Skip to main content

User management

Description

The user management process type is used to define processes to create and update identities and their attributes.

You can use the default template included on Soffid BPM Editor and custom it with your business needs. Also you can import a .pardef file with the process definition.

To that process, workflow is defined 4 default steps.

  • Start
  • Approve 
  • Apply changes
  • End

You could add new steps, delete steps, and custom steps to define your process workflow.

We will use two concepts to explain that process, identity and final user. Identity will be the idententity or user that will be created, updated or deleted in Soffid Console. The final user is referred to a user of Soffid that will request for processes using the self service portal

Process steps

Start

That is the start point of the workflow. At that step, you could define the fields you want to show when the final users will go to generate a task and the transitions available.

Task detail

This step type does not have task details.

Fields

By default, all the identity attributes will be shown, and an additional field called Action. You can choose the fields you want to show when the final users, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to do drag and drop on the Order column.

The Action field is a droplist that will allow final users to select one of different options to perform. Depending on the selected option, one field or another will be shown automatically on the form to fill in. 

The available actions, defined by default on the Attributes tab:

  • Add user: action uses to generate a task to create a new identity (a new identities). 
  • Enable user: action uses to  create a task to enable a identity who is disabled.
  • Modify user: action uses to create a task to modify identity attributes.
  • Disable user: action uses to create a task to disble identity.

To enable, modify or disable a idnetity, you need to add a field with the name userSelector. That field will be available, to final users,  to select an existing identity when select one of that options. When you select a identity, all the existing identity attributes will be shown to the final user.

If you select the "Add user" option, the field userSelector will no be available for the final user.

For each field, you may indicate if it is a readOnly field, and you may add Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Trigger

For more information visit the Triggers Tab page

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

Screen

Task detail

On Task detail Tab you can define the rules for the new task that will be created.

  • Task name: identified name for the task that will be created.
  • Actor(s) expression: write an expression to identify the actor depending on the requested role. One can use EL expressions (*) based on role and application attributes. For instance: SOFFID_MANAGER/${primaryGroup}
  • Assignment script: alternatively, write a Beanshell script to return the actor depending on the process variables. For instance: return primaryGroup.attributes{"owner"};
  • Approve from email: checked it to allows you to send a mail for approval the task.

Fields 

On the Fields tabs, you can define the identity attributes that will be shown on the final user form. By default, all the identity attributes will be shown. You can choose the fields you want to show when the final users will be generating a task, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to do drag and drop on the Order column.

For each field you may indicate if it is a readOnly field, and you may add Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Trigger

For more information visit the Triggers Tab page

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

Apply changes

When you select the Apply changes Step type, you could select or unselect the available options.

  • Apply users changes: check it (selected option Yes) to make changes to users on Soffid repository.
  • Apply entitlements: check it (selected option Yes) to  macke changes to permissions on Soffid repository.

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

End

That is the last point of the workflow. When the workflow get that point, the workflow will be finished.

At this step you can configure the incoming transition by adding script Action. That step does not have task detail or outgoing transitions.

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

Other available steps

You can find other available steps to customize your business workflows. Visit that Other step types chapter.

Attributes

On the Attributes tab is allowed creating custom attributes to be used to configure the workflow. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.


There are customized templates depending on the Process Type selected, for the User management type there are three attributes defined:

  • action: by default, there are 4 operation defined, but you can customize these options, adding, removing and updating these:
    • Add user: allows you to add a new identity to the systems.
    • Enable user: allows you to enable a identity who is disabled.
    • Modifiy user: allows you to modify the attributes for an existing identity.
    • Disable user: allows you to disable a identity who is enabled.
  • grants: allows you to select a information systems and assign or revoke permissions.
  • userSelector: allows you to select an existing identity. That component will be available when the action selected will be "Enable user", "Modify user" or "Disable user", in other case, that component will not be displayed. That component allows to final user to search identies writing in an input field o searching with the searching view.

You can customize attributes to adapt the workflow to your business process. 

* https://es.wikipedia.org/wiki/Expression_Language

 

Back to top