Authorization Workflow - Hitachi ID Group Manager
The Hitachi ID Group Manager workflow engine normally uses e-mail to invite users
to approve requests, to send users reminders to act, to escalate
requests from one (non-responsive) user to another and even to send
thank-you notes and welcome e-mails.
Note that users are not allowed to approve requests using e-mail,
since most mail systems are insecure: plaintext and unauthenticated.
E-mail is used to invite users to act, rather than as a means
for them to perform the required action.
Workflow is used in Group Manager to approve change requests,
to implement approved requests, to certify user access and more.
A participant in the workflow process is a person invited
to complete a task.
The Group Manager workflow engine has built-in support for
automatic reminders, escalation and delegation, so as to elicit
reliable responses from individually-unreliable users:
- When participants are first chosen, their out-of-office status
on their primary e-mail system may be checked, to trigger
early escalation to an alternate participant.
- Non-responsive participants that have been asked to review
a request receive automatic reminders. The reminder interval
- Participants who remain non-responsive (too many reminders) are
automatically replaced with alternate participants, identified
using escalation business logic. Escalation is most often based
on OrgChart data -- i.e., the original authorizer's direct manager
is often the escalated authorizer.
- Participants can pro-actively delegate their authority, temporarily
or permanently. Delegation may trigger its own approval -- asking
the new participant to accept a new responsibility.
- A workflow manager can reassign participants attached to open
requests, for instance when they are terminated or when a request
is urgent and already-assigned participants are not available.