sjeet84

Lieutenant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-15
09:15
1039 views
Use custom workflow for Role Access Requests in 4.7
Hi,
In IDM 4.7, Identity Applications dashboard (User Application) shows an option for user to click on 'New Request' option and request role access.
This however follows the default 'role access workflow' and my organizations requirement for approval flow is different.
So, is it possible to configure / set a custom workflow applicable for all role requests from this portal?
Thanks!
In IDM 4.7, Identity Applications dashboard (User Application) shows an option for user to click on 'New Request' option and request role access.
This however follows the default 'role access workflow' and my organizations requirement for approval flow is different.
So, is it possible to configure / set a custom workflow applicable for all role requests from this portal?
Thanks!
6 Replies
wschreiber1

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-15
11:44
Sure.
You'd have to create your own custom workflow with IDM Designer.
There you'll find workflow activities like "Role Request activity" and
"Role Request Binding activity" that will do what you need.
See the "NetIQ® Identity Manager Administrator’s Guide to Designing the
Identity Applications" documentation for details.
Wolfgang
On 15/05/2018 10:16, sjeet84 wrote:
>
> Hi,
>
> In IDM 4.7, Identity Applications dashboard (User Application) shows an
> option for user to click on 'New Request' option and request role
> access.
>
> This however follows the default 'role access workflow' and my
> organizations requirement for approval flow is different.
>
> So, is it possible to configure / set a custom workflow applicable for
> all role requests from this portal?
>
> Thanks!
>
>
You'd have to create your own custom workflow with IDM Designer.
There you'll find workflow activities like "Role Request activity" and
"Role Request Binding activity" that will do what you need.
See the "NetIQ® Identity Manager Administrator’s Guide to Designing the
Identity Applications" documentation for details.
Wolfgang
On 15/05/2018 10:16, sjeet84 wrote:
>
> Hi,
>
> In IDM 4.7, Identity Applications dashboard (User Application) shows an
> option for user to click on 'New Request' option and request role
> access.
>
> This however follows the default 'role access workflow' and my
> organizations requirement for approval flow is different.
>
> So, is it possible to configure / set a custom workflow applicable for
> all role requests from this portal?
>
> Thanks!
>
>
sjeet84

Lieutenant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-15
12:15
Thanks Wolfgang for your quick response.
As I understand, you are referring to "Writing Custom Role Workflows" section of https://www.netiq.com/documentation/identity-manager-47/identity_apps_design/data/prdef_guidelinescreatingrbwf.html
I'm aware of the new workflows / PRD's that can be developed for custom use cases. However, I want to know how to configure the 'New Request' option on Identity Applications dashboard to use my custom workflow like,
1) User navigates to 'dashboard' page
2) Clicks on 'New Request'
3) Type name of Role
4) Submits
5) Custom approval workflow is kicked off
Also, I have over 15k roles in my existing environment, and I cannot think of modifying some details on the role level (mapping custom workflow in all roles manually). Hence, I wanted to know if something can be configured on the UI / Identity Applications portal to use custom workflow for all role access and not the default 'Role Approval' workflow?
Regards,
SJ
As I understand, you are referring to "Writing Custom Role Workflows" section of https://www.netiq.com/documentation/identity-manager-47/identity_apps_design/data/prdef_guidelinescreatingrbwf.html
I'm aware of the new workflows / PRD's that can be developed for custom use cases. However, I want to know how to configure the 'New Request' option on Identity Applications dashboard to use my custom workflow like,
1) User navigates to 'dashboard' page
2) Clicks on 'New Request'
3) Type name of Role
4) Submits
5) Custom approval workflow is kicked off
Also, I have over 15k roles in my existing environment, and I cannot think of modifying some details on the role level (mapping custom workflow in all roles manually). Hence, I wanted to know if something can be configured on the UI / Identity Applications portal to use custom workflow for all role access and not the default 'Role Approval' workflow?
Regards,
SJ
sjeet84

Lieutenant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-15
12:44
If it helps, then I'm referring to modifying default role approval workflow visible under:
Roles and Resources --> Configure Roles and Resources Settings --> Role Settings --> "Default Role Approval Definition"
Document Reference: https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/t45mqfz00h6y.html
Hope I could make my point clear this time.
Roles and Resources --> Configure Roles and Resources Settings --> Role Settings --> "Default Role Approval Definition"
Document Reference: https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/t45mqfz00h6y.html
Hope I could make my point clear this time.
wschreiber1

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-15
18:56
You can use custom workflows for both, role requests, and role approvals.
In your case, when you want to select the role in the UI, you'd need
custom role approval workflows.
While you cannot change the "Default Role Approval Definition", you can
clone the respective workflow and add your custom logic. IDM Designer
has the role approval workflow template.
See also "6.6.2 Writing Custom Role Workflows" in the docs.
To activate the custom role approval workflow for your role, you'd have
to use the role admin UI in UserApp, or - if you don't want to manually
update all your role objects - programmatically set the nrfRequestDef
attribute of these roles.
Wolfgang
On 15/05/2018 13:46, sjeet84 wrote:
>
> If it helps, then I'm referring to modifying default role approval
> workflow visible under:
>
> Roles and Resources --> Configure Roles and Resources Settings --> Role
> Settings --> "Default Role Approval Definition"
>
> Document Reference:
> https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/t45mqfz00h6y.html
>
> Hope I could make my point clear this time.
>
>
In your case, when you want to select the role in the UI, you'd need
custom role approval workflows.
While you cannot change the "Default Role Approval Definition", you can
clone the respective workflow and add your custom logic. IDM Designer
has the role approval workflow template.
See also "6.6.2 Writing Custom Role Workflows" in the docs.
To activate the custom role approval workflow for your role, you'd have
to use the role admin UI in UserApp, or - if you don't want to manually
update all your role objects - programmatically set the nrfRequestDef
attribute of these roles.
Wolfgang
On 15/05/2018 13:46, sjeet84 wrote:
>
> If it helps, then I'm referring to modifying default role approval
> workflow visible under:
>
> Roles and Resources --> Configure Roles and Resources Settings --> Role
> Settings --> "Default Role Approval Definition"
>
> Document Reference:
> https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/t45mqfz00h6y.html
>
> Hope I could make my point clear this time.
>
>
sma2006

Admiral
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-15
13:39
If I'm not wrong, you can assign a custom workflow to multiple roles at the same by (with selection).
Then, I don't know how to select 15k roles in a once ...
Then, I don't know how to select 15k roles in a once ...
mickelarsson1

Absent Member.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-05-16
08:41
Maybe not fully supported, but to do a ldap-update on the nrfrequestdef attribute on roles with the dn of a particular approval workflow is a fast and easy way.