To extend and customize the functionality provided by built-in workflows for your organization, create custom workflows. Similar to the built-in workflows, you can create 2 types of custom workflows: Self-Service and Helpdesk workflows.
To create a custom workflow
-
To open the Add New Workflow dialog, in the Password Manager Administration Site, under Home > <management-policy>, click New Workflow at the heading of the management policy for which you want to configure the new workflow.
-
In the Select the workflow type drop-down list, select the site where the workflow must appear (Self-Service Site or Helpdesk Site).
-
Enter the Workflow name.
-
Enter a Workflow description.
-
To apply your changes, click Save.
|
TIP: Consider the following when creating a new workflow:
-
When you add a new custom workflow, it does not contain any activities. To add activities, click the workflow to open the Workflow Designer.
-
You must specify the name and description for each workflow in the default language used on the Self-Service Site or Helpdesk Site. However, in addition, you can also specify the workflow name and description in other languages, as long as localization for those languages is available in the Self-Service Site and Helpdesk Site. For more information on configuring language settings, see Workflow settings. |
|
NOTE: Custom workflows appear on the Password Manager Self-Service Site for users even if the Enable the workflow setting is set to Depending on the current user status and the Show the workflow setting is set to Only if the workflow is enabled.
To force these settings for custom workflows
-
Stop the Password Manager Service.
-
Open the C:\ProgramData\One Identity\Password Manager\Shared.storage file.
-
Replace the <DisabledReasons /> line with the following entry: <disabledReasons>
<reason name="userRegistered" value="DisableIfFalse" />
</disabledReasons>
-
Save the file, then restart the Password Manager Service. |
To share your configured workflows among management policies, import and export the workflows between them.
Prerequisites
Importing and exporting workflows between management policies is available only if you enable extensibility features.
To enable extensibility features
-
On the Password Manager Administration Site, navigate to General Settings > Extensibility.
-
Select Extensibility on.
-
To apply your changes, click Save.
To export a workflow
-
On the Password Manager Administration Site, under Home > <management-policy>, click the workflow of a management policy you want to export.
-
On the page of the workflow, click Export workflow. Depending on the browser settings, the workflow is then either downloaded to the default download folder, or you can specify the download location.
To import a workflow
|
IMPORTANT: Before importing a workflow, consider the following:
-
If you import a workflow, Password Manager for AD LDS will replace existing workflows with the same name. To avoid accidental overwrites, One Identity recommends backing up existing workflows by exporting them when prompted.
-
One Identity strongly recommends auditing scripts of custom activities in imported workflows before using them in a production environment. This is required because attackers could potentially access sensitive information via PowerShell scripts in a custom activity. Make sure you import workflows from a trusted source only.
-
If the imported workflow contains activities that are missing from the current configuration, import the missing activities first (from the same workflow archive file), then import the workflow. |
-
On the Password Manager Administration Site, under Home > <management-policy>, navigate to the management policy for which you want to import a new workflow, then click Import Workflow.
-
To select the workflow archive file, in the Import Workflow dialog, click Upload, then click OK.
-
To perform the import, click OK. If the import procedure would overwrite an existing workflow with the same name, click the link to export the affected workflow.
Custom Activities
There are two options to create a custom activity: you can create a custom activity from scratch or convert a built-in activity to custom.
For any custom activity, you can specify a display name, a short name (used to address the activity in scripts), a description (used on the Administration site), and add PowerShell script to the activity. When you create the custom activity from scratch, you can also select user interface elements and enter the main instruction for the page of the Self-Service or Helpdesk site that will be displayed when the activity is executed.
Note, that you cannot specify any user interface elements for custom activities converted from built-in ones. If you want set user interface elements for your custom activity, create it from scratch.
For more information on writing PowerShell scripts for custom activities, refer to the Password Manager SDK.
|
IMPORTANT: Note, you can create custom activities only after you turn on the extensibility features. You can turn on the extensibility features on the General Settings tab of the Administration site. |
When you use custom activities in your workflows, you need to understand how shared settings of custom activities work.
All settings (display name, short name, description, PowerShell script, and user interface elements) that you specify for custom activities created from scratch are shared i.e. if you modify any of these settings for a custom activity included in or excluded from a workflow, the changes will be automatically propagated to all instances of this activity in all workflows and Management Policies.
If you create a custom activity by converting a built-in activity, the custom activity has two types of settings: built-in and shared. Built-in settings are the settings inherited from the built-in activity. Such settings are not shared: if you modify them, the changes will be applied only to the current activity instance. But if you modify the shared settings (display name, short name, description, PowerShell script), such changes will be propagated throughout all instances of this activity.
For example, if you modify the PowerShell script for your custom activity “My Custom CAPTCHA”, when you save the activity, the updated settings will be applied to all instances of the “My Custom CAPTCHA” activity used in other workflows and Management Policies. But if you modify the built-in setting (noise level) of the “My Custom CAPTCHA” activity, when you save the activity, the changes will be applied only to this instance of the activity. The noise level setting of other instances of the “My Custom CAPTCHA” activity will not be changed.