Chat now with support
Chat with Support

Password Manager 5.8.2 - Administrator Guide (AD LDS edition)

About Password Manager Getting Started Upgrading Password Manager to 5.8.1 Password Manager Architecture Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings Password Policies One Identity Hybrid Subscription One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

Workflow Overview

Workflow Overview

Workflows allow an administrator to define the behavior of Password Manager: what tasks and with what configuration are available to users and helpdesk operators. Workflows are divided into two categories: self-service and helpdesk.

Self-service workflows define the behavior of the Self-Service site. All configured and enabled self-service workflows will be available on the Self-Service site as tasks available to Password Manager users. To modify the task behavior, edit the corresponding workflow.

Helpdesk workflows define the behavior of the Helpdesk site. All configured and enabled helpdesk workflows will be available on the Helpdesk site as tasks available to helpdesk operators. To modify the task behavior, edit the corresponding workflow.

Workflow Structure

Workflow Structure

A workflow consists of activities; each activity can be configured independently of other activities.

Activities are grouped into three categories: authentication, actions and notifications. You can also create custom activities. For more information, see Custom Activities.

Authentication activities are a group of activities that provide different authentication options, for example authentication with password or Questions and Answers profiles, or phone-based authentication.

The actions category includes activities that are core components of the workflows, for example Unlock Account, Edit Q&A Profile, Reset Password, and other activities.

Notification activities are activities that you can use to configure email notifications for users and administrators, and specify conditions under which the notifications should be sent.

All available activities are displayed in the left pane of a workflow designer. To add an activity to a workflow, simply drag the activity to the right pane of the workflow designer. To remove an activity, click the Remove link on the activity box.

The right pane of the workflow designer displays a workflow structure: which activities should be performed and in what order. The activities are executed in the order they appear in the workflow designer. You can change their order by moving activities up or down in the workflow designer.

Workflow State

Workflow State

A workflow can be in one of the three states: success, failure, critical error. These states determine how a workflow is performed, i.e. what activities are executed.

If no errors occur during a workflow execution, the workflow state is success. In this state, all activities present in the workflow are performed except Email user if workflow fails, Email administrator if workflow fails, Lock Q&A profile, and Restart workflow if error occurs.

If an error occurs when performing an activity, the failure state is set for the workflow. After this, only the following activities are performed (if such activities are present in the workflow): Email user if workflow fails, Email administrator if workflow fails, Lock Q&A profile, and Restart workflow if error occurs. Note that the Restart workflow if error occurs activity resets the workflow state to success and reruns the workflow from the beginning.

If a critical error occurs, for example user’s account or Q&A profile gets locked, the critical error state is set for the workflow. Then only the Email user if workflow fails and Email administrator if workflow fails activities are performed, if they are included in the workflow. After these activities are performed, the workflow is stopped.

Workflow Settings

Workflow Settings

For each workflow you can set the availability settings (whether the workflow is enabled and displayed on the Self-Service or Helpdesk site) and the language settings.

The language settings allow you to specify a custom name and description of a workflow for the Self-Service or Helpdesk site in the default and additional languages (only the languages to which the Self-Service and Helpdesk sites are localized are available).

To specify language settings

  1. On the Home page of the Administration site, click the required workflow, hover over the workflow designer, and click Workflow settings.
  2. On the Languages tab of the Workflow Settings dialog box, edit the workflow name and the description in the default language, and click OK.
  3. To edit the workflow name and the description in other languages, click Add new language, select a language, enter the name and the description in the selected language and click OK.

To specify availability settings

  1. On the Home page of the Administration site, click the required workflow, hover over the workflow designer, and click Workflow settings.
  2. On the Availability tab of the Workflow Settings dialog box, specify the following options in the Enable the workflow section:
    • Always - select this option to make the workflow permanently enabled for users on the Self-Service site or for helpdesk operators on the Helpdesk site.
    • Never - select this option to permanently disable the workflow on the Self-Service or Helpdesk site. Users or helpdesk operators will not be able to use the workflow.
    • Depending on the current user status - select this option to enable workflows on the Self-Service or Helpdesk site according to the user status. The following are the default criteria for enabling and disabling workflows on the Self-Service site: if a user is not registered with Password Manager, only My Questions and Answers Profile and I Have a Passcode workflows are enabled, if the user’s account is locked, but the user is registered, then Forgot My Password, Unlock My Account and I Have a Passcode workflows are enabled. If the user’s Q&A profile is locked, then no workflows are enabled on the Self-Service site, and the user should contact help desk. The following are the default criteria for enabling and disabling workflows on the Helpdesk site: if the user is not registered, then Reset Password, Unlock Account, and Assign Passcode workflows are enabled. If the user’s account or Q&A profile is locked, but the user is registered, then all helpdesk workflows are enabled.
  3. In the Show the workflow section, specify the following options and click OK:
    • Always - select this option to permanently display the workflow on the Self-Service or Helpdesk site. The workflow may be enabled or disabled.
    • Never - select this option to permanently hide the workflow on the Self-Service or Helpdesk site. The workflow may be enabled or disabled.
    • Only if the workflow is enabled - select this option to show the workflow on the Self-Service or Helpdesk site only when the workflow is enabled.
Related Documents