Change Workflow Definitions

Each type of user request has a default workflow definition, which you can customize to meet the needs of your organization. A workflow definition defines the number of steps or work items for each type of request. Each approval step requires a unique Request Approver. A workflow definition consists of the following:

  • Zero to four approval steps: Request Approvers view all requests, and approve or reject the requests.

  • Zero to one distribution step: Token Distributors view user token requests and determine how to assign and deliver the tokens.

For example, suppose a company requires all new employees to enroll in Self-Service and request new tokens so they can access the company network. If your company policy requires two people—a manager and a system administrator—to approve token requests from new employees, you can customize the workflow definition to accommodate this requirement.


  1. In the Security Console, click Setup > Self-Service Settings.

  2. Under Provisioning, click Workflow Policies.

  3. Use the search fields to find the policy that you want to edit.

  4. Select the policy that you want to edit.

  5. From the context menu, click Edit.

  6. To change the workflow definition for a particular type of request, click one of the following tabs:

    • User and User Group. Requests for a Self-Service account from users in a directory server, users not in a directory server, and user group membership.

    • Hardware Token. Requests for hardware tokens.

    • Software Token. Requests for software tokens.

    • On-Demand Authentication. Requests for on-demand authentication.

  7. Under Workflow Definitions, click the drop-down arrow to change the number of approval or distribution steps for a request.

  8. Click Save.

    If you have not saved your edits, you can click Reset to change the policy back to its original setting.

Related Tasks

Configuring Provisioning