This website uses cookies. By browsing this website, you consent to the use of cookies. Learn more.
OK
sjeet84
sjeet84 Regular Contributor.
Regular Contributor.
‎2018-05-15 09:15
813 views

Use custom workflow for Role Access Requests in 4.7

Hi,

In IDM 4.7, Identity Applications dashboard (User Application) shows an option for user to click on 'New Request' option and request role access.

This however follows the default 'role access workflow' and my organizations requirement for approval flow is different.

So, is it possible to configure / set a custom workflow applicable for all role requests from this portal?

Thanks!
Labels (1)
0 Likes
Reply
Report Inappropriate Content
6 Replies
wschreiber1
wschreiber1 Absent Member.
Absent Member.
‎2018-05-15 11:44

Re: Use custom workflow for Role Access Requests in 4.7

Sure.

You'd have to create your own custom workflow with IDM Designer.
There you'll find workflow activities like "Role Request activity" and
"Role Request Binding activity" that will do what you need.

See the "NetIQ® Identity Manager Administrator’s Guide to Designing the
Identity Applications" documentation for details.

Wolfgang

On 15/05/2018 10:16, sjeet84 wrote:
>
> Hi,
>
> In IDM 4.7, Identity Applications dashboard (User Application) shows an
> option for user to click on 'New Request' option and request role
> access.
>
> This however follows the default 'role access workflow' and my
> organizations requirement for approval flow is different.
>
> So, is it possible to configure / set a custom workflow applicable for
> all role requests from this portal?
>
> Thanks!
>
>
0 Likes
Reply
Report Inappropriate Content
sjeet84
sjeet84 Regular Contributor.
Regular Contributor.
‎2018-05-15 12:15

Re: Use custom workflow for Role Access Requests in 4.7

Thanks Wolfgang for your quick response.

As I understand, you are referring to "Writing Custom Role Workflows" section of https://www.netiq.com/documentation/identity-manager-47/identity_apps_design/data/prdef_guidelinescreatingrbwf.html

I'm aware of the new workflows / PRD's that can be developed for custom use cases. However, I want to know how to configure the 'New Request' option on Identity Applications dashboard to use my custom workflow like,

1) User navigates to 'dashboard' page
2) Clicks on 'New Request'
3) Type name of Role
4) Submits
5) Custom approval workflow is kicked off

Also, I have over 15k roles in my existing environment, and I cannot think of modifying some details on the role level (mapping custom workflow in all roles manually). Hence, I wanted to know if something can be configured on the UI / Identity Applications portal to use custom workflow for all role access and not the default 'Role Approval' workflow?

Regards,
SJ
0 Likes
Reply
Report Inappropriate Content
sjeet84
sjeet84 Regular Contributor.
Regular Contributor.
‎2018-05-15 12:44

Re: Use custom workflow for Role Access Requests in 4.7

If it helps, then I'm referring to modifying default role approval workflow visible under:

Roles and Resources --> Configure Roles and Resources Settings --> Role Settings --> "Default Role Approval Definition"

Document Reference: https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/t45mqfz00h6y.html

Hope I could make my point clear this time.
0 Likes
Reply
Report Inappropriate Content
wschreiber1
wschreiber1 Absent Member.
Absent Member.
‎2018-05-15 18:56

Re: Use custom workflow for Role Access Requests in 4.7

You can use custom workflows for both, role requests, and role approvals.

In your case, when you want to select the role in the UI, you'd need
custom role approval workflows.

While you cannot change the "Default Role Approval Definition", you can
clone the respective workflow and add your custom logic. IDM Designer
has the role approval workflow template.

See also "6.6.2 Writing Custom Role Workflows" in the docs.

To activate the custom role approval workflow for your role, you'd have
to use the role admin UI in UserApp, or - if you don't want to manually
update all your role objects - programmatically set the nrfRequestDef
attribute of these roles.

Wolfgang



On 15/05/2018 13:46, sjeet84 wrote:
>
> If it helps, then I'm referring to modifying default role approval
> workflow visible under:
>
> Roles and Resources --> Configure Roles and Resources Settings --> Role
> Settings --> "Default Role Approval Definition"
>
> Document Reference:
> https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/t45mqfz00h6y.html
>
> Hope I could make my point clear this time.
>
>
0 Likes
Reply
Report Inappropriate Content
sma2006
sma2006 Outstanding Contributor.
Outstanding Contributor.
‎2018-05-15 13:39

Re: Use custom workflow for Role Access Requests in 4.7

If I'm not wrong, you can assign a custom workflow to multiple roles at the same by (with selection).

Then, I don't know how to select 15k roles in a once ...
0 Likes
Reply
Report Inappropriate Content
mickelarsson1
mickelarsson1 Absent Member.
Absent Member.
‎2018-05-16 08:41

Re: Use custom workflow for Role Access Requests in 4.7

Maybe not fully supported, but to do a ldap-update on the nrfrequestdef attribute on roles with the dn of a particular approval workflow is a fast and easy way.
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.