The abstraction layer has features that allow it to work quickly and flexibly.
Supports any process (extensibility): Every company is different and so are the processes at the company. The abstraction layer adapts to all of the possible scenarios by allowing for free process definition without any limitations to currently known processes.
Allows multiple different processes to run concurrently: While a hire process is running, a new resource can be requested for the new employee.
Allows multiple instances of the same process to run concurrently: An employee can request several resources at once, and have multiple request resource processes running at the same time.
Triggers any process from any data event in the Identity Vault: Changes to objects in the Identity Vault trigger new processes or advance processes that are already running. This allows for process automation.
Triggers any process from any other process: Any step in a process can trigger another process or advance a current process. This allows for dependencies between processes. For example, a request resource process can start as soon as the hire process reaches a certain step.
Identifies each process uniquely: This allows for tracking of process states, and stops any data corruption from occurring.
Audits each process based on the unique identifier: Each process state can be audited to show the state of each employee or resource by using the unique identifier. If there are problems, the ability to audit each process helps with troubleshooting issues.
Reports the state of any process at any time: For a health check, administrators or auditors can generate reports of the current state of all processes at any time. For example, the health check can report all employees who have a hire or termination process that is not progressing.
Allows processes to branch, merge, and loop: The processes can branch, merge, and loop depending upon defined conditions.
Enforces the proper order of steps: The abstraction layer enforces the proper order of execution for steps. If a violation occurs, it can act on that violation.
Separates the process definitions from implementation: The processes are separate from the implementation in order to rapidly replicate the solution.
Runs processes for any object in the Identity Vault: The process can run for any object, such as a user, person, or resource.