Authorization Workflow

The Hitachi ID Group Manager workflow engine normally uses e-mail to invite users to approve requests, to send users reminders to act, to escalate requests from one (non-responsive) user to another and even to send thank-you notes and welcome e-mails.

Note that users are not allowed to approve requests using e-mail, since most mail systems are insecure: plaintext and unauthenticated. E-mail is used to invite users to act, rather than as a means for them to perform the required action.

Workflow is used in Group Manager to approve change requests, to implement approved requests, to certify user access and more. A participant in the workflow process is a person who is being asked to complete a task, most commonly change authorization.

The Group Manager workflow engine has built-in support for automatic reminders, escalation and delegation, so as to elicit reliable responses from individually-unreliable users:

When participants are first chosen, their out-of-office status on their primary e-mail system may be checked, to trigger early escalation to an alternate participant.
Non-responsive participants that have been asked to review a request receive automatic reminders. The reminder interval is configurable.
Participants who remain non-responsive (too many reminders) are automatically replaced with alternate participants, identified using escalation business logic. Escalation is most often based on OrgChart data -- i.e., the original authorizer's direct manager is often the escalated authorizer.
Participants can pro-actively delegate their authority, temporarily or permanently. Delegation may trigger its own approval -- asking the new participant to accept a new responsibility.
A workflow manager can reassign participants attached to open requests, for instance when they are terminated or when a request is urgent and already-assigned participants are not available.