Workflow for Provisioning Requests

Provisioning uses workflows to automate token deployment. A workflow defines the number of steps or work tasks required for each type of user provisioning request. The users and administrators who perform tasks in a workflow are called workflow participants.

The following table lists the types of workflow participants and the tasks they can perform.

Workflow Participant



From the Self-Service Console, the user initiates a request that starts a workflow. The types of user requests are:

  • Enrollment

  • New or additional SecurID tokens

  • Replace hardware and software tokens that are about to expire

  • Replace broken or permanently lost tokens

  • On-demand tokencode service

  • Additional user group membership

Request Approver

From the Security Console, the Request Approver:

  • Views all requests.

  • Approves, rejects, cancels, or defers action on requests.

  • Comments on requests, if necessary.

  • Changes the token type, if necessary.

Token Distributor

From the Security Console, the distributor:

  • Views user requests that require distribution.

  • Determines how to assign and deliver tokens to users.

  • Records how tokens are delivered to users.

Assigning Administrative Roles

If you use workflows for provisioning requests, you need to assign the Token Administrator, Request Approver, and Token Distributor Administrator roles. For more information about administrative roles in provisioning, see Administrative Roles in Provisioning. For instructions, see Assign an Administrative Role.

Related Concepts

Provisioning Overview