Sailpoint workflows usecases

Hi Sailers,

I am trying to learn sailpoint coding and got stuck with understanding how and where exactly should i be changing the subprocess in workflows based on a usecase. Appreciate if someone can post a usecase and the exact things to be modified in a provisioning workflow or any of its subprocess.

In workflows, subprocesses are defined using the <WorkflowRef> tag, which includes the name and ID of the sub-workflow. To invoke a different workflow, simply replace the existing workflow’s name with the desired one.

Share more details about your specific use case

Hi Bharath,

Here’s a simple use case that involves modifying a subprocess in the provisioning workflow, specifically the “Approve and Provision” subprocess:

Use Case: Two-Level Approval (Manager + Entitlement Owner)

Imagine you have certain entitlements that require approval from both the user’s manager and the entitlement owner during an access request.

To implement this:

Steps to Modify Workflow:

1. Write an Approval Assignment Rule:

• This rule defines who needs to approve based on the entitlement.
• You can check if the entitlement requires dual approval and add the manager and owner accordingly.

2. LCM Provisioning Workflow

• This is the main workflow triggered during access requests.
• It has a step called “Approve and Provision”, which calls the subprocess: “Approve and Provision Subprocess”

3. Open “Approve and Provision Subprocess”

• Inside it, locate the step named “Approve”.

4. Edit the “Approve” Step

• Assign your custom Approval Assignment Rule here.
• This rule returns a list of approvers (e.g., manager + entitlement owner).

This is a scenario where you modify a subprocess (Approve and Provision) and apply business logic using a custom rule to meet access governance requirements.

Note:

It’s not recommended to modify OOB workflows directly.
Best practice: Copy the workflow and subprocess, rename them, make your changes, and use the new versions.

Hi Bharath,

You can refere the another workflow by using below syntex in workflow steps

<WorkflowRef>
      <Reference class="sailpoint.object.Workflow"  name="LCM Create and Update Immediate Termination"/>
    </WorkflowRef>

Additionaly, you have to supply all the input variables to the worflow from the same step like below

<Arg name="approvalScheme" value="ref:approvalScheme"/>
    <Arg name="fallbackApprover" value="ref:fallbackApprover"/>

Also, if you are expecting any result/return variables from the sub-workflow you have to add the return argument, like below in the same step

<Return name="project" to="project"/>

Below is the example for your reference

<Step name="Process Plan" posX="1005" posY="7">
    <Arg name="approvalScheme" value="ref:approvalScheme"/>
    <Arg name="fallbackApprover" value="ref:fallbackApprover"/>
    <Arg name="endOnManualWorkItems"/>
    <Arg name="userEmailTemplate" value="User_EndDate_Change_Notification"/>
    <Arg name="policiesToCheck"/>
    <Arg name="workItemPriority"/>
    <Arg name="workItemComments" value="ref:comments"/>
    <Arg name="identityRequestId"/>
    <Arg name="source"/>
    <Arg name="identityDisplayName" value="ref:identityDisplayName"/>
    <Arg name="foregroundProvisioning"/>
    <Arg name="approvalMode" value="serial"/>
    <Arg name="batchRequestItemId"/>
    <Arg name="trace" value="true"/>
    <Arg name="doRefresh" value="true"/>
    <Arg name="endOnProvisioningForms"/>
    <Arg name="approverElectronicSignature"/>
    <Arg name="plan" value="ref:plan"/>
    <Arg name="flow" value="Disable Identity"/>
    <Arg name="identityName" value="ref:name"/>
    <Arg name="notificationScheme" value="ref:notificationScheme"/>
    <Arg name="approvalSet"/>
    <Arg name="policyViolations"/>
    <Arg name="policyScheme"/>
    <Arg name="approvalForm"/>
    <Arg name="requesterEmailTemplate" value="TerminateUser Requester Rejection Notification"/>
    <Arg name="approvalEmailTemplate" value="ref:initialApprovalEmailTemplate"/>
    <Arg name="ticketManagementApplication"/>
    <Arg name="optimisticProvisioning"/>
    <Arg name="securityOfficerEmailTemplate"/>
    <Arg name="securityOfficerName" value="ref:securityOfficer"/>
    <Arg name="managerEmailTemplate" value="ref:managerEmailTemplate"/>
    <Arg name="ticketId"/>
    <Arg name="comments" value="ref:comments"/>
    <Arg name="oldEndDate" value="ref:oldEndDate"/>
    <Arg name="userType" value="ref:userType"/>
    <Arg name="workItemHoursTillEscalation" value="ref:workItemHoursTillEscalation"/>
    <Arg name="workItemMaxReminders" value="ref:workItemMaxReminders"/>
    <Arg name="workItemHoursBetweenReminders" value="ref:workItemHoursBetweenReminders"/>
    <Return name="project" to="project"/>
    <WorkflowRef>
      <Reference class="sailpoint.object.Workflow" name="LCM Create and Update Immediate Termination"/>
    </WorkflowRef>
    <Transition to="Refresh Identity"/>
  </Step>

Thankyou Priya, Appreciate your inputs !

Thankyou Prashanth for your reply. May i know if there is anyway i can find such usecases which we handle in realtime projects .

Thankyou Ramanayya for your reply. it is quite informative.

Hi Bharath
You can refer this presentation, so that you can get better understanding on workflows.
IdentityIQ_Advanced_Provisioning_and_Workflows_8.2b_-_Student_Presentations.pdf (6.9 MB)
Additionally you can enroll in this course on SailPoint University
https://university.sailpoint.com/Saba/Web_spf/NA10P1PRD075/common/ledetail/0000013580/latestversion

This gives you better understanding and you can relate to realtime usecases once you have good idea.
For your ref:
LCM Subprocess Workflows
Lifecycle Manager Workflows

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.