Approval workflow complements automated policies, to make provisioning and deprovisioning decisions based on human input. While automated policies require no manual intervention, approval-based fulfillment of administrative operations adds to process automation the ability to manually accept or deny operation requests, and to monitor the execution of request-processing tasks to ensure they are responded in a timely manner.
Approval workflow can service a range of requests, which are user actions intended to perform administrative operations. Examples of such operations include the creation, modification, and deprovisioning of user accounts.
When a requested operation requires permission from certain individuals in an organization, a workflow can be started to coordinate the approval process. The system only performs the requested operation after approval is given by an authorized person.
Active Roles administrators can create and configure approval workflows by using the Workflow Designer-a graphical tool provided in the Active Roles console for constructing workflows. When designing an approval workflow, the administrator specifies which kind of operation causes the workflow to start, and adds approval rules to the workflow. The approval rules determine who is authorized to approve the operation, the required sequence of approvals, and who needs to be notified of approval tasks or decisions.
The approval workflow solution provided by Active Roles includes:
- The Workflow Designer for constructing workflows, available from the Active Roles console. You use the Workflow Designer to configure an approval workflow by adding approval activities to the workflow definition.
- The directory management interfaces, such as the Web Interface or Active Roles Console for submitting operation requests for approval. For example, approval workflow could be configured so that the creation of a user account via Active Roles starts the approval workflow instead of immediately executing the user creation operation.
- The approval-related section of the Web Interface to manage operation requests. This section provides a “to-do” list of the approval tasks a designated user has to carry out, allowing the user to perform tasks such as approving or rejecting operation requests.