BPM Editor

Introduction to BPM Editor

What is BPM?

Business Process Management is a discipline for executing of management methodology to improve an organization’s business processes. That uses a combination of modeling, automation, execution, control, measurement and optimization of business activity flows, spanning systems, employees, customers and partners to achieve the enterprise goals.

Gartner defines business process management as: "the discipline of managing processes (rather than tasks) as the means for improving business performance outcomes and operational agility. Processes span organizational boundaries, linking together people, information flows, systems, and other assets to create and deliver value to customers and constituents".

The main steps in BPM are:

Some of the benefits of using BPM include:


How to install BPM Editor in Soffid

Installation

Download

Please download the Soffid BPM Editor add-on.

You could download it at the following link http://www.soffid.com/download/enterprise/ if you have a Soffid user with authorization, or in the following http://download.soffid.com/download/ by registering.

Upload

1. Once the BPM add-on is downloaded, please log in to IAM Console.

You need to be an administrator user of the Soffid console or a user with permission to upload addons.

2. In the Soffid console, please go to:

Main Menu > Administration > Configure Soffid > Global Settings > Plugins

3.  Then, click the add button (+) and pick the file and Soffild will upload the addon file.

For more information visit the Addons Getting started page.

4. Finally, when the addon is installed, it will be required to restart the Soffid Console.

5. Once the Soffid console is restarted, you could check the plugin was uploaded properly on the plugins page:

Main Menu > Administration > Configure Soffid > Global Settings > Plugins

6. Now, you can define BPM processes

Methodology

Introduction

The main goal of using Business Process Management or BPM is to improve your organization's business processes. By using these workflows you will be able to save time, not only for system administrators but also for managers and coordinators.

System administrators will be able to spend less time on user and access management. Managers and coordinators because will be able to approve and deny requests using the self-service portal or from email, depending on the workflow configuration.

Methodology steps

1. First of all, you need to identify your business needs. 

2. Second, you need to analyze the business needs and select those that can be automated by any authorization mechanism. 

3. Then you need to design the workflow using the Soffid BPM editor. Soffid provides you different types of processes with their own characteristics, also a lot of steps to define the flow of your process

4. Then you need to design the workflow using the Soffid BPM editor. Soffid provides you different types of processes with their own features, and also provides you different steps to define and customize the flow of your processes.

5. Finally, the workflows can be executed, automatically or by the Soffid users, with the proper permissions.

You will be able to monitor all the status process and perform some operations depending on your assigned permissions.


Soffid BPM Editor

Soffid BPM Editor

Soffid BPM Editor

Business process definition

Description

Soffid includes a BMP (Business Process Management) in its Smart Engine to provide useful workflows integrated with the processes and the policies of the Soffid core. 

In order to add extra functionality to the console, you can upload different business processes (a.k.a. Workflows) that can be found in the Soffid download area and enable or disable existing ones. The existing process definition can be updated by uploading a new version.

If a workflow is disabled, processes initiated and pending can be finalized, but no longer that workflow could be started.

Custom attributes

Actions

Show disabled

If you check (option selected is Yes) it will be shown all the workflows, both enable and disable workflows.

Deploy (Add)

Allows you to pick a defined process and upload it for deploying it in Soffid. 

You must click the button with the add icon (+), click "pick a file" and select a valid file. Then Soffid will upload and deploy the process.

This option allows to add new workflows or update existing workflows.


You can upload a process defined with the BPM Editor and previously exported (.pardef) or a process defined by code (.par)

Enable

Allows you to enable a workflow. When you enable a workflow, all users with proper permission could launch the process from the Self-service portal

Disable

Allows you to disable a workflow, no user could access that process from the Self-service portal.

If there are any processes initiated and pending, those processes may be finalized even if the processes are disabled.


Soffid BPM Editor

Configure Workflow engine

Description

Soffid can use any document repository to store documents generated by workflows, reporting addon, or any other addon.

The document repository can be either a local directory or a remote one accessed using FTP, SMB, HTTP protocols. Depending on the protocol selected, additional parameters may be needed.

Soffid console maintains a textual index that allows searching for currently active or finished processes using full text search.

The textual index for searches can be updated from this page. The textual index is not stored in the database but filesystem. From this page, you can set the directory where this textual index will be stored.

Because it is stored in non-transactional storage, it can get occasionally corrupted. In such a case, by pressing the RebuildIndex button, the index will be rebuilt from scratch.

Overview

image-1623834522272.png


Soffid BPM Editor

BPM Editor

Description

BPM is a technology that allows modeling, implementing, and executing processes automatically to enhance efficiency and productivity in support of enterprise goals.

Soffid includes a BMP (Business Process Management) in its Smart Engine to provide useful workflows integrated with the processes and the policies of the Soffid core.

The BPM Editor Addon allows you to create, configure and publish business processes very easily for the Soffid administrators.

The workflows were implemented with an external programming tool, and it required knowledge of the Soffid core and programming languages.

After installation of the addon, you could find BPM editor  in the section: 

Administration > Configure Soffid > Workflow settings > BPM editor

The BPM Editor addon provides some templates to create new workflows, these templates depend on the process type selected when you are adding a new business process. Nowadays there are the following templates available:

You can find additional information by visiting Process types chapter or visiting a specific process type:

Once a workflow is published with the proper configuration, the users with the correct permissions could start, approve or observe the workflow from the "My Request" option. You can find more información on My Request page

When a workflow is deleted, that workflow continues to be available to be executed. If you do not want workflow will be executed, you must disable that process on the Business process definition index page. If you disable a workflow, processes initiated and pending can be finalized, but no longer than workflow could be started.

A workflow could be updated with a new version. Processes started with the previous version, will be performed with the previous definition (previous version). And processes start with the new version, which will be performed with the new version.

We will use two concepts to explain that process, identity, and end-user. Identity will be the identity or user that will be created, updated, or deleted in Soffid Console. The end-user is referred to an user of Soffid that will request processes using the self-service portal.

Screen overview

Custom attributes

Process editor

That area of the form displays the general information about the business workflow and the main operations to perform. The actions to perform are defined by flowing that link Process editor actions

Folder 1 / Update my data

Folder X / Process Name 1

Folder X / Process Name 2

image-1661337550708.png

Steps

There are some available step types to define the properties and behavior of the process. Depending on the selected type, there are common properties to all types and specific properties for each one of them.

The workflows have default steps defined, those steps can be deleted or updated, and other steps can be added. Each step has detail to set up its properties and its behavior. The default steps are below:

Other available steps to custom your business process:

Step details

All steps have some detailed data: 

Attributes

The Attributes tab is allowed for creating custom attributes to be used to configure the workflow. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.

There are customized templates depending on the Process Type selected, those give you default attributes that you can customize.

Actions

BPM editor actions

Add new

Allows you to add a new workflow to Soffid. You can choose that option on the hamburger menu or click the add button (+). Second,  you need to set a name and select the process type and accept. Then Soffid opens the Process editor, which allows you to configure the process. And finally, save the process configuration, or save and publish.

If you cancel that operation, Soffil will not save the process definition.

Import

Allows you to import a workflow from a .pardef file. That functionality is very useful for next scenarios:


  • To restore a workflow from a backup (a workflow previously exported).

  • To deploy a workflow from one environment to another (for instance from Test to Live).

  • To start a new workflow from a template.

You can choose that option on the hamburger menu. Then you can pick up a .pardef file, and save the process or save and publish. Soffid will ask you for confirmation, If you confirm, finally,  Soffid will import the process definition.

If you cancel that operation, Soffil will not upload and save the process definition.


Note that with this option you only can load workflows defined by the BPM editor.

Edit process

Allows you to edit a workflow to update it. You can choose that option, selecting the pencil icon located close to the process name that you want to update. 

Then you can update the process definition and save, or save and publish the updates.

Remove process

Allows you to delete a workflow. You can choose that option, selecting the subtraction icon located close to the process name

When a process is deleted, that process continues to be available to be executed. If you want that process is not available, you must disable that process on the Business process definition index page

Export process

Allows you to export a workflow to a .pardef file. You can choose that option, selecting the export icon located close to the process name. Automatically Soffid will download a .pardef file with the process definition.

Process editor actions

The action that can be performed in the process are detailed below

Save

Allows you to save all changes included in the workflow. That workflow can be a new or an updated workflow.

Save and Publish

Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.

Cancel

Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates

Steps section actions

New step

Allows you to add a new step to the workflow. When a new step is added, it will be mandatory to configure it. 

Delete step

Allows you to delete an existing step. To delete a step you must click on the subtract icon (-) close to the step that you want to delete.

Fields

New field

Allows you to add a new field on the Fields tab. You need to click the "New field" button and Soffid will show a new row to fill in. For each new field you may define:

  • Label: allows you to give a name to that field. That label will be shown on the process form to final users.

  • Name: allows you to select an identity attribute or specific attribute defined for that process. That will be the field type (e.g. selector, input field, date field...)

  • ReadOnly: allows you to determine if this field could be updated.

  • Validation: this allows you to add a custom script with validation rules.

  • Visibility: this allows you to add a custom script to determine the visibility of that field.

Delete field

Allows you to delete a field. To delete a field you must click on the subtract icon (-) that is at the end of the same line.

Validation

Allows you to add a new customized script with validation rules

Visibility

Allows you to add a new customized script to determine the visibility of that field.

Order

Allows you to sort the fields using drag and drop.

Triggers

New trigger

Allows you to add a new trigger to perform actions.

Delete trigger

Allows you to delete a trigger. To delete a trigger you must click on the subtract icon (-) that is at the end of the same line.

Action

Allows you to add a new customized script.

Incoming transition

New transition

Allows you to add a new incoming transition. You need to click the "New transitions" button, then Soffid will show a new row to fill in. For each new incoming transition you may define:

  • From: this allows you to select where the workflow comes from.

  • Incoming transition: brief name to identify the transition.

  • To: current step.

  • Action: allows creating a custom script to perform specific actions.

Delete transition

Allows you to delete an incoming transition. To delete an incoming transition you must click on the subtract icon (-) that is at the end of the same line.

Action

Allows you to add a new customized script by clicking the pencil icon.

Outgoing transition

New transition

Allows you to add a new outgoing transition.

Delete transition

Allows you to delete an outgoing transition. To delete an outgoing transition you must click on the subtract icon (-) that is at the end of the same line.

Action

Allows you to add a new customized script by clicking the pencil icon.

Attributes section actions
Add attribute Allows you to add a new attribute to use to configure the step.
Delete attribute Allows you to delete an attribute. To delete an attribute you must click on the subtract icon (-) that is at the end of the same line.
Add value Allows you to add a new value to the attribute.
Delete value Allows you to delete a value. To delete a value you must click on the subtract icon (-) that is at the end of the same line.


Process types

Templates definition of process types

Process types

User management

Description

The user management process type is used to define business processes to create and update identities and their attributes.

You can use the default template included on Soffid BPM Editor and customize it with your business needs. Also, you can import a .pardef file with the process definition.

That process is defined by default with 4 steps, but you can add new, delete and update steps to customize your business process. 

We will use two concepts to explain that process, identity, and end-user. Identity will be the identity or user that will be created, updated, or deleted in Soffid Console. The end-user will be the Soffid user who requests processes using the self-service portal.

Process editor

Process steps

To view the detail of each available step, you can visit the User management steps chapter.

Attributes

You could add new custom attributes in the Attributes tab. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.

There are customized templates depending on the Process Type selected, for the User management type there are three attributes defined:

You can customize attributes to adapt the workflow to your business process. You can add new attributes, and update or delete the default attributes. For each new attribute, you need to indicate, at least, the code, the label, and the data type.

Actions

Process actions

Save

Allows you to save all changes included in the workflow. That workflow can be a new or an updated workflow.

Save and Publish

Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.

Cancel

Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates

Attribute actions

Add attribute

Allows you to add a new attribute. When you click the button "Add attribute" Soffid will show the fields to fill in for the new attribute. It is mandatory to fill in the code to save the process.

The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete attribute

Allows you to delete a defined attribute. To delete an attribute you need to click the button with the subtraction symbol (-)  located next to the label field. The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Add value

Allows you to add a new value to the attribute. To add a new value you need to click the button with the add symbol (+) located at the end of the "Values" label.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete value

Allows you to delete a value to the attribute. To delete an attribute you need to click the subtraction symbol (-) located close to the value you want to delete.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.


Process types

Permissions management

Description

The permissions management process type is used to define processes used to create, update and remove permissions and account to identities.

You can use the default template included on Soffid BPM Editor and customize it with your business needs. Also, you can import a .pardef file with the process definition.

That process is defined by default with 4 steps, but you can add new, delete and update steps to customize your business process. 

We will use two concepts to explain that process, identity, and end-user. Identity will be the identity or user that will be created, updated, or deleted in Soffid Console. The end-user will be the Soffid user who requests processes using the self-service portal.

Process editor

Process steps

To view the detail of each available step, you can visit the Permissions management steps chapter.

Attributes

You could add new custom attributes in the Attributes tab. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.

There are customized templates depending on the Process Type selected, for the Process management type there is one attribute defined:

You can customize attributes to adapt the workflow to your business process. You can add new attributes, and update or delete the default attributes. For each new attribute, you need to indicate, at least, the code, the label, and the data type.

Actions

Process actions

Save

Allows you to save all changes included in the workflow. That workflow can be a new or an updated workflow.

Save and Publish

Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.

Cancel

Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates

Attribute actions

Add attribute

Allows you to add a new attribute. When you click the button "Add attribute" Soffid will show the fields to fill in for the new attribute. It is mandatory to fill in the code to save the process.

The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete attribute

Allows you to delete a defined attribute. To delete an attribute you need to click the button with the subtraction symbol (-)  located next to the label field. The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Add value

Allows you to add a new value to the attribute. To add a new value you need to click the button with the add symbol (+) located at the end of the "Values" label.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete value

Allows you to delete a value to the attribute. To delete an attribute you need to click the subtraction symbol (-) located close to the value you want to delete.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.


Process types

Account reservation

Description

The account reservation process type is used to configure the use of privileges accounts. That type of process will be launched when the end-users want to connect to a system using a privileged account through the password vault.

Soffid allows you to configure XACML policies management, here you will be able to configure when the account reservation workflows should be launched.

For more information about XACML you can visit the XACML Book.

You can use the default template included on Soffid BPM Editor and customize it with your business needs. Also, you can import a .pardef file with the process definition.

That process is defined by default with 4 steps, but you can add new, delete and update steps to customize your business process. 

We will use two concepts to explain that process, identity, and end-user. Identity will be the identity or user that will be created, updated, or deleted in Soffid Console. The end-user will be the Soffid user who requests processes using the self-service portal.

Process editor

Process steps

To view the detail of each available step, you can visit the Account reservation steps chapter.

Attributes

You could add new custom attributes in the Attributes tab. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.

There are customized templates depending on the Process Type selected, for the Process management type there are one attribute defined:

You can customize attributes to adapt the workflow to your business process. 

Actions

Process actions

Save

Allows you to save all changes included in the workflow. That workflow can be a new or an updated workflow.

Save and Publish

Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.

Cancel

Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates

Attribute actions

Add attribute

Allows you to add a new attribute. When you click the button "Add attribute" Soffid will show the fields to fill in for the new attribute. It is mandatory to fill in the code to save the process.

The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete attribute

Allows you to delete a defined attribute. To delete an attribute you need to click the button with the subtraction symbol (-)  located next to the label field. The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Add value

Allows you to add a new value to the attribute. To add a new value you need to click the button with the add symbol (+) located at the end of the "Values" label.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete value

Allows you to delete a value to the attribute. To delete an attribute you need to click the subtraction symbol (-) located close to the value you want to delete.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.



Process types

Permission request

Description

The permission request process type is used to define business processes to request permissions.

That process is defined by default with 4 steps, but you can add new, delete and update steps to customize your business process. 

You could add new steps, delete steps, and custom steps to define your process workflow.

We will use two concepts to explain that process, identity, and end-user. Identity will be the identity or user that will be created, updated, or deleted in Soffid Console. The end-user will be the Soffid user who requests processes using the self-service portal.

Process editor

Process steps

To view the detail of each available step, you can visit the Permissions request steps chapter.

Attributes

There are no attributes

Actions

Process actions

Save

Allows you to save all changes included in the workflow. That workflow can be a new or an updated workflow.

Save and Publish

Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.

Cancel

Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates

Attribute actions

Add attribute

Allows you to add a new attribute. When you click the button "Add attribute" Soffid will show the fields to fill in for the new attribute. It is mandatory to fill in the code to save the process.

The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete attribute

Allows you to delete a defined attribute. To delete an attribute you need to click the button with the subtraction symbol (-)  located next to the label field. The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Add value

Allows you to add a new value to the attribute. To add a new value you need to click the button with the add symbol (+) located at the end of the "Values" label.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete value

Allows you to delete a value to the attribute. To delete an attribute you need to click the subtraction symbol (-) located close to the value you want to delete.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.


Process types

Delegation Roles

Description

The delegation roles process type is used to allow the users to delegate temporary their own permissions. 

That process is defined by default with 3 steps, but you can add new, delete and update steps to customize your business process. 

You could add new steps, delete steps, and custom steps to define your process workflow.

We will use two concepts to explain that process, identity, and end-user. Identity will be the identity or user that will be created, updated, or deleted in Soffid Console. The end-user will be the Soffid user who requests processes using the self-service portal.

Process editor

Process steps

To view the detail of each available step, you can visit the Delegation roles steps chapter.

Attributes

You could add new custom attributes in the Attributes tab. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.

There are customized templates depending on the Process Type selected, for the Process management type there is one attribute defined:

 

You can customize attributes to adapt the workflow to your business process. 

Actions

Process actions

Save

Allows you to save all changes included in the workflow. That workflow can be a new or an updated workflow.

Save and Publish

Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.

Cancel

Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates

Attribute actions

Add attribute

Allows you to add a new attribute. When you click the button "Add attribute" Soffid will show the fields to fill in for the new attribute. It is mandatory to fill in the code to save the process.

The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete attribute

Allows you to delete a defined attribute. To delete an attribute you need to click the button with the subtraction symbol (-)  located next to the label field. The attribute updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Add value

Allows you to add a new value to the attribute. To add a new value you need to click the button with the add symbol (+) located at the end of the "Values" label.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.

Delete value

Allows you to delete a value to the attribute. To delete an attribute you need to click the subtraction symbol (-) located close to the value you want to delete.

The values updates will save when you click the button "Save" or "Save and Publish". If you cancel, the updates will not save.


User management steps

Define the user management steps

User management steps

Start

Definition

That is the first step of the workflow. At that step, you could define the fields you want to show when the end users will go to make a request.

Steps Tabs

Task details

This process type does not have task details for the start step.

Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab.

By default, all the identity attributes will be shown, and an additional field called Action. You can choose the fields you want to show when the end-users, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

The Action field is a droplist that will allow end-users to select one of the different options to perform. The available actions, defined by default on the Attributes tab:

To enable, modify or disable an identity, you need to add a field with the name userSelector, defined on the Attributes tab. That field will be available, to end-users,  to select an existing identity when selecting one of that options. When you select an identity, Soffid will show all the attributes defined on the form to the end user.

For each field, you may indicate if it is a readOnly field, and you may add a Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Validation examples
if (value == null || value.equals(""))
  throw new Exception("The userName is mandatory");
else 
  return true;

It is also allowed in the following manner:

if (value == null || value.equals(""))
  return ("The userName is mandatory");
else 
  return true;

Validate that a certain field is not repeated:

userList = serviceLocator.getUserService().findUserByJsonQuery("attributes.field_XX eq \"" + value +"\"");
if (!userList.isEmpty() {
  return "the field field_XX is associated to another user";
}
return true;
Visibility example
user = serviceLocator.getUserService().getCurrentUser();
if ("admin".equals(user.userName)) 
  return false;
SCIM filter example
userType eq "E"

Triggers

On the trigger tab, you could define different triggers using custom scripts. Those triggers will be launched with the events you will define.

Example

1. Calculate the email when firstName or lastName changes and depending on the userType: 

firstName   = (inputFields.get("firstName")!=null) ? inputFields.get("firstName").value : null;
lastName    = (inputFields.get("lastName")!=null) ? inputFields.get("lastName").value : null;
userType    = (inputFields.get("userType")!=null) ? inputFields.get("userType").value : null;

if (firstName!=null && !firstName.trim().isEmpty() &&
    lastName!=null && !lastName.trim().isEmpty() &&
    userType!=null && !userType.trim().isEmpty()) {
  
  emailAddress = firstName + "." + lastName;
   if ("E".equals(userType)) {
   		emailAddress = emailAddress + ".ext@soffid.com";
   } else {
     	emailAddress = emailAddress + "@soffid.com";
   }
  inputFields.get("emailAddress").value = emailAddress;
  
}

You can find more information about StandardUserWindow.java on Github.

2. Load the user data into the form.

user = serviceLocator.getUserService().getCurrentUser();
task.getVariables().put("action", "M");
task.getVariables().put("userSelector", user.userName);
workflowWindow.fetchUserAttributes()

Incoming transitions

This process type does not have task details for the start step.

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Check if there are any similar identities:

firstName = executionContext.getVariable("firstName");
birthDate = executionContext.getVariable("birthDate");

df = new java.text.SimpleDateFormat("yyyy-MM-dd");
query = "firstName co \""+firstName+"\" and attributes.birthDate sw \""+df.format(birthDate)+"\"";

users = serviceLocator.getUserService().findUserByJsonQuery(query);
if ( !users.isEmpty()) {
  throw new es.caib.bpm.toolkit.exception.UserWorkflowException("Your identity is probably registered. Please, contact your system administrator");
}


User management steps

Screen

Description

This step is used to define the custom form that will be used by the users who have to approve or to reject the generated task. To configure that step will be necessary to determine the fields that will be show to the users, and the actions that these users could perform.

Steps Tabs

Task details

In this tab you could configure next parameters:

Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab. By default, all the identity attributes will be shown. You can choose the fields you want to show, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

For each field, you may indicate if it is a readOnly field, and you may add a Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Example
if (value == null || value.equals(""))
  return ("The NIF is mandatory");
else 
  return true;

Trigger

On the trigger tab, you could define different triggers using custom scripts. Those triggers will be launched with the events you will define.

Example

1. How to set a value depending on a variable (onLoad).

userType = task.getVariables().get("userType");
if ("I".equals(userType))  { 
  task.getVariables().put("country", "ES");
}

2. Validate a field value (onChange)

firstName   = (inputFields.get("firstName")!=null) ? inputFields.get("firstName").value : null;
lastName    = (inputFields.get("lastName")!=null) ? inputFields.get("lastName").value : null;
country    = (inputFields.get("country")!=null) ? inputFields.get("country").value : null;

if (firstName!=null && !firstName.trim().isEmpty() &&
    lastName!=null && !lastName.trim().isEmpty() &&
     country!=null && !country.trim().isEmpty()) {
  
	emailAddress = firstName + "." + lastName;
  	if ("ES".equals(country)) {
   		emailAddress = emailAddress + ".@soffid.es";
   	} else {
     	emailAddress = emailAddress + "@soffid.com";
    }
  	inputFields.get("emailAddress").value = emailAddress;
}

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

The incoming script action is the same outgoing script action of the previous step.

selector = executionContext.getVariable("userSelector");
user = serviceLocator.getUserService().findUserByUserName(selector);
executionContext.setVariable("testName", user.firstName);
executionContext.setVariable("testOperation", "CHECK");

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Update custom attributes defined on metadata

userName = executionContext.getVariable("userName");
attributes = serviceLocator.getUserService().findUserAttributes(userName);

newAttributes = new HashMap();
newAttributes.put("country", "FR");

language = attributes.get("language");
if (language == null) {
  language = new LinkedList();
}
language.add("Spanish");
language.add("German");

newAttributes.put ("language", language);

serviceLocator.getUserService().updateUserAttributes(userName, newAttributes);

* https://es.wikipedia.org/wiki/Expression_Language


User management steps

Detect duplicated user

Definition

That step is used to define the proper rules to determine the potential conflicts between the identity for who is the request, and the Soffid existing identities. Whit that definition, Soffid will find the potential conflicts, and the end-user could select the best option to solve those (merge or create a new one).

Steps Tabs

Tasks details

Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab. By default, all the identity attributes will be shown. You can choose the fields you want to show, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

For each field, you may indicate if it is a readOnly field, and you may add a Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

User queries

This tab is only available when one of the below Step types is Detect duplicated user.

User queries allow you to customize a SCIM or Text query to detect duplicated users. You may define a weight for each query. If a user is found in one or more queries, the weight of each one of these queries are added. If the total weight is equal to or greater than the current weight threshold (defined on the Task details tab), the user is considered a user match.

Examples

Text Query 

${lastName}

SCIM Query

attributes.birthDate eq "${birthDate}"

Define the weight threshold on the Task detail tab

image-1622707864803.png

Define the weight for each query on the User query tab: A user is considered duplicated when at least two queries are true.

image-1622707825784.png

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

The incoming script action is the same outgoing script action of the previous step.

selector = executionContext.getVariable("userSelector"); 
user = serviceLocator.getUserService().findUserByUserName(selector); 
executionContext.setVariable("testName", user.firstName); 
executionContext.setVariable("testOperation", "CHECK");

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Add comments to the task:

executionContext.getToken().addComment("Automatic comments.......");




User management steps

Apply changes

Definition

This step is used to apply the identity changes to the Soffid repository.

Steps Tabs

Task details


Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example
requester = executionContext.getVariable("requester");
userR = serviceLocator.getUserService().findUserByUserName(requester);
if (userR.primaryGroup.equals("admingroup")) {
	//TO-DO
} else {
	//TO-DO
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example
userName = executionContext.getVariable("userName");
user = serviceLocator.getUserService().findUserByUserName(userName);
country = user.getAttributes().get("country");
groups = serviceLocator.getGroupService().findUsersGroupByUserName(userName);

if (country.equals("ES")) {
	//TO-DO
}



User management steps

Custom

Definition

This step is used to define a custom script that will be executed 

Steps Tabs

Task details

All the process types have the same Task details for the Custom step:

Example
comments = executionContext.getToken().getComments();
selector = executionContext.getVariable("userSelector");
if (selector == null || selector.equals("")) {
     return ("The userName is mandatory");
}
user = serviceLocator.getUserService().findUserByUserName(selector);
if (user != null) {
  subject = "Soffid - Notification";
  message = "Automated mail sent ..............";
  
  if (comments != null && !comments.isEmpty()) {
    for (comment : comments) {
      message += comment.message;
    }
  }
  serviceLocator.getUserService().sendHtmlMailToActors(new String[]{user.userName}, subject, message);
}

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example
Scroll through the list of roles and the list of grant hierarchies to execute some actions.
userName = executionContext.getVariable("userName");

roleList = serviceLocator.getApplicationService().findRolesByUserName(userName);
for (role:roleList) {
  //TO-DO
}

user = serviceLocator.getUserService().findUserByUserName(userName);
roleGrantList = serviceLocator.getApplicationService().findRoleGrantHierarchyByUser(user.id);
for (roleGrant:roleGrantList) {
  //TO-DO
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Delete additional attribute

userName = executionContext.getVariable("userName");
attribute = serviceLocator.getUserService().findDataByUserAndCode(userName, "country");

if (attribute != null) {
  serviceLocator.getAdditionalDataService().delete(attribute);
}


User management steps

Mail

Definition

This step allows you to configure the necessary parameters to send an email when the flow reaches this point. That mail will be an informative mail, and the receptor could not perform any action from the mail.

To send mail, you will need to configure mail server parameters. You can visit the Soffid parameters page for more information.

Steps Tabs

Task details

When you select the Mail Step type, you could configure the mail information to send and the recipients of that information. To send a mail from Soffid Console is needed to have a mail server configuration.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Get the selected user, first name, and operation from the previous step:

selector = executionContext.getVariable("userSelector");
user = serviceLocator.getUserService().findUserByUserName(selector);
executionContext.setVariable("testName", user.firstName);
executionContext.setVariable("testOperation", "CHECK");

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Get the account list associated with a user to perform some actions:

userName = executionContext.getVariable("userName");
accountList = serviceLocator.getAccountService().findAccountByJsonQuery("name eq \"" + userName + "\" AND (type eq \"P\" or type eq \"S\" or type eq \"I\")");
for (account:accountList) {
	//TO-DO
}                                                                    

* https://es.wikipedia.org/wiki/Expression_Language


User management steps

Fork

Definition

This step is used to divide the workflow into two or more paths that will run in parallel, allowing multiple activities to run simultaneously.


/====> path 1 =====\

Fork ====                                                  ==> Join

\====> path 2 =====/


Steps Tabs

Task details

This process type does not have task details for the fork step.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Update custom attributes defined on metadata

userName = executionContext.getVariable("userName");
attributes = serviceLocator.getUserService().findUserAttributes(userName);

newAttributes = new HashMap();
newAttributes.put("country", "FR");

language = attributes.get("language");
if (language == null) {
  language = new LinkedList();
}
language.add("Spanish");
language.add("German");

newAttributes.put ("language", language);

serviceLocator.getUserService().updateUserAttributes(userName, newAttributes);

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Scroll through the list of roles and the list of grant hierarchies to execute some actions.

userName = executionContext.getVariable("userName");

roleList = serviceLocator.getApplicationService().findRolesByUserName(userName);
for (role:roleList) {
  //TO-DO
}

user = serviceLocator.getUserService().findUserByUserName(userName);
roleGrantList = serviceLocator.getApplicationService().findRoleGrantHierarchyByUser(user.id);
for (roleGrant:roleGrantList) {
  //TO-DO
}



User management steps

Join

Definition

This step is used to combine two or more parallel paths into one path. 

Steps Tabs

Task details

This process type does not have task details for the fork step.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

To join some paths will be mandatory to add the incoming transitions from those forks. 

When you create an incoming transition, Soffid creates the proper outcoming transition.

image-1623748784180.png

Example

Delete additional attribute:

userName = executionContext.getVariable("userName");
attribute = serviceLocator.getUserService().findDataByUserAndCode(userName, "country");

if (attribute != null) {
  serviceLocator.getAdditionalDataService().delete(attribute);
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Scroll through the list of roles to execute some actions.

userName = executionContext.getVariable("userName");

roleList = serviceLocator.getApplicationService().findRolesByUserName(userName);
for (role:roleList) {
  //TO-DO
}




User management steps

End

Description

The end step finalizes the process. It is the last step of the workflow.

Steps Tabs

Task details

This process type does not have task details for the start step.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

If the user country is Spain, it will perform an action for each role.

userName = executionContext.getVariable("userName");
user = serviceLocator.getUserService().findUserByUserName(userName);
country = user.getAttributes().get("country");

if (country != null && country.equals("ES")) {
	roleList = serviceLocator.getApplicationService().findRolesByUserName(userName);
	for (role : roleList) {
      //TO-DO
}

Outgoing transitions

This step does not have outgoing transitions. It is the last step of the workflow.



Permissions management steps

Define the Process management steps

Permissions management steps

Start

Definition

That is the first step of the workflow. At that step, you could define the fields you want to show when the end users will go to make a request.

Steps Tabs

Task details

In this tab you could configure next parameters:

Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab.

By default, only the Permissions field will be shown. That field is defined on the attributes tab. You can choose the fields you want to show when the end-users, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

For each field, you may indicate if it is a readOnly field, and you may add a Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Validation examples
if (value == null || value.equals(""))
  throw new Exception("The userName is mandatory");
else 
  return true;

It is also allowed in the following manner:

if (value == null || value.equals(""))
  return ("The userName is mandatory");
else 
  return true;

Validate that a certain field is not repeated:

userList = serviceLocator.getUserService().findUserByJsonQuery("attributes.field_XX eq \"" + value +"\"");
if (!userList.isEmpty() {
  return "the field field_XX is associated to another user";
}
return true;
Visibility example
user = serviceLocator.getUserService().getCurrentUser();
if ("admin".equals(user.userName)) 
  return false;

Triggers

On the trigger tab, you could define different triggers using custom scripts. Those triggers will be launched with the events you will define.

Example

1. Calculate the email when firstName or lastName changes and depending on the userType: 

firstName   = (inputFields.get("firstName")!=null) ? inputFields.get("firstName").value : null;
lastName    = (inputFields.get("lastName")!=null) ? inputFields.get("lastName").value : null;
userType    = (inputFields.get("userType")!=null) ? inputFields.get("userType").value : null;

if (firstName!=null && !firstName.trim().isEmpty() &&
    lastName!=null && !lastName.trim().isEmpty() &&
    userType!=null && !userType.trim().isEmpty()) {
  
  emailAddress = firstName + "." + lastName;
   if ("E".equals(userType)) {
   		emailAddress = emailAddress + ".ext@soffid.com";
   } else {
     	emailAddress = emailAddress + "@soffid.com";
   }
  inputFields.get("emailAddress").value = emailAddress;
  
}

You can find more information about StandardUserWindow.java on Github.

2. Load the user data into the form.

user = serviceLocator.getUserService().getCurrentUser();
task.getVariables().put("action", "M");
task.getVariables().put("userSelector", user.userName);
workflowWindow.fetchUserAttributes()

Incoming transitions

This process type does not have task details for the start step.

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Validation of mandatory fields:

a = executionContext.getVariable("firstName");
if (a==null || "".equals(a.trim()))
  throw new Exception("First name is mandatory");

a = executionContext.getVariable("lastName");
if (a==null || "".equals(a.trim()))
  throw new Exception("Last name is mandatory");

a = executionContext.getVariable("primaryGroup");
if (a==null || "".equals(a.trim()))
  throw new Exception("Primery group is mandatory");

return true;

To request the process is only allowed for Internal users:

userSelector = executionContext.getVariable("userSelector");
user = serviceLocator.getUserService().findUserByUserName(userSelector);
if (user.userType.equals("I") || user.userType.equals("S")) {
	throw new Exception ("To request the process is only allowed for Internal users");
}


Permissions management steps

Grant approval

Description

This step is used to define the custom form that will be used by the users who have to approve or reject the generated task. To configure that step will be necessary to determine the fields that will be shown to the users, and the actions that these users could perform.

Steps Tabs

Task details

To send mail, you will need to configure mail server parameters. You can visit the Soffid parameters page for more information.

image-1624346845355.png

Example Assignment script

If a user belongs to the primary group "World", the manager of that group will be responsible to approve or deny the request. If the primary group is another, the persona who will be responsible to approve or deny will be the manager of the parent group of that group. If there is not primary group, the request will be sent to the admin user.

primaryGroup = executionContext.getVariable("primaryGroup");
if (primaryGroup != null && !primaryGroup.equals("")) {
  	if (primaryGroup.equals("world")) {
      	manager = serviceLocator.getGroupService().findGroupByGroupName(primaryGroup).getAttributes().get("manager");
      	return manager;		
	} else {
      group = serviceLocator.getGroupService().findGroupByGroupName(primaryGroup);
	  if ( group.parentGroup != null && !group.parentGroup.equals("")) {
        	manager = serviceLocator.getGroupService().findGroupByGroupName(group.parentGroup).getAttributes().get("manager");
			return manager;
      }
    }
} else {
	return "admin";
}

Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab. By default, all the identity attributes will be shown. You can choose the fields you want to show, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

For each field, you may indicate if it is a readOnly field, and you may add a Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Example
if (value == null || value.equals(""))
  return ("The user is mandatory");
else 
  return true;

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Validation of mandatory fields:

a = executionContext.getVariable("firstName");
if (a==null || "".equals(a.trim()))
  throw new Exception("First name is mandatory");

a = executionContext.getVariable("lastName");
if (a==null || "".equals(a.trim()))
  throw new Exception("Last name is mandatory");

a = executionContext.getVariable("primaryGroup");
if (a==null || "".equals(a.trim()))
  throw new Exception("Primery group is mandatory");

return true;

To request the process is only allowed for Internal users:

userSelector = executionContext.getVariable("userSelector");
user = serviceLocator.getUserService().findUserByUserName(userSelector);
if (user.userType.equals("I") || user.userType.equals("S")) {
	throw new Exception ("To request the process is only allowed for Internal users");
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

To scroll through the list of values to perform some operations. 

grants = executionContext.getVariable("grants");
for (roleRequestInfo:grants) {
  // TO-DO
}


Permissions management steps

Apply changes

Definition

This step is used to apply the identity changes to the Soffid repository.

Steps Tabs

Task details


Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Scroll through the list of values to perform some operations. 

grants = executionContext.getVariable("grants");
for (roleRequestInfo:grants) {
  // TO-DO
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

If the user's country is Spain, it will delete all the groups to which the user belongs:

userName = executionContext.getVariable("userName");
user = serviceLocator.getUserService().findUserByUserName(userName);
country = user.getAttributes().get("country");
groups = serviceLocator.getGroupService().findUsersGroupByUserName(userName);

if (country.equals("ES")) {
	for (groupUser: groups) {
		serviceLocator.getGroupService().removeGroupFormUser(userName, groupUser.group);
	}
}



Permissions management steps

Custom

Definition

This step is used to define a custom script that will be executed 

Steps Tabs

Task details

All the process types have the same Task details for the Custom step:

Example
comments = executionContext.getToken().getComments();
selector = executionContext.getVariable("userSelector");
if (selector == null || selector.equals("")) {
     return ("The userName is mandatory");
}
user = serviceLocator.getUserService().findUserByUserName(selector);
if (user != null) {
  subject = "Soffid - Notification";
  message = "Automated mail sent ..............";
  
  if (comments != null && !comments.isEmpty()) {
    for (comment : comments) {
      message += comment.message;
    }
  }
  serviceLocator.getUserService().sendHtmlMailToActors(new String[]{user.userName}, subject, message);
}

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Scroll through the list of roles and the list of grant hierarchies to execute some actions.

userName = executionContext.getVariable("userName");

roleList = serviceLocator.getApplicationService().findRolesByUserName(userName);
for (role:roleList) {
  //TO-DO
}

user = serviceLocator.getUserService().findUserByUserName(userName);
roleGrantList = serviceLocator.getApplicationService().findRoleGrantHierarchyByUser(user.id);
for (roleGrant:roleGrantList) {
  //TO-DO
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Delete additional attribute

userName = executionContext.getVariable("userName");
attribute = serviceLocator.getUserService().findDataByUserAndCode(userName, "country");

if (attribute != null) {
  serviceLocator.getAdditionalDataService().delete(attribute);
}



Permissions management steps

Mail

Definition

This step allows you to configure the necessary parameters to send an email when the flow reaches this point. That mail will be an informative mail, and the receptor could not perform any action from the mail.

To send mail, you will need to configure mail server parameters. You can visit the Soffid parameters page for more information.

Steps Tabs

Task details

When you select the Mail Step type, you could configure the mail information to send and the recipients of that information.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Get the selected user, first name, and operation from the previous step:

selector = executionContext.getVariable("userSelector");
user = serviceLocator.getUserService().findUserByUserName(selector);
executionContext.setVariable("testName", user.firstName);
executionContext.setVariable("testOperation", "CHECK");

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Get the account list associated with a user to perform some actions:

userName = executionContext.getVariable("userName");
accountList = serviceLocator.getAccountService().findAccountByJsonQuery("name eq \"" + userName + "\" AND (type eq \"P\" or type eq \"S\" or type eq \"I\")");
for (account:accountList) {
  //TO-DO
}
                                                                        

* https://es.wikipedia.org/wiki/Expression_Language


Permissions management steps

Fork

Definition

This step is used to divide the workflow into two or more paths that will run in parallel, allowing multiple activities to run simultaneously.


/====> path 1 =====\

Fork ====                                                  ==> Join

\====> path 2 =====/


Steps Tabs

Task details

This process type does not have task details for the fork step.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

To scroll through the list of values to perform some operations. 

userName = executionContext.getVariable("userName");
requester = executionContext.getVariable("requester");
requesterName = executionContext.getVariable("requesterName");
grants = executionContext.getVariable("grants");

for (roleRequestInfo:grants) {
  // TO-DO
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Scroll through the list of roles and the list of grant hierarchies to execute some actions.

userName = executionContext.getVariable("userName");

roleList = serviceLocator.getApplicationService().findRolesByUserName(userName);
for (role:roleList) {
  //TO-DO
}

user = serviceLocator.getUserService().findUserByUserName(userName);
roleGrantList = serviceLocator.getApplicationService().findRoleGrantHierarchyByUser(user.id);
for (roleGrant:roleGrantList) {
  //TO-DO
}


Permissions management steps

Join

Definition

This step is used to combine two or more parallel paths into one path. 

Steps Tabs

Task details

This process type does not have task details for the fork step.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

To join some paths will be mandatory to add the incoming transitions from those forks. 

When you create an incoming transition, Soffid creates the proper outcoming transition.

image-1623748784180.png

Example

Delete additional attribute

userName = executionContext.getVariable("userName");
attribute = serviceLocator.getUserService().findDataByUserAndCode(userName, "country");

if (attribute != null) {
  serviceLocator.getAdditionalDataService().delete(attribute);
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Scroll through the list of roles to execute some actions.

userName = executionContext.getVariable("userName");

roleList = serviceLocator.getApplicationService().findRolesByUserName(userName);
for (role:roleList) {
  //TO-DO
}



Permissions management steps

End

Description

The end step finalizes the process. It is the last step of the workflow.

Steps Tabs

Task details

This process type does not have task details for the start step.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

To scroll through the list of values to perform some operations. 

userName = executionContext.getVariable("userName");
requester = executionContext.getVariable("requester");
requesterName = executionContext.getVariable("requesterName");
grants = executionContext.getVariable("grants");

for (roleRequestInfo:grants) {
  // TO-DO
}
Example

If the user's country is Spain, it will delete all the groups to which the user belongs:

userName = executionContext.getVariable("userName");
user = serviceLocator.getUserService().findUserByUserName(userName);
country = user.getAttributes().get("country");
groups = serviceLocator.getGroupService().findUsersGroupByUserName(userName);

if (country.equals("ES")) {
	for (groupUser: groups) {
		serviceLocator.getGroupService().removeGroupFormUser(userName, groupUser.group);
	}
}

Outgoing transitions

This step does not have outgoing transitions. It is the last step of the workflow.



Account reservation steps

Define the account reservation steps

Account reservation steps

Start

Definition

That is the first step of the workflow. At that step, you could define the fields you want to show when the end users. In that case, the request will be launched automatically when the end users request to use a privileged account to connect to a protected resource. 

Administrator users can define on XACML Policy Management page the rules to request the use of some privileged accounts.

Steps Tabs

Task details

This process type does not have task details for the start step.

Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab.

By default, only the fields defined on the attributes tab will be shown. You can choose the fields you want to show when the end-users, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

For each field, you may indicate if it is a readOnly field, and you may add a Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Validation examples
if (value == null || value.equals(""))
  throw new Exception("The userName is mandatory");
else 
  return true;

It is also allowed in the following manner:

if (value == null || value.equals(""))
  return ("The userName is mandatory");
else 
  return true;

Validate that a certain field is not repeated:

userList = serviceLocator.getUserService().findUserByJsonQuery("attributes.field_XX eq \"" + value +"\"");
if (!userList.isEmpty() {
  return "the field field_XX is associated to another user";
}
return true;
Visibility example


user = serviceLocator.getUserService().getCurrentUser();
if ("admin".equals(user.userName)) 
  return false;

Triggers

On the trigger tab, you could define different triggers using custom scripts. Those triggers will be launched with the events you will define.

Example
account = (inputFields.get("account")!=null) ? inputFields.get("account").value : null;
systemName = (inputFields.get("systemName")!=null) ? inputFields.get("systemName").value : null;
...........

Incoming transitions

This process type does not have task details for the start step.

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example
accounts = serviceLocator.getAccountService().findAccountByJsonQuery("name eq \"" + executionContext.getVariable("account") + "\"");
if (!accounts.isEmpty() {
	for (account:accounts) {
		owners = serviceLocator.getAccountService().getAccountUsers(account);
		// TO-DO
	}
}




Account reservation steps

Screen

Description

This step is used to define the custom form that will be used by the users who have to approve or to reject the generated task. To configure that step will be necessary to determine the fields that will be show to the users, and the actions that these users could perform.

Steps Tabs

Task details

In this tab you could configure next parameters:

Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab. By default, all the identity attributes will be shown. You can choose the fields you want to show, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

For each field, you may indicate if it is a readOnly field, and you may add a Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Example
if (value == null || value.equals(""))
  return ("The NIF is mandatory");
else 
  return true;

Trigger

On the trigger tab, you could define different triggers using custom scripts. Those triggers will be launched with the events you will define.

Example
requester = task.getVariables().get("requester");
systemName= task.getVariables().get("systemName");
.......

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Get the owners of an account and do something with each one.

accounts = serviceLocator.getAccountService().findAccountByJsonQuery("name eq \"" + executionContext.getVariable("account") + "\"");
if (!accounts.isEmpty() {
	for (account:accounts) {
		owners = serviceLocator.getAccountService().getAccountUsers(account);
		// TO-DO
	}
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Get the mail of the requester and send a notification.

requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester); 

serviceLocator.getMailService().sendTextMail(
  user.emailAddress,
  "Resquest Rejected",
  "XXXXXXXXXXXXX");

* https://es.wikipedia.org/wiki/Expression_Language


Account reservation steps

Apply changes

Definition

This step is used to assign permission to a user to access the protected resource.

Steps Tabs

Task details

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Get the mail of the requester and send a notification.

requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester); 

serviceLocator.getMailService().sendTextMail(
  user.emailAddress,
  "Resquest Rejected",
  "XXXXXXXXXXXXX");

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example
requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester);
.....



Account reservation steps

End

Description

The end step finalizes the process. It is the last step of the workflow.

Steps Tabs

Task details

This process type does not have task details for the start step.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Get the mail of the requester and send a notification.

requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester); 

serviceLocator.getMailService().sendTextMail(
  user.emailAddress,
  "Resquest Rejected",
  "XXXXXXXXXXXXX");

Outgoing transitions

This step does not have outgoing transitions, it is because is the last step of the workflow.



Permissons request steps

Define the Permissons request steps

Permissons request steps

Start

Definition

That is the first step of the workflow. At that step, you could define the fields you want to show when the end users. In that case, the request will be launched automatically when the end users request to use a privileged account to connect to a protected resource. 

Administrator users can define on XACML Policy Management page the rules to request the use of some privileged accounts.

Steps Tabs

Task details


Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab.

By default, only the fields defined on the attributes tab will be shown. You can choose the fields you want to show when the end-users, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

For each field, you may indicate if it is a readOnly field, and you may add a Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Validation examples
if (value == null || value.equals(""))
  throw new Exception("The userName is mandatory");
else 
  return true;

It is also allowed in the following manner:

if (value == null || value.equals(""))
  return ("The userName is mandatory");
else 
  return true;

Validate that a certain field is not repeated:

userList = serviceLocator.getUserService().findUserByJsonQuery("attributes.field_XX eq \"" + value +"\"");
if (!userList.isEmpty() {
  return "the field field_XX is associated to another user";
}
return true;
Visibility example


user = serviceLocator.getUserService().getCurrentUser();
if ("admin".equals(user.userName)) 
  return false;

Triggers

On the trigger tab, you could define different triggers using custom scripts. Those triggers will be launched with the events you will define.

Example
account = (inputFields.get("account")!=null) ? inputFields.get("account").value : null;
systemName = (inputFields.get("systemName")!=null) ? inputFields.get("systemName").value : null;
...........

Incoming transitions

This process type does not have task details for the start step.

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example
accounts = serviceLocator.getAccountService().findAccountByJsonQuery("name eq \"" + executionContext.getVariable("account") + "\"");
if (!accounts.isEmpty() {
	for (account:accounts) {
		owners = serviceLocator.getAccountService().getAccountUsers(account);
		// TO-DO
	}
}




Permissons request steps

Grant approval

Description

This step is used to define the custom form that will be used by the users who have to approve or reject the generated task. To configure that step will be necessary to determine the fields that will be shown to the users, and the actions that these users could perform.

Steps Tabs

Task details

To send mail, you will need to configure mail server parameters. You can visit the Soffid parameters page for more information.

image-1624346845355.png

Example Assignment script

If a user belongs to the primary group "World", the manager of that group will be responsible to approve or deny the request. If the primary group is another, the persona who will be responsible to approve or deny will be the manager of the parent group of that group. If there is not primary group, the request will be sent to the admin user.

primaryGroup = executionContext.getVariable("primaryGroup");
if (primaryGroup != null && !primaryGroup.equals("")) {
  	if (primaryGroup.equals("world")) {
      	manager = serviceLocator.getGroupService().findGroupByGroupName(primaryGroup).getAttributes().get("manager");
      	return manager;		
	} else {
      group = serviceLocator.getGroupService().findGroupByGroupName(primaryGroup);
	  if ( group.parentGroup != null && !group.parentGroup.equals("")) {
        	manager = serviceLocator.getGroupService().findGroupByGroupName(group.parentGroup).getAttributes().get("manager");
			return manager;
      }
    }
} else {
	return "admin";
}

Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab. By default, all the identity attributes will be shown. You can choose the fields you want to show, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

For each field, you may indicate if it is a readOnly field, and you may add Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Example
if (value == null || value.equals(""))
  return ("The user is mandatory");
else 
  return true;

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Validation of mandatory fields:

a = executionContext.getVariable("firstName");
if (a==null || "".equals(a.trim()))
  throw new Exception("First name is mandatory");

a = executionContext.getVariable("lastName");
if (a==null || "".equals(a.trim()))
  throw new Exception("Last name is mandatory");

a = executionContext.getVariable("primaryGroup");
if (a==null || "".equals(a.trim()))
  throw new Exception("Primery group is mandatory");

return true;

To request the process is only allowed for Internal users:

userSelector = executionContext.getVariable("userSelector");
user = serviceLocator.getUserService().findUserByUserName(userSelector);
if (user.userType.equals("I") || user.userType.equals("S")) {
	throw new Exception ("To request the process is only allowed for Internal users");
}

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example

Scroll through the list of values to perform some operations. 

grants = executionContext.getVariable("grants");
for (roleRequestInfo:grants) {
  // TO-DO
}

Permissons request steps

Apply changes

Definition

This step is used to assign permission to a user to access to the protected resource.

Steps Tabs

Task details

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Get the mail of the requester and send a notification.

requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester); 

serviceLocator.getMailService().sendTextMail(
  user.emailAddress,
  "Resquest Rejected",
  "XXXXXXXXXXXXX");

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example
requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester);
.....



Permissons request steps

End

Description

The end step finalizes the process. It is the last step of the workflow.

Steps Tabs

Task details

This process type does not have task details for the start step.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Get the mail of the requester and send a notification.

requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester); 

serviceLocator.getMailService().sendTextMail(
  user.emailAddress,
  "Resquest Rejected",
  "XXXXXXXXXXXXX");

Outgoing transitions

This step does not have outgoing transitions. It is the last step of the workflow.



Delegation roles steps

Define the Delegation roles steps

Delegation roles steps

Start

Definition

That is the first step of the workflow. At that step, you could define the fields you want to show when the end users. In that case, the request will be launched automatically when the end users request to use a privileged account to connect to a protected resource. 

Administrator users can define on XACML Policy Management page the rules to request the use of some privileged accounts.

Steps Tabs

Task details

This process type does not have task details for the start step.

Fields

In this tab, you could choose what fields the process form will show to the end users. You can choose these fields from all identity attributes, and from the attributes defined for the workflow on the Attributes Tab.

By default, only the Grant field defined on the attributes tab will be shown. You can choose the fields you want to show when the end-users, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to drag and drop on the Order column.

For each field, you may indicate if it is a readOnly field, and you may add a Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Validation examples
if (value == null || value.equals(""))
  throw new Exception("The userName is mandatory");
else 
  return true;

It is also allowed in the following manner:

if (value == null || value.equals(""))
  return ("The userName is mandatory");
else 
  return true;

Validate that a certain field is not repeated:

userList = serviceLocator.getUserService().findUserByJsonQuery("attributes.field_XX eq \"" + value +"\"");
if (!userList.isEmpty() {
  return "the field field_XX is associated to another user";
}
return true;
Visibility example

Triggers

On the trigger tab, you could define different triggers using custom scripts. Those triggers will be launched with the events you will define.

Example
account = (inputFields.get("account")!=null) ? inputFields.get("account").value : null;
systemName = (inputFields.get("systemName")!=null) ? inputFields.get("systemName").value : null;
...........

Incoming transitions

This process type does not have task details for the start step.

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example
accounts = serviceLocator.getAccountService().findAccountByJsonQuery("name eq \"" + executionContext.getVariable("account") + "\"");
if (!accounts.isEmpty() {
	for (account:accounts) {
		owners = serviceLocator.getAccountService().getAccountUsers(account);
		// TO-DO
	}
}




Delegation roles steps

Apply changes

Definition

This step is used to assign permission to a user to access the protected resource.

Steps Tabs

Task details

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Get the mail of the requester and send a notification.

requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester); 

serviceLocator.getMailService().sendTextMail(
  user.emailAddress,
  "Resquest Rejected",
  "XXXXXXXXXXXXX");

Outgoing transitions

The Outcoming transition tab displays the next steps where the flow can go from the current step. When you create a process from a template or from scratch default outcoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an outcoming transition, Soffid creates the proper incoming transition.

Example
requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester);
.....



Delegation roles steps

End

Description

The end step finalizes the process. It is the last step of the workflow.

Steps Tabs

Task details

This process type does not have task details for the start step.

Incoming transitions

The Incoming transitions tab displays the previous steps where the flow comes from. When you create a process from a template or from scratch default incoming transitions are defined. It is allowed to customize the default setup, add new transitions, or delete transitions.

When you create an incoming transition, Soffid creates the proper outcoming transition.
Example

Get the mail of the requester and send a notification.

requester = executionContext.getVariable("requester");
user = serviceLocator.getUserService().findUserByUserName(requester); 

serviceLocator.getMailService().sendTextMail(
  user.emailAddress,
  "Resquest Rejected",
  "XXXXXXXXXXXXX");

Outgoing transitions

This step does not have outgoing transitions. It is the last step of the workflow.



Examples

Self service portal examples

Examples

Self service portal examples

Introduction

Here we will try to explain some user cases about different types of process to know how that processes work. That processes will be a basic user cases, but you will be able to define process as much complex as your business needs.

For more information about the process definition you can visit the BPM Editor chapter.

The users configured like initiators in a User management process or in a Permission management process will be able to launch those processes. Those operations will be able to be performed from My Requests option.

User management

Update my data

Example

Process used to request to update my user data.

User request

Process uses to request to add, delete, modify or disable any user. That kind of process will be able to launch for users with the proper permissions that will be expecified on the process definition.

Example

Request to update the primary group of a user, and the admin user rejects that request.

Example

Request to update the primary group of a user, and the admin user approves that request.

Example

Request to create a new user. That workflow uses the Detect duplicated user funtionality.

Process management

Permission request

Example

Request to assign permissions to a user.

Example

Users in charge of assigning or denying permissions, could do that from the mail if Soffid is configured in that way. Users will receive an email similar to the following one:

image-1624959311914.png




Examples

Sample Scripts BPM

Start Step

Validations

a = executionContext.getVariable("firstName");
if (a==null || "".equals(a.trim()))
  throw new Exception("First name is mandatory");
  
a = executionContext.getVariable("lastName");
if (a==null || "".equals(a.trim()))
  throw new Exception("Last name is mandatory");
  
..................

a = executionContext.getVariable("userName");
lu = serviceLocator.getUserService().findUserByJsonQuery("userName eq \""+a+"\" ");
if (!lu.isEmpty())
  throw new Exception("The user name is in use, please choose another one");
  
e = executionContext.getVariable("emailAddress");
lu = serviceLocator.getUserService().findUserByJsonQuery("emailAddress eq \""+e+"\" ");
if (!lu.isEmpty())
  throw new Exception("The email is in use, please choose another one");

.................

return true;

Trigger onChange

Calculate the email when firstName or lastName changes and depending on the userType: 

firstName   = (inputFields.get("firstName")!=null) ? inputFields.get("firstName").value : null;
lastName    = (inputFields.get("lastName")!=null) ? inputFields.get("lastName").value : null;
userType    = (inputFields.get("userType")!=null) ? inputFields.get("userType").value : null;

if (firstName!=null && !firstName.trim().isEmpty() &&
    lastName!=null && !lastName.trim().isEmpty() &&
    userType!=null && !userType.trim().isEmpty()) {
  
   emailAddress = firstName + "." + lastName;
  
   if ("E".equals(userType)) {
   		emailAddress = emailAddress + ".ext@soffid.com";
   } else {
     	emailAddress = emailAddress + "@soffid.com";
   }
  inputFields.get("emailAddress").value = emailAddress; 
}

Calculate the user name depending on the first and last name

firstName = (inputFields.get("firstName")!=null) ? inputFields.get("firstName").value : null;
lastName = (inputFields.get("lastName")!=null) ? inputFields.get("lastName").value : null;
middleName = (inputFields.get("middleName")!=null) ? inputFields.get("middleName").value : null;
userType = (inputFields.get("userType")!=null) ? inputFields.get("userType").value : null;
primaryGroup = (inputFields.get("primaryGroup")!=null) ? inputFields.get("primaryGroup").value : null;

if (firstName!=null && !firstName.trim().isEmpty() &&
    lastName!=null && !lastName.trim().isEmpty()) {
  
  // Erase blanck spaces
  while (firstName.contains("  "))
    firstName = firstName.replace("  "," ");
  fn = firstName.trim().split(" ")[0];
  fn = fn.substring(0,1).toUpperCase() + fn.substring(1).toLowerCase();
  
  // Erase blanck spaces
  while (lastName.contains("  "))
    lastName = lastName.replace("  "," ");
  lna = lastName.trim().split(" ");
  ln = "";
  for (w : lna) {
    ln = ln + w.substring(0,1).toUpperCase() + w.substring(1).toLowerCase();
  }
  un = fn+"."+ln;
  // Check, if user exist we will add the first letter of the second name
  u = serviceLocator.getUserService().findUserByUserName(un);
  if (u!=null && middleName!=null && !middleName.trim().isEmpty()) {
    un = un+middleName.substring(0,1).toUpperCase();
  }
  // Max length 20 characters
  if (un.length()>20)
    un = un.substring(0,20);
  inputFields.get("userName").value = un;
}

Outgoing transitions

Set values to variables that will be available in the next step.

un = executionContext.getVariable("userName");
executionContext.setVariable("userSelector",un);
executionContext.setVariable("action","M");

Approve

Outgoing transitions

Remove a previous roles

un = executionContext.getVariable("userName");
t = executionContext.getVariable("title");
lra = serviceLocator.getApplicationService().findUserRolesByUserName(un);
for (ra : lra) {
  if (ra.roleName.equals(t)) {
    serviceLocator.getApplicationService().delete(ra);
    break;
  }
}

Save new role

p = executionContext.getVariable("newTitle");
if (p==null || "".equals(p.trim()))
  throw new Exception("El nuevo puesto de trabajo es obligatorio");

executionContext.setVariable("title", p)

End Step

Incoming transition

Add a role to the user in case the role exists and it is the same that the user title.

SYS = "soffid";

un = executionContext.getVariable("userName");
if (un==null)
  return true;

t = executionContext.getVariable("title");
if (t==null)
  return true;

q  = "name eq \""+t+"\" and system eq \""+SYS+"\"";
lr = serviceLocator.getApplicationService().findRoleByJsonQuery(q);
if (lr==null || lr.isEmpty())
  return true;

r = lr.get(0);
app = r.informationSystemName;

ra = new com.soffid.iam.api.RoleAccount();
ra.setRoleName(t);
ra.setSystem(SYS);
ra.setInformationSystemName(app);
ra.setUserCode(un);
ra.setDomainValue(new com.soffid.iam.api.DomainValue());
serviceLocator.getApplicationService().create(ra);
return true;