Hi, I'm Rob Tovar, a solutions architect with Dell software. And in this short video I'll demo the workflow and permissions capabilities of ActiveRoles Server-- the simple, efficient tool for protecting critical active directory data, eliminating unregulated access to Active Directory resources and automating active directory account creation. In quest one, ActiveRoles workflows provide a way to customize operations of provisioning and overall administration of directory data.
Thus, workflows can be used to add approvals to user provisioning processes. For example, when designing an approval workflow the administrator specifies which kind of operation causes the workflow to start and adds approval rules to the workflow. Approval rules can notify of change requests pending approval. Or separate notification rules can be applied to inform about data changes in the directory.
So let's get started. In this scenario, Joe Admin manages the Chicago Admins Group. It's a critical group. And he wants to be the approver of all group membership modifications pertaining to this group.
We are going to create a workflow that will start when someone requests to modify the group. An email notification will be sent to Joe Admin with all of the details. A link within the email will take him to a website where he can manage the request.
The group change will be in a pending state until Joe Admin approves the change. We'll start by creating a workflow. We'll walk through the simple wizard and give it a name.
There are two workflow options, change workflow, and automation workflow. We'll select the change workflow. We will now configure the workflow.
Here we'll set the start conditions. Our target object will be a group. Here we'll select the change membership operations that will start the workflow.
We will set the filtering conditions so that it only includes our Chicago Admins Group. I've entered the condition log-on name equals Chicago Admin. So it only includes the group I'm interested in. We will now configure our approval rules by defining the approvers. In this case, Joe Admin-- the manager of the group, or target object-- will be defined as the approver.
Approval rules determine who is authorized to approve the operation, the required sequence of approvals, and who needs to be notified of approval tasks or decisions. Keep in mind, separate notification rules can be applied to inform about data changes in the directory without the need for an approval. In the notification tab we will see that notifications will go out upon tasks being created, completed, performed.
Notification activities in a workflow will notified via email about events, conditions, or tasks awaiting their attention. Notification messages include all necessary supporting information and provide hyperlinks enabling message recipients to take actions using a standard browser. We have now completed the workflow.
We are now logged on as Junior Admin. And we will now add Joey User to the Chicago Admins Group. Adding a user to this group will kick off the workflow.
Here, we must specify a reason for our request. I'll answer please add, thank you. The user will be added to the group only upon approval.
Since Joe Admin is the approver, he should have received an email with the request. From the email we can approve, reject, or view the details of this request. We will click on the link to request details.
From the active roles web interface we can approve, reject, escalate, or delegate the approval process. We will approve the change and take a look at our group membership. If we take a look at the properties of the Chicago Admins Group, we'll see that our Joey User account has been added successfully to the Chicago Admins Group. To learn more about active ActiveRoles Server and download a free trial version of the product visit Quest.com/ActiveRoles-Server. Thanks for watching.