Workflow overview

A workflow is a sequence of steps or activities that define a business process. You can use IBM Verify Identity Governance workflows to customize account provisioning, access provisioning, and lifecycle management.

For example, you can add approvals and information requests to account or access provisioning processes. You can integrate lifecycle management processes (such as adding, removing, and modifying people and accounts in IVIG) with external systems.

IVIG provides these major types of workflows:
Operation workflows
Use operation workflows to customize the lifecycle management of accounts and people, or a specific service type, such as all Linux® systems.

Operation workflows add, delete, modify, restore, and suspend system entities, such as accounts and people. You can also add new operations that your business process requires, such as approval for new accounts. For example, you might specify an operation workflow that defines activities to approve the account, including notifications and manager approvals.

Account request and access request workflows
Use account request and access request workflows to ensure that resources such as accounts or services are provisioned to users according to the business policies of your organization.
  • An account request workflow can be bound to an entitlement for an access or an account.

    In provisioning policies, an entitlement workflow for accounts adds decision points to account requests, such as adding or modifying an account. If the request is approved, the processing continues; if the request is rejected, the request is canceled.

    The account request workflow is started during account provisioning requests, including adding and modifying an account, made by a IVIG user or made during account auto provisioning. An account request workflow can be also started during an access request if there is no access request workflow defined.

  • An access request workflow is bound to an access by the access definition, rather than by a provisioning policy. This workflow can specify the steps and approvals that authorize access to resources in a request.

    The access request workflow is started only for access requests that are made by a IVIG user. The workflow is not started if the access is provisioned for the user as a result of an external or internal account request. An external account request is an account request made by a IVIG user. An internal account request is an account request made by the IVIG system. For example, an auto account provisioning gives the user a default or mandatory group that maps to an access.