When new user is created in FIM, an approval mail should be sent to his manager RRS feed

  • Question

  • Hi,

    We have a requirement that when a new user is created in FIM, an approval mail should be sent to his manager for creation in external source i.e. AD. If the manager rejects the request, the workflow ends and user should not get created in AD.If the manager approves the user creation request then an another request mail should be sent to the user's manager's manager for 2nd level of approval.If the user's manager's manager approves the request then user should get created in AD.


    Anil Kumar

    Thursday, December 11, 2014 10:11 AM

All replies

  • Adding Authorization (AuthZ) Workflows is not that hard in FIM. But it depends on the "requestor" making the call to configure the user for AD.

    Let's say you add a Boolean attribute 'flagAD' this flag is used to control, using for example Outbound Filtering in Sync Rule, if user gets provisioned to AD.

    We now need to add AuthZ workflows when setting this flag.

    AuthZ however is not triggered if the Requestor is the sync engine or the FIM Service account. If it is done manually using the Portal the requestor is some "normal" user and the AuthZ WF is triggered.

    So it really depends on how the overall process looks like in your scenario.   

    Thursday, December 11, 2014 10:55 AM
  • Hi Kent,

    Thank's for response.

    I am unable to understand add a Boolean attribute 'flagAD' this flag is used to control if user gets provisioned to AD,how to add flagAD in AuthZ workflows.if you any document for this or more details for configuration please share me.

    i simply want approval mail of Manager before creating Users in Active Directory.


    Anil Kumar 

    Friday, December 12, 2014 5:40 AM
  • Sounds like basic knowledge on how FIM is working is needed. I suggest you get a copy my book ,or my video course, to get an understanding on how the Sync engine and Workflow engine in FIM can work together to solve a problem like the one you have.

    If your scenario is as simple as using the FIM Portal to manage AD and not have other systems connected, the AuthZ Workflow could be added to the Management Policy Rule allowing the creation of the user object in the FIM Portal. If all users should be in AD as well no need for the flag since "every" user should be in AD.

    Friday, December 12, 2014 9:13 AM