Jamie Pryer

RSA IGL Services 101: Explaining Workflow Nodes - Summary

Blog Post created by Jamie Pryer Employee on Dec 11, 2019

RSA IGL Services 101 blogs, help to explain various areas of RSA Identity Governance and Lifecycle, to ensure you are getting the most out of the product and following recommended practices. We hope to show you lots of great features, tips and tricks that you may not have been aware of!

 

This blog provides a high level index and summary of each workflow node available, taken from v7.1x of RSA IGL. As we dive into more detail of each node, we will provide a link below, to click and get more info. For example, please click "Milestone" in the table below.

If there is a specific node you would like to know more about, please let us know in the comments below

Workflow Node Summary

The workflow editor includes processing nodes common to and also specific to request, approval, fulfillment, and escalation workflows. Nodes are the building blocks you use to create and modify workflows. This following table lists nodes that you can use in request, approval, fulfillment, and escalation workflows.

 

Node

Description

Activity

Used to define a activity for a change request.

Approval

Used to define an approval for a change request.

Approvals Phase

Used to allow change request items to be approved as groups at the same level.

Cancel Change Request

Used to generate a milestone to cancel the entire change request processed by the workflow and revert all changes completed in the change request, reject the entire change request processed by the workflow, or put the change request in an error state.

Complete Assigned

Used in an escalation workflow to mark work assigned to a user (through an approval or activity) as completed.

Create Admin Error

Specifies the type of admin error to create for an administrator.

Decision

Evaluates a condition(s) based on a true or false result for outgoing transitions to an action or stop delimiter based on whether or not the condition exists.

Delay

Suspends a workflow temporarily based on date criteria. The date could be a specific date, the change request fulfillment date, a system calculated date relative to current time, the result of a java method that returns a date, or the result of a SQL query resulting in a date.

Form Approval

Used to define an approval for a change request generated from a form.

Form Fulfillment

Used to define a fulfillment for a change request generated from a form.

Fulfillment Handler

Invokes a Java class to fulfill changes in a request.

Fulfillment Phase

Used to allow change request items to be fulfilled as groups at the same level.

Get Remaining SecondsUsed to store how much time remains for a calculated due date, performs some escalation outside of the assigned user’s control, and then updates the due date for the assigned user based on the earlier recorded remaining time.

Java *

Provides an interface to a Java method passing any parameters and returning a true/false result you can incorporate into a workflow.

The Java node, can evaluate conditions and perform actions in a workflow required for an approval and to initiate completion of an activity.

Note that if you use the Java node in a workflow or use the Java tag in workflow forms, you should place custom classes or jars in one of the following directories:

  • aveksa.ear/aveksa.war/WEB-INF/plugins/JavaNode/lib
  • aveksa.ear/aveksa.war/WEB-INF/plugins/JavaNode/classes

The sample Java Node workflow is deployed and references classes in these plugin directories. The source files for the samples are also included in the plugin directory under the src directory.

Job State

Specifies a job state the pauses a workflow: Canceled, Error, or Suspension

Manual Fulfillment

Used to handle a fulfillment manually and not automatically by the system.

Mark Verified

Used to indicate that changes marked as pending verification should be marked as verified.

Milestone

Provides high-level status information about a workflow milestone you want displayed in a change request.

Next Value

Returns the next value for a given job level workflow variable. If no value is returned (the last value was previously retrieved), the node returns false, which can be tested on an outgoing transition. If a valid value is returned, a true return code is provided. This node is typically used to iterate through an array of values to get the next value in the array..

Provisioning Command

Used to complete a provisioning command in a data source for a particular business source.

Reassign

Used to assign an approval or activity to another user.

Reset Password

Used to generate an email notification prompting a user to retrieve a password that has been reset for the user.

REST Web Service *

Invokes a REST call to an endpoint. The responses and results from the calls are stored in the workflow variables based on the configuration in the node. This information can be used in a workflow’s decision logic.

The node supports:

  • GET and POST methods
  • Basic authentication
  • Header parameters.
  • XML and Properties response types
  • Parsing of the response using XPath and RegEx expressions.

Run Report

Generates a report configured for the node in the workflow.

Run Review

Used to generate a user access review associated with the node.

Send Email

Generates email you want from the workflow. It supports the use of workflow variables or runtime workflow information to specify the To/From portions of the email.

Set Value

Creates or updates a job level workflow variable(s) using the value(s) provided. The value can be a literal or use other workflow variables that are evaluated at the time the node is executed

SOAP Web Service *

Invokes a SOAP call to an endpoint. The responses and results from the calls are stored in the workflow variables based on the configuration in the node. This information can be used in a workflow’s decision logic.

The node supports:

  • POST method
  • Basic authentication
  • WS-Security
  • Generic MIME Header
  • SOAP based XML response type
  • Parsing of the response using XPath and RegEx expressions

SQL Execute *

Runs an Insert/Update/Delete SQL command or a stored procedure where no result set is needed. It runs against the system database (AVDB). This node supports variables from the workflow with the SQL.

If you want to use an output parameter from your stored procedure (say, ‘success’ or “failure’ status) as a workflow variable for subsequent processing, you must define the stored procedure as a function and use the following syntax:

select sp_update_db (‘JOE’, ‘SMITH’, status) status from dual.

SQL Select *

To be updated.

Start

Used as the start delimiter for a workflow.

Stop

Used as the stop delimiter for a workflow.

Subprocess

Calls/interjects another workflow as a subprocess of the current workflow. This node is useful in compartmentalizing work items or to improve maintenance or re-use of workflows.

Text Node

Used to enter text into a workflow.

Transition

Used to connect two workflow nodes (processes) unidirectionally with a straight line. Transitions can be conditional or unconditional. A conditional transition occurs only if a particular condition is true. An unconditional transition can occur regardless of whether a condition is true. A transition is visually represented as an arrow.

Undo Changes

Used to generates changes to reverse the requested changes that have been fulfilled.

Wait for Verification

Used to create a database watch for evidence of a change request fulfillment.

 

Note: Not all controls and types are available for every workflow type. Also, nodes with an asterisk symbol ( * ) are designed for advanced application. These nodes should be implemented carefully because poorly defined nodes can negatively impact workflow performance.

Outcomes