To enable an existing directory role in Azure Active Directory, use the Enabling Azure Roles built-in workflow. This workflow uses two other built-in resources:
By default, the Enabling Azure Roles workflow is disabled, as One Identity recommends using it as a template for custom workflows that would use the required values in the script, such as the directory role display name.
The Enabling Azure Roles workflow is located in the Configuration > Policies > Workflow > Builtin container of the Active Roles Console (also known as the MMC interface). The required Enabling Azure Roles script is located in the Configuration > Policies > Script Modules > Builtin container.
In Active Roles, administrators can configure workflow activities of the pre-defined types that are installed with Active Roles. By default, the list of activities in the Workflow Designer contains only the pre-defined activity types, such as Approval Activity or Notification Activity. It is possible to extend the list by adding new types of activity.
Each activity type determines a certain workflow action (for example, originating an approval task or notification) together with a collection of activity parameters to configure the workflow action (for example, parameters that specify the approvers or notification recipients). Active Roles builds upon this concept, providing the ability to implement and deploy custom types of workflow activity. It enables custom activity types to be created as necessary, and listed in the Workflow Designer along with the pre-defined activity types, allowing administrators to configure workflow activities that perform custom actions determined by those new types of workflow activity.
Active Roles allows the creation of custom activities based on the Script Activity built-in activity type. However, creating and configuring a script activity from scratch can be time-consuming. Custom activity types provide a way to mitigate this overhead. Once a custom activity type is deployed that points to a particular script, administrators can easily configure and apply workflow activities of that type, having those activities perform the actions determined by the script. The activity script also defines the activity parameters specific to the activity type.
Custom activity types provide an extensible mechanism for deploying custom workflow activities. This capability is implemented by using the Policy Type object class. Policy Type objects can be created by using the Active Roles console, with each object representing a certain type of custom workflow activity.
The extensibility of workflow activity types is designed around two interactions: activity type deployment and activity type usage.
The deployment process involves the development of a script that implements the workflow action and declares the activity parameters the creation of a Script Module containing that script and the creation of a Policy Type object referring to that Script Module. To deploy an activity type to a different environment, you can export the activity type to an export file in the source environment and then import the file in the destination environment. The use of export files makes it easy to distribute custom activity types.
