Identity Access Management Workflows

Learn about the basics of Identity Access Management as well as the authentication and authorization workflows.

About Custom Workflows

As businesses expand with more applications and users, processes and requirements regarding access, entitlements, roles, and governance, become more complex and involved.

Creating unique customized processes to optimize integrations, and manage compliance, is critical to operating efficiently and successfully.

Businesses and IT teams are increasingly looking for future-proof, reliable solutions that demand fewer resources from already overburdened IT teams.

Identity Solutions must provide consistent security accuracy, while being agile enough to add flexibility to change when your business changes, at a moment's notice.

7 Elements Of Successful Workflows

Effective Identity Workflows, need to include several key factors to provide the highest success for your team:

  1. Connect to every part of your solution.
  2. Easily customizable to your changing requirements.
  3. Create clear visibility into the logical processes.
  4. Identify errors, and perform stopgap measures.
  5. Provide a simple interface that non-technical users can utilize, to create valuable workflows.
  6. Provide a sophisticated structure that allows for customized, complex written logic to be applied.
  7. Provide clear direction and debugging steps, to correct any potential conflicts.
workflow image

IDHub Workflow Overview

IDHub workflow

IDHub is a node-based workflow system that uses a combination of state-based nodes, which request triggering actions throughout the workflow's lifecycle.

Users can configure IDHub to perform simple, or sophisticated actions, while moving from one state to another, using the various Operation Nodes in the workflow designer tool.

IDHub provides a diverse range of pre-defined nodes with API capabilities and the option to create/import custom-made nodes.

IDHub Workflow Elements

State Node

State Nodes
A State Node stops the workflow, and either terminates the workflow or awaits the next action to start.

action node

Action Nodes
Action Nodes define any desired manual or automated, process or action, which needs to happen between two different states.

operation node

Operation Nodes
Operation Nodes are actions performed by IDHub, automatically following an Action Node, or a modifying Condition Node.

condition node

State Nodes
A State Node stops the workflow, and either terminates the workflow or awaits the next action to start.

node-error

Errors
Identified errors will be labeled, to assist in debugging the configuration, ensuring proper logic and consistent operation within the workflow.

Workflow Use Case Scenario: Multi-Layer Approval

Application access requires a unique four-step approval.

A particular application within an organization will require the following approval process, before provisioning access to the requestor.

1. The user's direct manager must approve
2. An HR representative must approve
3. An auditor must approve
4. A CTO must approve

Process: Each task creates an Operation Node that will provide an option to add actions within it. Action Nodes are used to progress further in the flow.

E.g: “Create Manager Task” will have two actions: Manager Approve and Manager Reject. The flow will then proceed with different Action Nodes, which will have a flow of their own.

Each State Node is capable of having a resolution attached to it.
E.g. Request Completed can have a “Success” or “Rejected” resolution.

4 step workflow

Workflow Use Case Scenario: Bypassing Approvals

If an approver has already approved a previous approval task, the workflow will skip the next approval task.

A check is made to determine if the first approver has the same Role as the second approver. If so, this
step is skipped.

JavaScript within the Condition Nodes

Name*: Manager != Business Owner
return requestObject.beneficiary.managerLogin !==entity.businessOwner

Name*: Manager = Business Owner
return requestObject.beneficiary.managerLogin ===entity.businessOwner
E.g. “Request Completed” can have a “Success” or “Rejected” resolution.

bypassing workflows

Workflow Use Case Scenario: Custom Emails

Triggering custom emails within a workflow.

Sending customized email message(s) to a set of individual(s) depending on approval, rejection, or any other action, can be accomplished by attaching a custom email to the workflow.

Custom Email Templates
Email templates can be created and stored separately from workflows, and used at any point within IDHub.

While creating a workflow, you can instruct the system to send notifications using an Operation Node, choosing a specific email template, and providing the target to receive the email.

Designating Target Recipients
IDHub includes a “Send Notification” Operation Node, which requests the appropriate template, and the individuals or groups that will receive the notification.

email workflow

Tips For Better Workflows

Keep your workflows simple, include the minimum required functionality, without overcomplicating things.

  • Understand your employee's behavior and day-to-day challenges.
    E.g., using a spreadsheet or an email for access.
  • Simplicity is key, so reuse as much as you can, and beware of
    over-customizing.
  • When creating a new workflow, copy-paste an existing workflow, and make edits to your unique workflow.
  • Customize IDHub with your branding to encourage employee adoption, and engagement.
  • Resist the urge to add multiple forms and API integrations unless necessary.
  • Send notifications strategically.
Skip to content