Sun Identity Manager Deployment Reference

Understanding Workflow

Identity Manager workflow defines a sequence of actions and tasks that are performed consistently according to a defined rule set. Using the Sun Identity Manager Integrated Development Environment (Identity Manager IDE) graphical interface, you can customize each workflow launched by Identity Manager.

Before working with workflow, develop an understanding of:

What is Workflow?

In general terms, a workflow is a logical, repeatable process during which documents, information, or tasks are passed from one participant to another for action, according to a set of procedural rules. A participant is a person, machine, or both.

In Identity Manager, this concept is specifically implemented as the Identity Manager workflow component, which comprises multiple processes (workflows) that control creation, update, enabling, disabling, and deletion of user accounts.

Depending upon where you are in the product interface, workflows are referred as workflows, tasks, process, or TaskDefinitions.

When is Workflow Used?

Most Identity Manager tasks you perform are defined as a set of workflow processes. When you create a user in Identity Manager, for example, the corresponding workflow process defines and conducts activities that:

Workflows can run automatically without any user interaction or require user interaction in the form of an approval.

Workflows are typically launched as a side effect of checking in a view. Views are checked in when you click Save on a page that implements forms and views.

Workflows in the Repository

Within the Identity Manager repository, a workflow exists as a configuration object, typically of Type WFProcess. (The single exception to this object definition is the Create User workflow, which is defined as a ProvisioningTask object.) The taskType is always Workflow.

Note –

Identity Manager does not lock the repository object (that is, the User) while a workflow is executing. This is because workflows can run for days, and the repository object cannot remain unlocked for that long. However, Identity Manager prevents you from launching another update workflow on the same user.

Task Definitions and Task Instances

The launched instance of a TaskDefinition is represented as a TaskInstance object. You can view both object types from the Debug page.

ProcedureTo Access Task Definitions or Task Instances

  1. From the Debug page of the Identity Manager Administrator Interface, select TaskDefinition from the Type menu adjacent to the List Objects button

  2. Click List Objects. Identity Manager displays a list of the available object types that you have access to.

  3. Select an object (for example, TaskDefinition). Identity Manager displays all instances of that object type that you have permission to see.

    Once a workflow task is launched, the workflow engine creates a TaskInstance in the repository. A TaskInstance is an object in the repository that holds the runtime state of an executing workflow process. It stores context variables and immediate transition information for the TaskDefinition from which it was spawned.

    The TaskInstance references the descriptive TaskDefinition object through the TaskDefinition object’s generated ID. If you edit a TaskDefinition, TaskInstances already in execution will continue to use the old TaskDefinition object, but new ones will use the modified TaskDefinition with its newly generated ID.

When Are Task Instances Deleted?

The life of a TaskInstance is determined by the resultLimit parameter. If the result limit is zero, the task will be deleted immediately after completion. If it is positive, the value is the number of minutes that the TaskInstance is kept.

ProcedureTo Delete a Suspended Workflow TaskInstance

  1. Click the Manage Tasks tab in the Identity Manager Administrator Interface.

  2. Select View All Tasks.

  3. Select the suspended TaskInstance, then click Terminate.

Task Definition Parameters

The following table lists the standard configuration parameters.

Table 1–1 Standard Workflow Configuration Parameters




Specifies the user-supplied name of the workflow as presented in the Identity Manager interface. Names should be unique among objects of this type, but objects of different types can have the same name. 


Used for filtering purposes only 


Identifies the name of the class that implements the task. By default, for workflows this class is com.waveset.workflow.WorkflowExecutor.


(Boolean) Indicates that the task can be suspended and resumed. Default is true. 


(Boolean) Indicates whether the user is permitted to request synchronous or asynchronous execution. Default is true. 


Specifies the type of execution we should use by default. Default is sync. 

If this value is null, or set to ExecMode.DEFAULT, we treat it as ExecMode.ASYNC. 


Specifies the limit in seconds that the task is allowed to execute. The task can specify a limit on the amount of time it is allowed to execute. If it exceeds this limit, the scheduler is allowed to terminate it. A limit of zero means there is no limit. 

Default is 0. 


Specifies the limit in seconds that a task instance is allowed to live after the task has completed. Default is 0. 

Once a task has completed or terminated, the TaskInstance containing the task result is typically kept in the repository for a designated period of time, after which it is automatically deleted. 

0. Indicates that the TaskInstance will be deleted immediately after the task is complete. 

-1. Indicates that the TaskInstance will never be automatically deleted, though it can be manually deleted by the user. 

This parameter is typically set to a value that is equivalent to a few days for tasks that generate reports for later analysis. Set to zero for tasks that are run only for side effect and do not generate any meaningful result. 


(String) Specifies the options how the results of prior executions of repetitive tasks are handled. This object defines that data, and how to ask for it. Default is delete.

wait. Prevents the task from being run until the old result is manually deleted or expires. If this is a nonscheduled task, it results in an error at the time it is launched. If this is a scheduled task, the scheduler simply ignores it.

delete. Automatically deletes old results before executing the task. The old tasks must be in a finished state.

rename. Renames old results before executing the task. The old task must be in a finished state.

terminate. Terminates and deletes any currently executing task. This is similar to the DELETE option, but it also automatically terminates the task if it is running.


When set to true, specifies that the workflow continues to run after the completion of the action until the next manual action, and displays the next work item to the user immediately. This setting supports wizard-style workflows. 

When set to false, the workflow continues execution in the background, and the user must go to a different page (typically the approvals page) when he needs to perform the next step in the workflow. 


(String) Declares the visibility of this task definition. Default is run schedule. Other options include invisible, run task, and schedule task.


Specifies the interval in milliseconds that Identity Manager should check for progress updates. 

The task can specify an interval at which the task will be updating its progress. Defaults to 5000 milliseconds (five seconds). Specifying a shorter interval will give you more current task status, but increases the load on the server. 

Using the Variable Element

Identity Manager assigns a scope to all <Variable> elements when the element is declared. If you do not assign a value to the scope attribute, Identity Manager assigns it a value of local, which means that the variable can be accessed only within the XPRESS section that it is declared in.

Additional Variable attributes that define scope include:

Workflow Engine

The workflow engine is a software service that provides the run-time execution for a workflow process. The functions provided by the workflow engine to support a workflow process include:

Identity Manager captures activity-level variables for activities that contain a manual action. To minimize the storage needed for a workflow task, the workflow engine removes all other variables (before export) for completed activities.