API tools faq
paste
Advertisement
Guest User

LCM Registration

a guest
Feb 11th, 2016
475
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
XML 14.71 KB | None | 0 0
raw download clone embed print report
  1. <?xml version='1.0' encoding='UTF-8'?>
  2. <!DOCTYPE Workflow PUBLIC "sailpoint.dtd" "sailpoint.dtd">
  3. <Workflow created="1382130747909" handler="sailpoint.api.StandardWorkflowHandler" id="ff80808141cd695e0141cd698a05001d" libraries="Identity,BatchRequest" name="LCM Registration" taskType="LCM" type="LCMRegistration">
  4.   <Variable initializer="true" name="transient">
  5.     <Description>
  6.       Set to false to cause workflow-related objects, such as approval
  7.       work items, to be saved in the database even if they are only
  8.       viewed by the person registering.
  9.     </Description>
  10.   </Variable>
  11.   <Variable input="true" name="batchRequestItemId">
  12.     <Description>
  13.       Used by the batch interface to record back individual request item status. The specific item id for the individual request in the batch file.  
  14.     </Description>
  15.   </Variable>
  16.   <Variable initializer="Registration" name="flow">
  17.     <Description>
  18.       The name of the LCM flow that launched this workflow.
  19.     </Description>
  20.   </Variable>
  21.   <Variable editable="true" name="optimisticProvisioning">
  22.     <Description>
  23.       Set to true to enable optimistic provisioning.  This will cause
  24.       changes to the entitlements compiled from role assignments to be
  25.       applied immediately to the identity cube rather than waiting
  26.       for the next refresh/reaggregation after the provisioning system
  27.       completes the request.
  28.     </Description>
  29.   </Variable>
  30.   <Variable editable="true" initializer="true" name="foregroundProvisioning">
  31.     <Description>
  32.       Normally provisioning is done in a step that uses the "backgroud"
  33.       option to force the workfow to be suspend and be resumed in a
  34.       background task thread.  This prevents the browser session from
  35.       hanging since provision can sometimes take a long time.  For demos
  36.       and testing it can be better to do this in the foreground so that
  37.       provisioning will have been performed when control is returned to the
  38.       user.  This prevents having to run the Perform Maintanance task to
  39.       see the resutls of the request.
  40.     </Description>
  41.   </Variable>
  42.   <Variable editable="true" name="doRefresh">
  43.     <Description>
  44.       Set to true to cause an identity refresh after the changes in the plan
  45.       have been provisioned.  This is normally off, you might want this on
  46.       if you want modification of identity or link attributes to result in
  47.       an immediate re-evaluation of assigned and detected roles.
  48.     </Description>
  49.   </Variable>
  50.   <Variable initializer="Normal" input="true" name="workItemPriority">
  51.     <Description>
  52.        The String version of a WorkItem.Priority. This variable is
  53.        used to set the priority on all of the workitems generated
  54.        as part of this workflow and also set on the IdentityRequest
  55.        object.
  56.     </Description>
  57.   </Variable>
  58.   <Variable initializer="user,manager" input="true" name="notificationScheme">
  59.     <Description>
  60.      A string that specifies who should be notified when the request has been complete.
  61.      The value can be null or a csv of one or more of the following options.
  62.  
  63.      none or null
  64.        disable notifications
  65.  
  66.      user
  67.        Identity that is registering will be notified.
  68.  
  69.      manager
  70.        The manager of the Identity that is being updated will be notified.
  71.  
  72.      securityOfficer
  73.        The identity named in the variable securityOfficerName will be notified.
  74.     </Description>
  75.   </Variable>
  76.   <Variable initializer="LCM Registration User Notification" input="true" name="userEmailTemplate">
  77.     <Description>
  78.      The email template to use for user notification.
  79.     </Description>
  80.   </Variable>
  81.   <Variable initializer="LCM Registration Manager Notification" input="true" name="managerEmailTemplate">
  82.     <Description>
  83.      The email template to use for manager notification.
  84.     </Description>
  85.   </Variable>
  86.   <Variable initializer="LCM Registration Security Officer Notification" input="true" name="securityOfficerEmailTemplate">
  87.     <Description>
  88.      The email template to use for security officer notification.
  89.     </Description>
  90.   </Variable>
  91.   <Variable initializer="serial" input="true" name="approvalMode">
  92.     <Description>
  93.      A string that specifies how we should handle the approvals.  
  94.  
  95.      By default this is serial since most of these request with
  96.      the exception of manager transfers will have only one approver.
  97.  
  98.      parallel
  99.        Approvals are processed concurrently and there must be consensus,
  100.        we wait for all approvers to approve.  The first approver that
  101.        rejects terminates the entire approval.
  102.  
  103.      parallelPoll
  104.        Approvals are processed concurrently but consensus is not required.
  105.        All approvals will be process, we don't stop if there any
  106.        rejections.  
  107.  
  108.      serial
  109.        Approvals are processed one at a time and there must be consensus.
  110.        The first approver that rejects terminates the entire approval.
  111.  
  112.      serialPoll
  113.        Approvals are processed in order but consensus is not required.
  114.        All approvals will be processed, we don't stop if there are any
  115.        rejections.  In effect we are "taking a poll" of the approvers.
  116.  
  117.      any
  118.       Approvals are processed concurrently, the first approver to
  119.       respond makes the decision for the group.
  120.     </Description>
  121.   </Variable>
  122.   <Variable initializer="securityOfficer" input="true" name="approvalScheme">
  123.     <Description>
  124.       A csv string that specifies how approvals should be generated for
  125.       the incoming request.
  126.  
  127.       The value can be any of the values below, combined together but
  128.       are always processed in this order:
  129.  
  130.       1. manager
  131.       2. securityOfficer
  132.  
  133.       Any rejected items from previous approvals will be omitted from the  
  134.       next phase of approvers.
  135.  
  136.       none - disabled approvals
  137.  
  138.       manager - The manager will get all approvals
  139.  
  140.       securityOfficer - The identity named in the variable securityOfficerName.
  141.     </Description>
  142.   </Variable>
  143.   <Variable initializer="LCM Registration Approval" input="true" name="approvalEmailTemplate">
  144.     <Description>
  145.      The email template to use for approval notifications.
  146.     </Description>
  147.   </Variable>
  148.   <Variable input="true" name="securityOfficerName">
  149.     <Description>
  150.        The name of the identity that will be sent approvals
  151.        during security officer approvals.
  152.     </Description>
  153.   </Variable>
  154.   <Variable initializer="spadmin" input="true" name="fallbackApprover">
  155.     <Description>
  156.       A String that specifies the name of the Identity that will
  157.       be assigned any approvals where the owner of the approver
  158.       can't be resolved. Example if the scheme is "owner" and the
  159.       application doesn't specify and owner.
  160.     </Description>
  161.   </Variable>
  162.   <Variable initializer="continue" input="true" name="policyScheme">
  163.     <Description>
  164.       A String that specifies how policy checks effect the overall
  165.       process.
  166.  
  167.       none - disabled policy checking
  168.  
  169.       fail -  fail and exit the workflow if any policy violations are found
  170.  
  171.       continue -  continue if policy violations are found
  172.     </Description>
  173.   </Variable>
  174.   <Variable input="true" name="ticketManagementApplication">
  175.     <Description>
  176.       Name of the application that can handle ticket requests.
  177.       When non-null the Manage Ticket Steps will be visited to open
  178.       tickets during the workflow lifecycle.      
  179.     </Description>
  180.   </Variable>
  181.   <Variable input="true" name="policiesToCheck">
  182.     <Description>
  183.       A List of policies that should be checked. If this list is
  184.       empty all violations will be checked. Used in combination
  185.       with policyScheme.
  186.     </Description>
  187.   </Variable>
  188.   <Variable initializer="LCM" input="true" name="source">
  189.     <Description>
  190.       String version of sailpoint.object.Source to indicate
  191.       where the request originated.  Defaults to LCM.
  192.     </Description>
  193.   </Variable>
  194.   <Variable initializer="false" name="trace">
  195.     <Description>
  196.       Used for debugging this workflow and when set to true trace
  197.       will be sent to stdout.
  198.     </Description>
  199.   </Variable>
  200.   <Variable input="true" name="approverElectronicSignature">
  201.     <Description>
  202.        The name of the electronic signature object that should be used when workitems
  203.        are completed by the approver.
  204.     </Description>
  205.   </Variable>
  206.   <Variable name="identityName">
  207.     <Description>The name of the identity we're creating.</Description>
  208.   </Variable>
  209.   <Variable name="identityDisplayName">
  210.     <Description>
  211.       The displayName of the identity being updated.
  212.     </Description>
  213.   </Variable>
  214.   <Variable name="confirmationForm">
  215.     <Description>
  216.       A form that gets displayed for confirming the registration.
  217.     </Description>
  218.   </Variable>
  219.   <Variable name="plan">
  220.     <Description>
  221.       The ProvisioningPlan that gets generated from the form input.
  222.     </Description>
  223.   </Variable>
  224.   <Variable name="identityModel">
  225.     <Description>
  226.       The identity model that is used to represent the identity being created.
  227.     </Description>
  228.   </Variable>
  229.   <Variable name="ticketId">
  230.     <Description>
  231.       The id of the ticket that is genereated by the ticketingManagementApplication.
  232.       This is typically generated on the "open" call, and then used in subsequent
  233.       calls.  It is also stored on the IdentityRequest object under the
  234.       externalTicketId variable.
  235.     </Description>
  236.   </Variable>
  237.   <Variable name="policyViolations">
  238.     <Description>
  239.        List of policy violations that were found during our initial policy scan.
  240.        This list is passed into each work item so the approvers can see
  241.        pending violations.
  242.     </Description>
  243.   </Variable>
  244.   <RuleLibraries>
  245.     <Reference class="sailpoint.object.Rule" id="ff80808141cd68e70141cd69153e0114" name="Approval Library"/>
  246.     <Reference class="sailpoint.object.Rule" id="ff80808141cd68e70141cd6918760126" name="LCM Workflow Library"/>
  247.   </RuleLibraries>
  248.   <Step icon="Start" name="Start">
  249.     <Transition to="Initialize"/>
  250.   </Step>
  251.   <Step action="call:getIdentityModel" name="Initialize" resultVariable="identityModel">
  252.     <Description>
  253.        Initialize the data for the identity that we are creating.
  254.     </Description>
  255.     <Transition to="Registration Form"/>
  256.   </Step>
  257.   <Step icon="Approval" name="Registration Form">
  258.     <Approval mode="serial" owner="ref:launcher" return="identityModel">
  259.       <Arg name="workItemType" value="Form"/>
  260.       <Arg name="workItemDescription" value="Self-service registration form"/>
  261.       <Arg name="workItemForm" value="registerForm"/>
  262.       <Arg name="workItemFormBasePath" value="identityModel"/>
  263.     </Approval>
  264.     <Description>
  265.        Display the registration form to collect information about the registrant.
  266.     </Description>
  267.     <Transition to="Build Confirmation Form"/>
  268.   </Step>
  269.   <Step action="call:buildReadOnlyForm" name="Build Confirmation Form" resultVariable="confirmationForm">
  270.     <Arg name="form" value="registerForm"/>
  271.     <Arg name="helpText" value="lcm_registration_confirmation_text"/>
  272.     <Arg name="nextButtonLabel" value="label_confirm"/>
  273.     <Description>
  274.        Create the confirmation form to be displayed.
  275.     </Description>
  276.     <Transition to="Confirmation Form"/>
  277.   </Step>
  278.   <Step icon="Approval" name="Confirmation Form">
  279.     <Approval mode="serial" owner="ref:launcher" return="identityModel">
  280.       <Arg name="workItemType" value="Form"/>
  281.       <Arg name="workItemDescription" value="Confirmation form"/>
  282.       <Arg name="workItemForm" value="ref:confirmationForm"/>
  283.       <Arg name="workItemFormBasePath" value="identityModel"/>
  284.     </Approval>
  285.     <Description>
  286.        Display the confirmation form to the registrant.
  287.     </Description>
  288.     <Transition to="Registration Form" when="!approved"/>
  289.     <Transition to="Verify"/>
  290.   </Step>
  291.   <Step icon="Analysis" name="Verify">
  292.     <Description>
  293.       This is a place-holder step where verification of the information could
  294.       occur before a creation request is launched.  This could potentially call
  295.       out to an external system to verify some unique information (eg - employeeId)
  296.       before continuing on.
  297.     </Description>
  298.     <Transition to="Set identity name"/>
  299.   </Step>
  300.   <Step name="Set identity name" resultVariable="identityName">
  301.     <Description>
  302.       Set the identityName workflow variable based on the form input.
  303.     </Description>
  304.     <Script>
  305.       <Source>
  306.         return identityModel.get("name");
  307.       </Source>
  308.     </Script>
  309.     <Transition to="Build Provisioning Plan"/>
  310.   </Step>
  311.   <Step action="call:buildPlanFromIdentityModel" name="Build Provisioning Plan" resultVariable="plan">
  312.     <Arg name="identityModel" value="ref:identityModel"/>
  313.     <Description>
  314.       Convert the registration request into a provisioning plan.
  315.     </Description>
  316.     <Transition to="Submit Registration Request"/>
  317.   </Step>
  318.   <Step icon="Task" name="Submit Registration Request">
  319.     <Arg name="identityName" value="ref:identityName"/>
  320.     <Arg name="identityDisplayName" value="ref:identityDisplayName"/>
  321.     <Arg name="plan" value="ref:plan"/>
  322.     <Arg name="flow" value="ref:flow"/>
  323.     <Arg name="optimisticProvisioning" value="ref:optimisticProvisioning"/>
  324.     <Arg name="foregroundProvisioning" value="ref:foregroundProvisioning"/>
  325.     <Arg name="doRefresh" value="ref:doRefresh"/>
  326.     <Arg name="securityOfficerName" value="ref:securityOfficerName"/>
  327.     <Arg name="notificationScheme" value="ref:notificationScheme"/>
  328.     <Arg name="approvalMode" value="ref:approvalMode"/>
  329.     <Arg name="approvalScheme" value="ref:approvalScheme"/>
  330.     <Arg name="fallbackApprover" value="ref:fallbackApprover"/>
  331.     <Arg name="approverElectronicSignature" value="ref:approverElectronicSignature"/>
  332.     <Arg name="approvalEmailTemplate" value="ref:approvalEmailTemplate"/>
  333.     <Arg name="userEmailTemplate" value="ref:userEmailTemplate"/>
  334.     <Arg name="managerEmailTemplate" value="ref:managerEmailTemplate"/>
  335.     <Arg name="securityOfficerEmailTemplate" value="ref:securityOfficerEmailTemplate"/>
  336.     <Arg name="policyScheme" value="ref:policyScheme"/>
  337.     <Arg name="policiesToCheck" value="ref:policiesToCheck"/>
  338.     <Arg name="priority" value="ref:workItemPriority"/>
  339.     <Arg name="ticketManagementApplication" value="ref:ticketManagementApplication"/>
  340.     <Arg name="source" value="ref:source"/>
  341.     <Arg name="trace" value="ref:trace"/>
  342.     <Description>
  343.       Call the LCM Create and Update workflow with the plan that was created.
  344.     </Description>
  345.     <WorkflowRef>
  346.       <Reference class="sailpoint.object.Workflow" id="ff80808141cd695e0141cd698956001c" name="LCM Create and Update"/>
  347.     </WorkflowRef>
  348.     <Transition to="end"/>
  349.   </Step>
  350.   <Step icon="Stop" name="end"/>
  351. </Workflow>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!