Skip to content

Workflow Library Methods

Workflow Libraries are sets of compiled java methods. To be accessible to workflows, these libraries must be specified as a comma separated list in the libraries attribute of the workflow element. The classes for libraries are named as follows: SailPoint.workflow.[library]Library.class. Only the [library] portion is specified in the libraries attribute.

The following example makes methods from the SailPoint.workflow.IdentityLibrary.class accessible to the workflow.

Example:

<Workflow libraries="Identity" explicitTransitions="true" name="Hello World Workflow" type="IdentityUpdate">

Note

If no Libraries attribute is specified on the Workflow element, the workflow can access the Identity, Role, PolicyViolation, and LCM libraries by default.

The following tables list the workflow libraries and the methods available. Although the Standard Workflow Handler is not technically a library, the methods in it are accessible to every workflow and are called through the same syntax as library methods.

Standard Workflow Handler

Method / Usage Description Expected Args(Required Args are marked with a * )
Object getProperty(WorkflowContext wfc) Returns value of the named system property. name*
public Object isProperty(WorkflowContext wfc) Returns true if the named system property has a value. name*
public Object getMessage(WorkflowContext wfc) Returns localized message for use in task results
  • message*
  • type (severity)
  • arg1-arg4 (up to 4 parameters for the message)
  		•
    public Object addMessage(WorkflowContext wfc) Adds message to the workflow case.
  • message*
  • type (optional severity)
  • arg1-arg4 (up to 4 parameters for the message)
    		•
    public Object addLaunchMessage(WorkflowContext wfc) Adds message to workflow case that is displayed in the user interface. Not kept in task result. For example, Request was submitted
  • message*
  • type (optional severity)
  • arg1-arg4 (up to 4 parameters for the message)
    		•
    public Object setLaunchMessage(WorkflowContext wfc) Replaces previously added launch message with a new message based on new state.
  • message*
  • type (optional severity)
  • arg1-arg4 (up to 4 parameters for the message)
    		•
    public Object log(WorkflowContext wfc) Sends something to log4j.
  • message*
  • level*
    		•
    public Object print(WorkflowContext wfc) Prints text to the console. message*
    public Object audit(WorkflowContext wfc) Creates an audit event. Enables workflows to put custom entries in audit log, which displays in the user interface.
  • source*
  • action*
  • target
  • string1 - string4
    		•
    public Object sendEmail(WorkflowContext wfc) Sends an email message.
  • to*
  • cc
  • bcc
  • from
  • subject
  • body
  • template*
  • templateVariables
  • sendImmediate
  • exceptionOnFailure
    		•
    public Object launchTask(WorkflowContext wfc) Launches a defined task.
  • taskDefinition*
  • taskResult
  • sync (true=synchronous execution)
    		•
    public Object scheduleRequest(WorkflowContext wfc) Launches a generic event request.
  • requestDefinition*
  • requestName (name to assign to request)
  • scheduleDate
  • scheduleDelaySeconds
  • owner
    		•
    public Object scheduleWorkflowEvent(WorkflowContext wfc) Launches a workflow event request.
  • requestName (name to assign to request)
  • scheduleDate
  • scheduleDelaySeconds
  • owner
  • workflow* (name of workflow to launch)
  • caseName (optional case name to override default)
    		•
    public Object commit(WorkflowContext wfc) Commits a transaction. Not commonly needed in workflows. Most commonly used for role approvals.
  • creator
  • archive
    		•
    public Object rollback(WorkflowContext wfc) Rolls back a transaction. Not commonly needed in workflows. Most commonly used for role approvals. none

    Identity Library

    Method / Usage Description Expected Args(Required Args are marked with a * )
    public String getManager(WorkflowContext wfc) Returns the name of the manager for the specified identity. identityName
    public Object calculateIdentityDifference(WorkflowContext wfc) Derive a simplified representation of the changes made to an identity for an approval work item.
  • oldRoles
  • newRoles
  • plan
  • approvalSet
    		•
    private void addLinksInformation(WorkflowContext wfc) Modifies workflow context lists of links (accounts) to be added, moved, or removed for the identity as a result of the provisioning plan.
  • linksToAdd
  • linksToMove
  • linksToRemove
  • plan
    		•
    public List> checkPolicyViolations(WorkflowContext wfc). Evaluate policy violations that can be incurred by the provisioning plan/project's actions Evaluates policy violations that the provisioning plan/project actions can incur.
  • policies
  • identityName*
  • project
  • plan (either plan or project is required)
    		•
    public void activateRoleAssignment(WorkflowContext wfc) Assigns a role or roles to the identity.
  • identity* (ID)
  • role* (ID)
  • detected (Boolean indicating if role was detected vs. assigned)
    		•
    public void deactivateRoleAssignment(WorkflowContext wfc) Removes role assignments from the identity.
  • identity* (ID)
  • role* (ID)
  • detected (Boolean indicating if role was detected vs. assigned)
    		•
    public void refreshIdentity(WorkflowContext wfc) Performs an identity refresh on one identity.
  • identity (ID)
  • identityName (either identity or identityName is required)
    		•
    public void refreshIdentities(WorkflowContext wfc) Performs an identity refresh on a set of identities. Can specify one or more identityNames, a filterString, or a list of roles. Processes the first of the above listed options that is non-null.
  • identityName
  • identityNames (CSV)
  • filterString
  • identitiesWithRoles (CSV)
  • (any one of these 4 is required)
    		•
    public Object compileProvisioningProject(WorkflowContext wfc) Compiles a provisioning plan into provisioning project.
  • plan
  • identityName
    		•
    public Object buildProvisioningForm(WorkflowContext wfc) Creates a form to display provisioning policy questions. When requiredOwner is passed as an argument, a form owned by this user is returned. If no more forms for this user exist, null is returned. When preferredOwner is passed as an argument, a form owned by this user is returned. If there are no remaining forms for that owner, a form owned by a different user can be returned.
  • project*
  • template (name of form to serve as page template)
  • owner
  • preferredOwner (owner or preferredOwner required but mutually exclusive)
    		•
    public Object assimilateProvisioningForm(WorkflowContext wfc) Collects data from completed a provisioning form and stores answers with questions on provisioningProject.
  • project*
  • form*
    		•
    public Object assimilateAccountIdChanges(WorkflowContext wfc) Updates ApprovalSet with any changes to accountIDs.
  • project*
  • approvalSet
    		•
    public Object buildPlanApprovalForm(WorkflowContext wfc) Builds a form that represents all attributes in a provisioningPlan for an approval before the provisioning occurs.
  • plan*
  • template
  		•
    public Object assimilatePlanApprovalForm(WorkflowContext wfc) Collects data from a form and puts the data back into the provisioningPlan. Assumes buildPlanApprovalForm.
  • form
  • plan*
    		•
    public Object provisionProject(WorkflowContext wfc) Called by the Identity Update and LCM Workflows after provisioning forms are completed. Provisions the remaining items in the project.
  • project*
  • noTriggers (Boolean)
    		•
    public Object finishRefresh(WorkflowContext wfc) Called by the Identity Refresh workflow, after approvals are done and account completion attributes are gathered. Provisions what it can and completes the refresh process.
  • identitizer
  • refreshOptions (map of args for creating new Identitizer if needed)
  • previousVersion
  • project
    		•
    public Object buildApprovalSet(WorkflowContext wfc) Called by the Lifecycle Manager workflows. Builds a simplified ApprovalSet representation of the items in the provisioning plan. plan*
    public Object processApprovalDecisions(WorkflowContext wfc) Processes decisions made during approval process audit and react. Modifies the project masterPlan and recompiles the project if the recompile argument is set to true.
  • project*
  • dontUpdatePlan
  • disableAudit
  • approvalSet*
  • recompile
    		•
    public Object processPlanApprovalDecisions(WorkflowContext wfc ) Processes decisions made during approval process audit and modifies the Used before the plan is compiled into a provisioningProject.
  • plan*
  • dontUpdatePlan
  • disableAudit
  • approvalSet*
    		•
    public Object auditLCMStart(WorkflowContext wfc) Creates an audit event to mark the start of an Lifecycle Manager workflow.
  • approvalSet*
  • flow (name of applicable UI flow)
    		•
    public Object auditLCMCompletion(WorkflowContext wfc) Creates an audit event to mark the completion of anLifecycle Manager workflow.
  • approvalSet*
  • flow
    		•
    public void disableAllAccounts(WorkflowContext wfc) Used by lifecycle events to disable managed accounts for the identity specified in the workflow. none
    public void enableAllAccounts(WorkflowContext wfc) Used by Lifecycle events to enable all accounts on the identity specified in the workflow. none
    public void deleteAllAccounts(WorkflowContext wfc) Used by Lifecycle events to delete all accounts on the identity specified in the workflow. none
    public ProvisioningPlan buildEventPlan(WorkflowContext wfc) Go through all links that the workflow's specified Identity hold and creates a plan to enable or disable all of the Identity's accounts. Specified by op. op* (operation)
    public void updatePasswordHistory(WorkflowContext wfc) Adds a password to the link password history plan*
    public ProvisioningProject assembleRetryProject(WorkflowContext wfc) Adds any account request for an original provisioning project that are retryable and then adds them to a new provisioning project. Rarely used in custom workflows. project
    public Object retryProvisionProject(WorkflowContext wfc) Executes the retry provisioning project, created in assembleRetryProject. Rarely used in custom workflow. project
    public Object mergeRetryProjectResults(WorkflowContext wfc) Merges results from the retry project onto the main project. Called between retries. Rarely used in custom workflow.
  • project*
  • retryProject*
  		•
    public Boolean requiresStatusCheck(WorkflowContext wfc) Identifies if the project contains any Results that are queued with a requestID stored on the result. project
    public Object checkProvisioningStatus(WorkflowContext wfc) Calls down to the connector for each Result in the plan that is marked queued with a requestID specified. project
    public Integer getProvisioningStatusCheckInterval(WorkflowContext wfc) Compute intervals between status checks for a request. The default is 60 minutes. none
    public Integer getProvisioningMaxStatusChecks(WorkflowContext wfc) Computes the maximum number of status checks permitted during a request. The default is infinite. none
    public Integer getProvisioningMaxRetries(WorkflowContext wfc) Computes the maximum number of retries permitted during a request. The default is infinite. none
    public Integer getProvisioningRetryThreshold(WorkflowContext wfc) Computes the retry threshold, the interval between retries, to use for a request. the Default is 60 minutes. none

    IdentityRequest Library

    Method / Usage Method / Usage Expected Args(Required Args are marked with a * )
    public Object createIdentityRequest(WorkflowContext wfc) Creates an IdentityRequest object from current workflow context information. Tracks status and history of request processing.
  • project*
  • flow
  • source
  • policyViolations
    		•
    public Object updateIdentityRequestState(WorkflowContext wfc) Modifies the IdentityRequest's state. identityRequestId
    public Object refreshIdentityRequestAfterApproval (WorkflowContext wfc) Refreshes the IdentityRequest to include the provisioningEngine that processes the item. Updates the state and adds any expanded attributes that are provisioned. project
    public Object refreshIdentityRequestAfterProvisioning (WorkflowContext wfc) After provisioning, copies interesting task result information back to the IdentityRequest. project
    public Object refreshIdentityRequestAfterRetry (WorkflowContext wfc) Scans the retry project and updates the IdentityRequestItem retry count. project
    public Object completeIdentityRequest (WorkflowContext wfc) Marks IdentityRequest status complete. Puts final plan in request and refreshes the request based on the final project.
  • project
  • policyViolations
  • autoVerify (Boolean)
    		•

    Approval Library

    Method / Usage Method / Usage Expected Args
    public SailPointObject getObject(WorkflowContext wfc) Returns the object being approved. none
    public String getObjectClass(WorkflowContext wfc) Returns the simple class name of the object being approved. none
    public String getObjectName(WorkflowContext wfc) Returns the name of the object being approved. none
    public SailPointObject getCurrentObject(WorkflowContext wfc) Returns the current persistent version of the object held in the workflowCase (approvalObject). none
    public Identity getObjectOwner(WorkflowContext wfc) Returns the current owner of the object being approved. Uses database lookup. none
    public Identity getNewObjectOwner(WorkflowContext wfc) Returns the object owner. In the workflow context, the owner could be different than the database-recorded owner. none
    public String getObjectOwnerName(WorkflowContext wfc) Returns name of ObjectOwner from getObjectOwner. none
    public String getNewObjectOwnerName(WorkflowContext wfc) Returns name of NewObjectOwner from getNewObjectOwner. none
    public boolean isOwnerChange(WorkflowContext wfc) Return true if object being approved has had an owner change. none
    public boolean isSelfApproval(WorkflowContext wfc) Returns** True** if the user who launches workflow is the same as the owner of the object being approved. Used to bypass an owner approval. Assumes that the user will approve if the user is the one who is initiating the request. none

    Policy Violation Library

    Method / Usage Method / Usage Expected Args(Required Args are marked with a * )
    public Object delete(WorkflowContext wfc) Deletes the current approval object associated with this workflow. none
    public Object ignore(WorkflowContext wfc) Ends the workflow associated with the current approval object without performing any actions. none
    public Object mitigateViolation(WorkflowContext wfc) Mitigates by temporarily allowing a policy violation.
  • expiration*
  • comments
    		•
    public Object getRemediatables(WorkflowContext wfc)
    none
    public Object getRemediatables(WorkflowContext wfc)
  • remediator
  • actor
  • comments
  • remediations*
    • Use if remediator argument is not specified and actor is. Use remediator in new method calls.

    Role Library

    Method / Usage Method / Usage Expected Args(Required Args are marked with a * )
    public Object launchImpactAnalysis(WorkflowContext wfc) Starts an impact analysis task for a role in workflow. none
    public Object getRoleDifferences(WorkflowContext wfc) Calculates the differences between a role held in workflow and the database version of the role. none
    public Object auditRoleDifferences(WorkflowContext wfc) Creates one audit event for each attribute difference between role states. Compares workflow vs database.
  • source
  • action
  • target
  • string1
    		•
    public Approval buildOwnerApproval(WorkflowContext wfc) Sets up an approval for the owner of an object. Currently used only for roles. none
    public List buildApplicationApprovals(WorkflowContext wfc) For role approvals only. Builds an approval structure for the owners of each application referenced in the role profiles. Normally processed as parallelPoll to allow application owners to submit comments or modify the role without terminating the approval process. none
    public void enableRole(WorkflowContext wfc) Marks role as enabled. role (name)
    public void disableRole(WorkflowContext wfc) Marks role as disabled. role (name)
    public void setRoleDisabledStatus(WorkflowContext wfc) Marks role with disabled status indicated in the disabled arg.
  • true = disabled
  • false = enabled
    		•
  • role (name)
  • disable (Boolean)
    		•
    public void removeOrphanedRoleRequests(WorkflowContext wfc) Removes incomplete requests. Used to activate/deactivate roles that no longer exist. none
    public String getApprovalAuditAction(WorkflowContext wfc) Called by the post-approval audit steps, Audit Failure and Audit Success, of Role Modeler. Owner Approval workflow to determine what type of action should be recorded in audit log. If the role is marked as disabled, returns disableRole. if the role is NOT marked as disabled, returns updateRole. none

    LCM Library

    Currently, the Lifecycle Manager Library contains no public methods. All of its methods were moved to the Standard Workflow Handler.