After you’ve added an activity to the workflow diagram, you can specify the properties, data mappings, and e-mail notification settings associated with the activity. For details on adding activities to a workflow, see Section 7.2, Adding Activities to a Workflow.
To configure a workflow activity:
Click the activity in the workflow diagram.
Set the property values for the activity on the
tab.If the
tab is not displayed, right-click the activity in the workflow diagram and select .HINT:You can also display the
tab by selecting from the menu.Set the data mappings on the
tab.If the
tab is not displayed, right-click the activity in the workflow diagram and select .HINT:You can also display the
tab by selecting from the menu.Specify the e-mail notification settings on the
tab.If the
tab is not displayed, right-click the activity in the workflow diagram and select .HINT:You can also display the
tab by selecting from the menu.Editing an e-mail template You can edit an e-mail template in Designer. To do this, select an Identity Vault in the
, then scroll to in the . Right-click a template, then select .The Start activity is the first activity to execute in a workflow. It begins execution when the user makes a request to provision a resource. After the user makes the request, the Start activity displays the initial request form to the user. On the initial request form, the user may be asked to specify a comment that indicates the reason for the request.
You can customize the initial request form to suit your application requirements. For details on customizing forms, see Section 6.0, Creating Forms for a Provisioning Request Definition.
Before displaying the form to the user, the Start activity performs any pre-activity data mappings specified for the activity.
After the user submits the form, the Start activity performs any post-activity data mappings specified for the activity. These mappings typically include copying data from form fields into the flowdata object.
The Start activity has the following property:
To bind the data items associated with the Start activity, you define pre-activity and post-activity mappings. The pre-activity mappings initialize data in the request form with constants or values retrieved from the flowdata object. The post-activity mappings move form data back into the flowdata object.
Table 8-2 Start Activity Data Item Mappings
For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions.
Not supported with this activity.
The Approval activity is a user-facing activity that displays an approval form to the user. On the approval form, the user can approve, deny, or refuse a provisioning request. The Approval activity can have multiple outgoing flow paths, but only one of the paths is executed at runtime.
You can customize the approval form to suit your application requirements. For details on customizing forms, see Section 6.0, Creating Forms for a Provisioning Request Definition.
Before displaying the form to the user, the Approval activity performs any pre-activity data mappings specified for the activity.
After the user submits the form, the Approval activity performs any post-activity mappings specified for the activity. These mappings typically include copying data from form fields into the flowdata object.
The Approval activity has the following properties:
Table 8-3 Approval Activity Properties
Property Name |
Description |
---|---|
Name |
Provides a name for the activity. |
Addressee |
Specifies a dynamic expression that identifies the addressee for the activity. The addressee is determined at runtime, based on how the expression is evaluated. HINT:To simplify the process of testing a new workflow, you can set the addressee to be the recipient. This removes the need to log out of the user application and log in again as a manager each time you want to test your forms. This technique is particularly useful when the workflow involves multiple levels of approval. Once the testing phase is complete, you can change the addressee to the correct value. For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions. For descriptions of the system variables available in a workflow, see Section 4.3.3, Understanding Workflow Data. |
Alternate |
Specifies a dynamic expression that identifies the user who should get this task if the timeout limit has been reached. The alternate addressee is determined at runtime, based on how the expression is evaulated. For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions. For descriptions of the system variables available in a workflow, see Section 4.3.3, Understanding Workflow Data. |
Final Timeout Action |
Determines the final state of the request in the event that the workflow times out. The choices are:
|
Timeout Interval |
Specifies a dynamic expression that defines the period of time allotted for the addressee to complete the task. The timeout interval applies each time the activity is executed by the addressee. For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions. For descriptions of the system variables available in a workflow, see Section 4.3.3, Understanding Workflow Data. |
Time Units |
Determines the unit of measure used for the timeout interval. The choices are:
|
Retries |
Specifies the number of times to retry the activity in the event of a timeout. When an activity times out, the workflow process can try to complete the activity again, depending on the retry count specified for the activity. With each retry, the workflow process can escalate the activity to another user. In this case, the activity is reassigned to another user (the user’s manager, for example) to give this user an opportunity to finish the work of the activity. If the last retry times out, the activity can be marked as approved, denied, refused, timedout, or in error, depending on the final timeout action specified for the activity. |
Form |
Specifies the name of the approval form to display to the user. An Approval activity must have a form associated with it. If no form is specified, an error message is displayed at runtime. |
To bind the data items associated with the Approval activity, you define pre-activity and post-activity mappings. The pre-activity mappings initialize data in the approval form with constants, values retrieved from the flowdata object, system process variables, system activity variables, and/or data retrieved via expression calls to the directory abstraction layer. The post-activity mappings move form data back into the flowdata object.
Table 8-4 Approval Activity Data Item Mappings
Setting |
Description |
---|---|
Pre-Activity |
Allows you to specify one or more pre-activity mappings. When this option is selected, you can double-click on a cell in the column to specify where the approval form gets data for a particular target form field.NOTE:When the choice is selected, the cells in the column are not editable. |
Post-Activity |
Allows you to specify one or more post-activity mappings. When this option is selected, you can double-click on a cell in the column to specify where data from a form field should be copied after the form has been processed.The form for an Approval activity includes a special internal control called apwaComment. This control causes user comments to be written to the workflow database. It should not have a post-activity mapping. For more information on this control, see Section 6.5.6, DNMaker. NOTE:When the option is selected, the cells in the column are not editable. |
Source Expression |
Specifies a source expression for a pre-activity mapping. When you click a cell in the column, the ECMA expression builder displays to help you define your expression. |
Target Expression |
Specifies a target expression for a post-activity mapping. When you click a cell in the column, the ECMA expression builder displays to help you define your expression. |
For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions.
To enable e-mail notification for the Approval activity, you need to specify the e-mail template to use, as well as source expressions for target tokens in the e-mail body.
Table 8-5 E-mail Notification Settings for the Approval Activity
Setting |
Description |
---|---|
Email Template |
Specifies the name of the e-mail template to use. By default, the Approval activity uses the Provisioning Notification template. You can edit an e-mail template in Designer. For more information, see Editing an e-mail template. |
Source/Target |
Specifies the source expressions for target tokens in the e-mail body. The list of target tokens is determined by the selected e-mail template. You cannot add new tokens, but you can assign values to the predefined tokens by building your own source expressions. At runtime, the source expressions are evaluated to determine the value of each token. The available target tokens for the Provisioning Notification e-mail template are listed below:
If you use a provisioning request definition template to create your workflow, each token has a default source expression. The default expressions retrieve values from the workflow process (the process object) or from the data expression layer (IDVault object). You can modify these expressions to suit your application requirements. For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions. |
NOTE:E-mail notification is only supported when the
check box is selected on the tab.The Log activity is a system activity that writes messages to a log.
To log information about the state of a workflow process, the Workflow System interacts with Novell® Audit. During the course of its processing, a workflow can log information about various events that have occurred. Users can then use the Novell Audit reporting tools to look at logged data.
NOTE:During the course of workflow execution, many system events are logged that are not controlled by the Log Activity. For example, the Workflow System writes a message to the log whenever a workflow is started or stopped, or when it is approved, denied, or refused. For a complete list of the system events logged during workflow execution, see the chapter on setting up logging in the Identity Manager User Application: Administration Guide.
The Log activity has the following properties:
Table 8-6 Log Activity Properties
Property Name |
Description |
---|---|
Name |
Provides a name for the activity. |
Audit |
Specifies whether log messages should be sent. When this property is set to true, messages are sent to all log4j channels, including Novell Audit. When this property is set to false, no log messages are sent. For details on logging setup and configuration, see the Identity Manager User Application: Administration Guide. |
Author |
Defines the author for the message. By default, the author is the initiator of the provisioning request. |
Message |
Specifies an ECMA expression that defines text for the log message. Typically, this text indicates where this Log activity is being executed within the process and provides other information that makes the log easy to understand. For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions. For descriptions of the system variables available in a workflow, see Section 4.3.3, Understanding Workflow Data. |
Not supported with this activity.
Not supported with this activity.
In a workflow that supports parallel processing, the Branch activity allows multiple users to act on different areas of the work item in parallel. After the users have completed their work, the Merge activity synchronizes the incoming branches in the flow.
A workflow can have multiple Branch activities, but each Branch activity must have an associated Merge activity. All flow paths leading out of a Branch activity will execute.
The Branch activity has the following property:
Not supported with this activity.
Not supported with this activity.
In a workflow that supports parallel processing, the Merge activity synchronizes the incoming branches in the flow. The Merge activity is used in conjunction with the Branch activity, which allows two users to act on different areas of the work item in parallel. After the users have completed their work, the Merge activity synchronizes the incoming branches.
A workflow can have multiple Branch activities, but each Branch activity must have an associated Merge activity.
The Merge activity has the following property:
Not supported with this activity.
Not supported with this activity.
The Condition activity lets you add conditional logic to a workflow. This logic can be used to control what happens when the workflow executes. In the Condition activity, you define logic as an ECMA expression that evaluates to a boolean value.
Each Condition activity must have two outgoing flow paths, one that handles conditions that evaluate to true and another that handles conditions that evaluate to false. Optionally, a third flow path can be added to handle error conditions that occur if the ECMA expression evaluation fails.
The Condition activity has the following properties:
Table 8-9 Condition Activity Properties
Property Name |
Description |
---|---|
Name |
Provides a name for the activity. |
Condition Expression |
Specifies an ECMA expression that returns true or false. The value returned determines which flow path is followed after the activity has finished executing. HINT:If you need to test whether two objects are equal in a conditional expression, you should normally use the == operator, rather than the equals() method, unless you are certain that the objects being compared are Java objects of the same type. For instance, use this expression: (approval_A.getAction() == "DENIED") instead of this one: (approval_A.getAction()).equals("DENIED") For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions. For descriptions of the system variables available in a workflow, see Section 4.3.3, Understanding Workflow Data. |
Not supported with this activity.
Not supported with this activity.
The Finish activity marks the completion of a workflow. When the Finish activity executes, an e-mail message is sent to notify participants that the workflow has finished.
The Finish activity has the following property:
Not supported with this activity.
To enable e-mail notification for the Finish activity, you need to specify the e-mail template to use, as well as source expressions for target tokens in the e-mail body.
Table 8-11 Email notification settings for the Finish activity
Setting |
Description |
---|---|
Email Template |
Specifies the name of the e-mail template to use. By default, the Finish activity uses the Provisioning Approval Completed Notification template. You can edit an e-mail template in Designer. For more information, see Editing an e-mail template. |
Source/Target |
Specifies the source expressions for target tokens in the e-mail body. The list of target tokens is determined by the selected e-mail template. You cannot add new tokens, but you can assign values to the predefined tokens by building your own source expressions. At runtime, the source expressions are evaluated to determine the value of each token. The available target tokens for the Provisioning Approval Completed Notification e-mail template are listed below:
If you use a provisioning request definition template to create your workflow, each token has a default source expression. The default expressions retrieve values from the workflow process (the process object) or from the data expression layer (IDVault object). You can modify these expressions to suit your application requirements. For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions. |
NOTE:E-mail notification is only supported when the
check box is selected on the tab.The Entitlement activity grants or revokes an entitlement for a user or other entity type.
A workflow must have at least one Entitlement or Entity activity.
The Entitlement activity has the following properties:
To bind the data items associated with the Entitlement activity, you define mappings for several DirXML® attributes.
Table 8-13 Entitlement Activity Data Item Mappings
For details on building ECMA expressions, see Section 9.0, Working with ECMA Expressions.
Not supported with this activity.
The Entity activity updates an entity in the Identity Vault. You can use this activity to create, modify, or delete attributes on an entity. You can also use this activity to create or delete an entity.
A workflow must have at least one Entitlement or Entity activity.
The Entity activity has the following properties:
Table 8-14 Entity Activity Properties
To bind the data items associated with the Entity activity, you define mappings for the attributes associated with the target entity type.
Table 8-15 Entity Activity Data Item Mappings
Setting |
Description |
---|---|
Entity dn |
Identifies the entity that is the target of the operation. The default value is recipient. To create a new object, specify a distinguished name that does not yet exist. HINT:The output of the DNMaker control can be used as input for the Entity dn value. The DNMaker control constructs the DN by allowing the user to enter the naming attribute in a text field and presenting an interface for picking a container. Once this data has been captured in a request form, the output can be mapped to a variable in the flowdata object. In the definition for the Entity activity, this flowdata variable can be accessed in the Entity dn setting with an expression such as: flowdata.get(‘groupdn’); For details on using the DNMaker control, see Section 6.5.6, DNMaker. |
Modify Type |
Indicates how the mapping should be performed for an attribute. The choices are:
For many attributes, is the only option that makes sense; therefore, this option is selected automatically and cannot be changed.You must specify the setting before specifying the setting. |
Modify Value Expression |
Specifies a source expression for an attribute. When you click a cell in the column, the ECMA expression builder displays to help you define your expression. The list of attributes available varies depending on which entity type was selected on the Properties tab.NOTE:The cells in the column are not editable. |
Not supported with this activity.