Skip to content

BETA - Creating and Managing Workflows

Important

This document covers Workflows, which is currently in Beta. The information in this document, and the feature it describes, are subject to change without notice.

Review a summary of the terms and conditions for SailPoint's Access Programs.

A workflow is a set of steps that are completed every time a specific event occurs. IdentityNow's workflows do work for you, automatically performing a series of actions that you configure in response to a trigger.

IdentityNow's workflows offer enormous flexibility, allowing you to configure a workflow to take very specific actions each time it runs.

Behind the scenes, workflows are managed using JSON, but most parts of a workflow can be created and managed in the user interface.

This document describes basic information about workflows and details the process of putting one together in IdentityNow.

Workflow Terminology

To understand workflows, it helps to understand the parts that go into creating a workflow, and the language used to define it.

  • Steps

    Each workflow is made of a set of discreet steps. Each step must be completed before the next one can be executed. The three types of steps are triggers, actions, and operators.

    • Triggers

      A trigger determines when the workflow runs and provides the input that the rest of the steps use in the workflow. Each workflow must have exactly one trigger.

      Some examples of triggers include Account Aggregation Completed, Identity Created, and Source Deleted.

    • Actions

      An action is any task a workflow performs outside of the workflow itself or change it makes to its JSON data. If an action modifies any JSON data, the data can be added back to the data flow. If the modified JSON isn't added back to the data flow, it will be discarded. All workflows must have at least one action.

      Some examples of actions include Create Campaign, Get Identity, and Send Email.

    • Operators

      Operators are a broader category of steps that act on the workflow itself by directing the data flow or making conditional choices. The Success and Failure end steps are operators.

      Some other examples of operators include Compare Strings and Compare Numbers.

  • Data Flow

    Workflows start with an input delivered by the trigger, in JSON format. That JSON moves through the steps of your workflow, in the form of input and output. It may have data added, removed, or changed, and it may be analyzed so the workflow can make a decision, but whatever data remains flows through the workflow. This directional movement of data is known as the data flow.

  • Input

    Each workflow has an input in JSON format, provided by the trigger. This JSON data moves through each step in the workflow. When data enters a step, it becomes input.

  • Result

    After each step processes the input, the JSON it produces is called the result. This result is passed to the next step where it becomes input again.

  • Output

    The final result of a workflow, after each step has been completed, is called an output.

Building a Workflow

To build an automated workflow in SailPoint's cloud services, you can use visual builder in IdentityNow or you can configure a workflow using JSON.

Prerequisites:

  • A basic understanding of JSON and JSONPath

To begin building a workflow:

  1. From the Admin interface, go to Workflows.

    The list of workflows is displayed.

  2. Select + New Workflow.

    The file upload utility at the top of the screen, with a file uploaded. A name and description are displayed in fields below.

  3. Enter a name and description for your workflow.

    Alternatively, to base your new workflow on an existing workflow, upload a JSON file containing the workflow metadata. This can be obtained by downloading the script of an existing workflow.

  4. Select Continue to proceed to the visual builder.

    To edit your workflow using a JSON editor, select Save and Exit to return to the list of workflows. Download and edit the JSON file.

Building a Workflow in the Visual Builder

The goal of the visual workflow builder is to allow relatively complex workflows to be built with the only a minimal amount of code.

After uploading a metadata file and selecting Continue as described in Building a Workflow, the Workflow Builder is displayed.

The workflow visual builder. There are panels on either side of a canvas.

You can also reach this page by selecting a workflow's name in the list of workflows and selecting Edit Workflow.

On the left, a list of triggers is displayed. You can use the tabs to select the list of actions or operators.

  1. Click the trigger you want to use to kick off your workflow and drag it into the canvas in the middle. See Triggers for a list of the triggers you can choose and descriptions of when they are fired.

    Some triggers require you to fill out one or more fields before proceeding. This list appears in the right panel when you let go of the step on the canvas.

  2. Select the Actions tab and choose one or more actions to take place when your workflow is triggered. See Actions for a list of the actions you can choose from, as well as the fields required in each action.

    For each field in each step, select the down arrow to choose the field's value type. It can be a static value or a JSONPath expression that selects a value from the input.

  3. To connect the trigger to the first action, click the trigger on your canvas and drag your mouse toward the action. A line appears between them, indicating the two steps are connected.

    Be sure to drag from one step to the step that comes next in your workflow, chronologically. The direction of the line determines which direction the data will go - the chronological order in which the steps will be executed.

    Two steps, with an arrow pointing from the trigger to an action to represent dragging.

  4. Select the Operators tab and add operators where applicable.

    Operators allow you to configure choices and conditional logic.

    The configuration screen of an operator. There are two Value fields separated by a comparison operator.

    In an operator's Value 1 field, enter a JSONPath corresponding to the part of the JSON input you want to compare to another value.

    For example, following the action Get Certification, you might want to start the campaign if it's in the STAGED state, but generate it if it's in the SAVED state.

    In this example, you'd choose a Compare Strings operator and add a JSONPath to the field Value 1 to select the status of the campaign you retrieved in the previous step. In the Operator field, you'd type in one of the comparison operators available for Compare Strings.

    In Value 2, you'd enter the value you wanted to compare Value 1 to. You can use JSONPath to select another value from the input, or type in a static value. In this case, you might enter STAGED in Value 2.

    A workflow step with two paths leading away from it.

    You can choose two directions for the workflow to go depending on whether the result of your comparison is True or False. For example, you can choose an Activate Campaign step to follow the Get Campaign step if the campaign's status is STAGED. If the campaign's status is anything else, you can choose to send the workflow to a Failure step so that it doesn't continue.

    Click True or False and drag the cursor to the step you want to come next.

  5. Continue adding actions and/or operators and connecting them until your workflow has all of the steps it will need to complete the tasks you need it to perform.

    Review Tips for Navigating the Workflow Builder for details about using this interface.

    A completed workflow must have:

    • No more than one trigger
    • One or more actions
    • One or more end steps - at least one success and/or failure step

    All steps in your workflow must be connected to the main workflow.

  6. Select Save.

  7. At any point you can select Test Workflow to test the functionality of your steps. Sample input is provided based on the trigger your workflow uses. You can edit this input data to use different values or kep the sample data. When you are ready, select Start Test.

The Test Workflow screen. Sample input is in a box above the Start Test button.

If your workflow test succeeds, you can enable your workflow from the list of workflows.

If your workflow fails, the output of the test is still displayed, with the errors in the output highlighted in red.

Select the X icon to go back to the workflow builder and keep working.

Tips for Navigating the Workflow Builder

  • To move a step after you've placed it on the canvas, select the drag handle icon 6 dots, the drag handle icon. to drag the step.
  • To move your view around the canvas, select it with your mouse and drag.
  • To delete a step, select it in the canvas and press the Delete button on your keyboard.
  • To delete a connection between two steps, select the line connecting them and press the Delete button on your keyboard.
  • To undo an action, press Control-Z or Command-Z on your keyboard.

Building a Workflow in JSON

All workflows are built using JSON. They can be edited manually in the JSON file and re-uploaded, so you can create extremely flexible workflows to fit your organization's needs.

Your JSON workflow must meet the following criteria:

  • It must begin with the appropriate metadata, including a name and description, as found in Workflow Steps and Definitions.
  • It must contain exactly one trigger.
  • All steps, excluding the trigger, must be within the steps object of the workflow JSON.
  • It must contain at least one action.
  • Each step, besides the trigger and any end steps, must specify a next step using the name of the step that should be executed next.
  • It must contain a success step to designate the end of the workflow.

Some parts of a workflow are required under certain conditions.

  • If your workflow contains a choice or comparison operator, it must specify a default step to execute next if the input doesn't meet any of the criteria specified in the choice step.

After uploading a metadata file and selecting Continue as described in Building a Workflow, the Workflow Builder is displayed.

  1. To obtain the JSON for each step you want to include in your workflow, drag each step into the canvas as described in Building a Workflow in the Visual Builder.

  2. Select Save, then select Back to return to the list of workflows.

  3. Select the Download Workflow Definition button beside the workflow you want to edit.

    The list of workflows. In the Actions column, the Download Workflow Definition button is highlighted.

  4. Open the workflow script in the editor of your choice and make changes.

    When you're finished editing, save your workflow file.

  5. In IdentityNow, in the list of workflows, select the name of the workflow you want to edit.

  6. Select Upload New Script. Choose the file you edited in step 4.

  7. Select Save.

  8. To test your workflow before enabling it, select Edit Workflow. On the edit screen, select Test Workflow.

Reviewing and Maintaining Workflows

From the Workflows page, you can review some data about each workflow in your site. This includes information such as the number of times each workflow has run successfully, and the rate of errors for each workflow. From this page, you can download the workflow's script or enable and disable it.

You can also view and edit individual workflows, as well as delete them.

To view and edit a workflow:

  1. From the Admin interface, go to Workflows.

  2. Click the name of the workflow you want to view.

    You can review a number of details about the workflow, including the uploaded file, its name and description, when it was created, and who created it.

  3. Select the Executions tab to review details about the last 50 times the workflow was executed.

  4. To edit the workflow, select its name and go to the Details tab. You can edit the workflow's name and description here. Select Upload New Script to replace the workflow's JSON file with an updated version, or select Edit Workflow to go to the visual builder.

  5. When you have finished making your changes, select Save.

    Your changes are incorporated the next time the workflow begins running.

To delete a workflow:

  • Select the Delete icon beside the workflow you want to delete on the Workflows page.
  • Select the name of the workflow you want to delete, then select the Delete icon on the Details page.