accounts belonging to this person."

Flow Items contain several parameters that together form a directive for the system. These parameters define the specific action, the target, and the scope of resources it should affect.

Item Type Action

Each Flow Item has an Item Type Action associated with it, specifying the exact task to be executed. For instance, “Bulk Remove Person Group Membership” might be an Item Type Action assigned to a Flow Item. This action suggests that, as part of responding to a specific Flow Event, the system should remove a person from multiple group memberships.

Item Type Scope

Alongside the Item Type Action, each Flow Item also possesses an Item Scope Type. This parameter determines the range within which the Item Type Action will execute. For example, “Remove All Non-RBAC Group Accounts for Person” could be an Item Scope Type. This suggests that the “Bulk Remove Person Group Membership” action would apply to all group accounts associated with a person not managed by Role-Based Access Control (RBAC).

Item Collection Query

In addition to Item Type Action and Item Scope Type, Flow Items also incorporate an Item Collection Query. This parameter is an SQL statement that the system executes against specific resource types to gather resources related to the Flow Item and the Item Scope Type. For example, within a Flow Item labeled "Disable All Person Accounts" with an Item Scope Type of "All Accounts for Person," the query retrieves all user accounts owned by the individual who is the subject of the Flow Item.

 

In effect, the Flow Item, the Item Type Action, the Item Scope Type, and the Item Collection Query collectively form an instruction for the system. They define what action to take, where to apply it, and the scope of resources it should impact. Administrators can construct complex, automated workflows that respond effectively to various Flow Events by stringing together multiple Flow Items within a Flow Definition (discussed below).

Flow Items Library

Flow Definitions

Think of a Flow Definition as a set of instructions. It's a container that holds one or more Flow Items, which are steps the system follows to react to a particular event. Flow Definitions serve as templates for business processes, outlining how Flow Items are orchestrated in response to a specific Flow Event. For example, a "Person Leaver" event could trigger actions like disabling accounts and removing the person from all groups.

Person Leaver Flow Definition with Flow Items

 

Flow Definitions Library

Flow Policies

The No Code Flows framework of EmpowerID operates through a central mechanism known as Flow Policies. These policies form a bridge between particular events and their corresponding automated responses, facilitated by Flow Definitions. As the core rule set for No Code Flows, Flow Policies specify which Flow Definitions to trigger in response to certain Flow Events.

Moreover, these policies offer the ability to create numerous rules for a single event, allowing for adaptability and quick response to changing organizational requirements. For example, a company might have distinct procedures for when an internal employee exits versus when an external consultant's contract concludes. The organization can establish a unique Flow Policy for each circumstance in such cases. An "internal departures" policy might entail disabling access to select internal systems, whereas a policy for "external departures" could involve revoking temporary access permissions.

 





 

Customizable to Your Organization's Needs

One of the key strengths of Flow Policies lies in their adaptability to an organization's specific requirements and policies. A company can define a wide range of Flow Policies to respond to numerous different Flow Events, each with its unique sequence of Flow Items defined by the respective Flow Definition. This ensures the appropriate automated response is carried out swiftly and efficiently, aligning with organizational practices and requirements.

Flow Policies and Flow Definitions: A Unified System

Flow Policies and Flow Definitions operate in unison to effectively manage business process orchestration. The Policies determine 'what' should happen in response to a specific event, while the Flow Definitions elaborate on 'how' it should happen. Together, they provide a comprehensive yet simplified, no-code framework for automated task execution.

The concept of Flow Policies, therefore, not only simplifies process management but also ensures that an organization’s response to events is consistent, reliable, and in line with its broader operational policies. As a component of EmpowerID's No Code Flows, Flow Policies represent a step forward in the intersection of process automation and identity management.

Additional Concepts

Business Requests

A Business Request is generated when an event triggers a Flow Definition. It represents a formal request to execute the actions defined in the definition.

Business Request Items

These are the individual tasks or actions that need to be executed as part of a Business Request. They are generated based on the Flow Definition, and each holds data related to the request, such as request data, assignee ID, and resource ID. Each item is processed independently in the order and time defined in the flow. Items at the beginning of the flow are executed first. If an item depends on the completion of another item, it will not be executed until the dependent item is completed.

Approval Flow Policies

Approval Flow Policies are used to direct Business Requests to the appropriate people for approval. For example, if a person changes their location within the organization, that change could be routed to the person’s manager for approval before certain resources are allocated to that person. If the Business Request is linked to an Approval Flow policy, the request could route for approval based on the assigned policies or be overridden and executed without requiring approval, as might be the case in person-leaver events.

Fulfillment Workflows

These workflows outline the procedure to be followed when a request item is approved, auto-approved by the system, or rejected, detailing the execution process for each scenario. Fulfillment Workflows are triggered once the Approval Flow policy has been completed and a decision has been made. Based on the outcome of the Approval Flow policy, different fulfillment workflow branches may be triggered to execute specific tasks or activities in response to an approved or rejected request. This could include updating information in systems of record, sending notifications to stakeholders, or performing post-decision activities.

Flow Execution Process

The Flow execution process in a No Code Flow involves the following steps. A graphical representation of the process follows the steps.

  1. The flow initiates with an event, such as “Person Mover.”

  2. The event is added to the Event Inbox.

  3. The applicable policies determine the flows that need to be run. These flows are then added to the Flow Inbox.

  4. Once in the Flow Inbox, each flow awaits processing.

  5. Upon processing, each flow creates a Business Request. This Request consists of multiple Business Request Items, which are individual tasks to be performed.

  6. Each Business Request Item represents an action to be performed. This could range from adding the resource to a group to disabling the resource.

  7. The sequence and timing of the Business Request Items are managed through the Flow Definition.

  8. Items requiring human approval are sent for approval.

  9. Upon human or system automated approval, each Business Request Item is sent to the Business Request Fulfillment engine, which executes the tasks, fulfilling the requests.