Skip to main content

User management

Description

The user management process type is used to define business processes to create and update identities and their attributes.

You can use the default template included on Soffid BPM Editor and custom it with your business needs. Also you can import a .pardef file with the process definition.

That process is defined by default with 4 steps, but you can add new , delete and update steps to customize your business process. You can visit the Step types chapter to get information about other steps.

  • Start
  • Approve 
  • Apply changes
  • End

We will use two concepts to explain that process, identity and end-user. Identity will be the idententity or user that will be created, updated or deleted in Soffid Console. The end-user is referred to a user of Soffid that will request for processes using the self service portal.

Process steps

Start

That is the start point of the workflow. At that step, you could define the fields you want to show when the end-users will go to generate a task and the transitions available.

Task detail

This step type does not have task details.

Fields

By default, all the identity attributes will be shown, and an additional field called Action. You can choose the fields you want to show when the end-users, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to do drag and drop on the Order column.

The Action field is a droplist that will allow end-users to select one of different options to perform. Depending on the selected option, one field or another will be shown automatically on the form to fill in. 

The available actions, defined by default on the Attributes tab:

  • Add user: action uses to generate a task to create a new identity (a new identities). 
  • Enable user: action uses to  create a task to enable a identity who is disabled.
  • Modify user: action uses to create a task to modify identity attributes.
  • Disable user: action uses to create a task to disble identity.

To enable, modify or disable a idnetity, you need to add a field with the name userSelector. That field will be available, to end-users,  to select an existing identity when select one of that options. When you select a identity, all the existing identity attributes will be shown to the end-user.

If you select the "Add user" option, the field userSelector will no be available for the end-user.

For each field, you may indicate if it is a readOnly field, and you may add Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Trigger

For more information visit the Triggers Tab page

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

Screen

Task detail

On Task detail Tab you can define the rules for the new task that will be created.

  • Task name: identified name for the task that will be created.created when the workflow is request.
  • Actor(s) expression: write an expression to identify the actor depending on the requested role. One can use EL expressions (*) based on role and application attributes. For instance: SOFFID_MANAGER/${primaryGroup}
  • Assignment script: alternatively, write a Beanshell script to return the actor depending on the process variables. For instance: return primaryGroup.attributes{"owner"};
  • Approve from email: checked it to allows you to send a mail for approval the task.

Fields 

On the Fields tabs, you can define the identity attributes that will be shown on the end-user form. By default, all the identity attributes will be shown. You can choose the fields you want to show when the end-users will be generating a task, add new fields, and delete the fields that do not need to generate a task. Also, you can sort the fields, you only need to do drag and drop on the Order column.

For each field you may indicate if it is a readOnly field, and you may add Validation script and Visibility script. The validation script allows you to define rules, the field has to comply with these rules. The visibility script allows you to define the rules to show or hide a field.

Trigger

For more information visit the Triggers Tab page

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

Apply changes

When you select the Apply changes Step type, you could select or unselect the available options.

  • Apply users changes: check it (selected option Yes) to make changes to users on Soffid repository.
  • Apply entitlements: check it (selected option Yes) to  macke changes to permissions on Soffid repository.

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

End

That is the last point of the workflow. When the workflow get that point, the workflow will be finished.

At this step you can configure the incoming transition by adding script Action. That step does not have task detail or outgoing transitions.

Incoming transitions

For more information visit the Incoming transitions Tab page

Outgoing transitions

For more information visit the Outgoing transitions Tab page

Other available steps

You can find other available steps to customize your business workflows. Visit that Other step types chapter.

Attributes

On the Attributes tab is allowed creating custom attributes to be used to configure the workflow. The defined attributes will be used in the Steps tab to be mapped with the Soffid data.

There are customized templates depending on the Process Type selected, for the User management type there are three attributes defined:

  • action: by default, there are 4 operation defined, but you can customize these options, adding, removing and updating these:
    • Add user: allows you to add a new identity to the systems.
    • Enable user: allows you to enable a identity who is disabled.
    • Modifiy user: allows you to modify the attributes for an existing identity.
    • Disable user: allows you to disable a identity who is enabled.
  • grants: allows you to select a information systems and assign or revoke permissions.
  • userSelector: allows you to select an existing identity. That component will be available when the action selected will be "Enable user", "Modify user" or "Disable user", in other case, that component will not be displayed. That component allows to end-user to search identies writing in an input field o searching with the searching view.

You can customize attributes to adapt the workflow to your business process. 

Actions

Save

Allows you to save all changes included in the workflow. That workflow can be a new or an update workflow.

Save and Publish

Allows you to save the changes performed in the workflow setup and also publish the workflow to be used in Soffid. After this action, the last version of the workflow will be available for the end-user (with the proper permissions) in the Soffid Console and Self-service portal.

Cancel

Allows you to quit the process editor without saving changes. Soffid will ask you for confirmation to exit without saving updates

 

* https://es.wikipedia.org/wiki/Expression_Language

 

Back to top