Register Sign in Need help? FAQ SailPoint directory
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Step replicator in IdentityIQ 7.0+

Step replicator in IdentityIQ 7.0+

 

Introduction

IdentityIQ version 7.0 introduces a new workflow concept called a Step Replicator. A Step Replicator allows a list of objects to be processed through a workflow subprocess independently and concurrently - in other words, in parallel. It was added to IdentityIQ's workflow engine to support splitting a provisioning plan into its component parts so they could be approved and provisioned independently, allowing quickly approved items to be provisioned immediately while other requested roles or entitlements in the same Lifecycle Manager request (such as privileged access or access to sensitive data) waited in a longer approval process. However, the possible uses of this construct are not limited to just that.

 

A Step Replicator can be used any time parallel workflow processing on multiple objects is required. Example could include, but are not limited to:

  • Independently approving and provisioning individual line items in the same "cart" (the original use case)
  • Launching independent QuickLink actions for multiple target identities
  • Concurrently presenting the same data-gathering form to multiple users and acting on their responses

 

Implementation requirements

Step replication requires two separate workflows:

  1. A master workflow which has a workflow variable that contains a list of objects (Identities, ProvisioningPlans, Approvals, Applications, etc.)
  2. A subprocess workflow to which each of the objects in the list can be passed individually to perform one or more actions on that object

 

When a replicator is used, the subprocess is automatically invoked separately but simultaneously for each object in the list. The master workflow from which the subprocess instances are launched will not proceed to its next step until all subprocess instances are complete.

 

UI configuration of a step replicator

The Business Process Editor supports configuring a Step Replicator. When the step Action is Subprocess, the Step Replicator option becomes available. To use it, select Enable Replicator. Then specify the List workflow variable as the Items value and specify the variable name to pass to the subprocess as the Variable.

In this example, the workflow variable splitPlans contains a list of ProvisioningPlan objects, and each of those provisioning plans will be passed to the Approve and Provision Subprocess in the argument called plan.

 

Note: This example can be seen in context in the LCM Provisioning workflow in IdentityIQ 7.0.

 

XML representation of step replicator

In the XML serialization of a workflow, a step with a Step Replicator looks like this:

 

  <Step name="Approve and Provision Split" >    
    <Replicator arg="plan" items="splitPlans"/>
    <Return name="project" to="splitProjects"/>
    <WorkflowRef>
      <Reference class="sailpoint.object.Workflow" name="Approve and Provision Subprocess"/>
    </WorkflowRef>
    <Transition to="Assimilate Splits"/>
  </Step>

 

The Replicator element specifies which argument (plan) to populate with the individual items from the list specified in its items attribute (splitPlans).

The Arg value in the Replicator element is dynamically added to the arguments list for the subprocess call, populated with one item from the items list for each execution of the subprocess.

The Return variables from the subprocess are added to a List variable (specified with the "to" attribute) in the parent workflow when the subprocess finishes (e.g. the project from the subprocess is added to the splitProjects list in the parent workflow).

 

Workflows written directly in XML (rather than through the Business Process Editor) can, of course, take advantage of the Step Replicator functionality by including this <Replicator> element as shown.

Labels (1)
Labels:
Comments
satish_kankati
‎Dec 31, 2015 06:22 AM
‎Dec 31, 2015 06:22 AM

HI Jennifer,

Nice explanation of new feature in workflows.  Let me know if some exception occurs in one of the subprocess workflow then how it process ? does it terminates all the subprocess and execute master workflow finalize step ?

How finalize step can used in these scenarios..

Iam very much thankful .

Thanks

Satish Kankati

anil_bandlamudi
‎Apr 15, 2016 02:00 AM
‎Apr 15, 2016 02:00 AM

Hi Jennifer,

Is there any way to sync between replicator approvals? for example, If I would need to stop other approvals if any item got rejected in any of the launched sub process?

And, I have one more scenario - if I have requested for 3 items, one needs manager approval, other needs role owner approval, 3rd item needs work group approval only, how can I manage this?

Thanks,
Anil Bandlamudi

anil_bandlamudi
‎Apr 15, 2016 02:14 AM
‎Apr 15, 2016 02:14 AM

hi Satish,

I think we can develop the sub process to return result if success, otherwise return error object if any issue persists in workflow execution.

jennifer_mitchell
‎Apr 15, 2016 09:58 AM
‎Apr 15, 2016 09:58 AM

anil.bandlamudi,

The best way to gather this kind of input is in the Forum area.  You can reference this article by typing an @ followed by the title (Compass will try to auto-complete with the title for you, so it helps); use an _ character instead of space for multi-word titles, if you have to type that much to get it to come up) to provide the context for your question.  I do have some ideas about how you would address those scenarios, but if we start a conversation here, the purpose of the wiki article gets lost in the side threads, which is not what we want.  So please post these questions in the Forum and Share the post to me, and I will provide my thoughts there.

Jennifer Mitchell

debnarayan_sarkar
‎Sep 14, 2016 02:03 AM
‎Sep 14, 2016 02:03 AM

Hi,

I am planning to utilize this option in my custom workflow of V 7.0.And I am having quickLinkidentityIds  for multiple users and want to run replicator for AccountRequest. Can you please give an example (rule or Script) to construct variable for  "items". Means if above example is for plan then can you please give us an example to build a plan  for accountrequest/quickLinkidentityIds that will support above step.Because I was tried to build plan for multiple users and submitted into sub workflow but it is calling and ending. Not going through other steps of sub process.

Note: I have search into forum but not getting any thing. Please do not suggest from OOB WF.

Thanks and Regards

Deb Sarkar

jennifer_mitchell
‎Sep 14, 2016 01:09 PM
‎Sep 14, 2016 01:09 PM

debnarayan.sarkar

Please post this question to the Forums instead of as a question on this document. A long question thread on docs like this tends to confuse future readers about the purpose of the document itself.  You can reference this document by typing @ followed by the name of the document with underscores (e.g. Step_Replicator_in_IdentityIQ_7.0) if you want to tie your question back to the article for clarity.  And if you want to bring the question to my attention (or anyone else's), you can choose the Share option in the upper left menu to send an email to me (or another person) to bring it to our attention.

Also, please note that someone might already have an example they can give you, but if not, you are more likely to get help in the form of pseudocode than actual rules written for you through the Forums.

tonmay_bhattacharjee
‎Sep 25, 2018 10:55 AM
‎Sep 25, 2018 10:55 AM

jennifer.mitchell​ Nice to know about this. Thank you for the write up. How does it deal with the concurrent modifications of the same identity?

jennifer_mitchell
‎Sep 25, 2018 11:56 AM
‎Sep 25, 2018 11:56 AM

With object locks, same as any completely separate provisioning requests for the same identity would do.

arshdeep_thapar
‎Mar 28, 2020 10:05 AM
‎Mar 28, 2020 10:05 AM

How approvalSets are split in this case? If an approvalSet contains multiple items, and if I apply split point on manager and approval scheme is manager.
How does approvalSet gets split in this case?

Regards
Arshdeep

ysharat
‎Sep 29, 2020 10:12 AM
‎Sep 29, 2020 10:12 AM

Bit tough to understand, could you pls have a sample workflow to split concurrently the two plans . Where in I've two provisioning plans(AD and a JDBC) to process concurrently, not sure how it an be done.

Version history
Revision #:
2 of 2
Last update:
‎Jul 10, 2023 05:25 PM
Updated by:
Community Administrator
 
View Article History