Architecture
Core Architecture
Key Components
9 min
activate is composed of modular components that can be deployed together or distributed depending on scale, security, and operational needs each component has a specific role in the overall platform architecture, but all work together through a shared configuration, database, and orchestration model activate web the user and administrator portal purpose dashboards, self service requests, approvals, and administrative tools key capabilities https enforcement, content security policy, and modern session protections authentication integrates with supported identity providers for sso and mfa scale stateless and horizontally scalable behind a load balancer dependencies activate database (read/write), identity provider, smtp or other notification services (optional) activate orchestrator the workflow execution engine purpose runs scheduled, event driven, and on demand workflows key capabilities queues, retry policies, compensation steps, error handling, and transaction boundaries security uses least privilege service accounts and scoped connector credentials scale multiple worker instances for parallel processing; concurrency tuned per connector limits dependencies activate database (state and audit), downstream systems via connectors activate studio design time configuration and administration purpose build workflows, forms, parameters, roles, permissions, and integrations key capabilities export and import of configuration between environments, validation tools, and change auditing access restricted to administrators and designers dependencies activate database activate api programmatic interface for integrations purpose rest endpoints to create, read, update, or trigger workflows and objects security oauth 2 0 or openid connect with defined scopes use cases integration with itsm tools, custom portals, and automation platforms dependencies activate database and the identity provider activate anywhere an optional proxy component for segmented networks purpose securely bridges requests between cloud hosted components and on premises resources without exposing the internal network placement typically deployed in a dmz or isolated subnet use cases hybrid environments or externally facing scenarios dependencies secure channel to web/orchestrator, controlled access to on premises targets activate database the system of record and operational store purpose stores configuration, workflow state, audit history, cached directory data, and search metadata platform enterprise sql server (including servers hosted in azure) operations backups, integrity checks, index maintenance, and performance monitoring high availability supported through sql clustering or availability groups connectors and adapters integration endpoints to external systems targets microsoft 365 (azure ad, exchange online, sharepoint), on prem active directory or exchange, itsm, hr, or custom rest/soap apis security dedicated service principals and accounts with scoped permissions and regular secret rotation operations includes throttling, pagination, and change tracking where supported identity and access authentication and authorization services authentication sso via azure ad or other supported providers; mfa and conditional access enforced at the identity provider authorization role based access control (roles, permissions, and policies) managed in studio service accounts least privilege accounts for connectors and orchestration functions search and indexing fast retrieval across activate objects and requests scope users, groups, services, tasks, articles, and other core objects data source indexes built from cached data stored in the database operations scheduled refresh tasks maintain current indexes without overloading external systems notifications and approvals user communication and decision flows channels email and optional chat integrations for notifications and approvals features tokenized approval links, reminders, and summary notifications audit all approval actions and workflow decisions are logged in the database background tasks and scheduling platform level automation and maintenance workloads cache refresh, index rebuilds, orphan cleanup, sla tracking, connector health checks scheduling cron like and event driven jobs managed from studio monitoring metrics for queue depth, job runtime, and failure trends caching performance optimization and reduced dependency load types directory/user/group snapshots, connector specific lookups, computed attributes freshness ttl or event based invalidation; background regeneration off peak resilience cache misses degrade gracefully; workflows continue safely telemetry, logging, and audit visibility and compliance across all tiers logs structured output from web, orchestrator, and api metrics latency, throughput, error rates, and connector performance audit immutable records for configuration changes, workflow actions, and approvals integration forward logs to enterprise monitoring and siem platforms security posture defense in depth approach aligned to zero trust principles network https enforced, minimal inbound exposure, restricted outbound access to trusted apis data encrypted in transit, least privilege access to sql, protected backups secrets managed and rotated securely, with full audit tracking hardening waf or gateway protection for web/api; regular os and dependency patching dependencies and port summary inbound to web/api tcp 443 from users and integration clients app to data tcp 1433 from web and orchestrator to sql server outbound identity provider endpoints, microsoft 365, itsm or hr systems, and approved external apis deployment considerations co location web and orchestrator can share a host in smaller deployments scale out add web nodes behind a load balancer; add orchestrator workers for concurrency; size sql appropriately for iops and memory resiliency multiple instances per tier with health checks and graceful degradation on external failures promotion use export/import and change control to move configuration through dev → test → production avoid sql platform features that conflict with activate’s operational requirements follow the supported sql server guidance in the system requirements exact ports and endpoints depend on the connectors in use and customer security policies activate components are modular and adaptable deployments can combine on premises, hybrid, and cloud only identity or messaging models as needed