Workflows & Event Handling

12 min

this document details how workflows and event handling operate in activate security group compliance manager (sgcm) these define how the product interprets active directory changes, determines policy relevance, and executes appropriate actions overview workflows and event handlers form the operational core of sgcm when a change is detected in active directory (ad), sgcm determines if it violates compliance policy and then executes a defined workflow to remediate, notify, or log the event workflow types sgcm includes several standard workflow templates designed to handle ad synchronisation, change processing, and group membership monitoring true 330,331left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type polling configuration sgcm runs periodic background polling through the activate job service this process checks for new changes and executes the configured workflow parameters controlling polling true 220,220,221left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type example to enable continuous monitoring, copy the fullworkflowwithgroups parameter and rename it to pollworkflow under resources > active directory change handlers change handlers define how sgcm processes specific types of changes two main change handlers are used true 330,331left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type adchangehandler the adchangehandler is used for directory object changes and provides integration points to other activate roles or linked data it supports linking to objects such as managers or departments through defined xml configuration example \<links> \<manager> \<scope>=//roles/system roles/users\</scope> \<match when="managerdomainname"> (samaccountname=%=//current/managerdomainname%) \</match> \</manager> \</links> these links can then be accessed within workflows using global variables (for example, =//links/manager) adgroupmemberchangehandler this handler monitors group membership changes and determines what type of group event has occurred it classifies groups by purpose and executes the corresponding event definition true 330,331left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type event handling sgcm event handlers define the response when a monitored event occurs each event type corresponds to a specific state change within ad true 330,331left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type example service group event definition \<services> \<events> \<deny> \<removemember>\</removemember> \</deny> \<add> \<createservice>\</createservice> \</add> \<remove> \<deleteservice>\</deleteservice> \</remove> \</events> \</services> this workflow automatically removes unauthorised additions, creates service instances for valid ones, and deletes services when users are removed notifications and logging event handlers can send notifications or log details for audit example notification event \<notify> \<users>=//groupresource/securitygroupmanagers\</users> \<message> \<subject>group membership added alert\</subject> \<body>\<!\[cdata\[ notification a user %=//member% has been added to %=//groupresource/group% outside activate the user has been removed from the group please advise them to request access via activate ]]>\</body> \</message> \</notify> notifications can be directed to roles, teams, or security groups specified in the securitygroupmanagers parameter global variables global variables are accessible within event handlers and workflows for dynamic data mapping true 330,331left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type audit and troubleshooting all sgcm events are recorded within activate’s audit log, allowing administrators to trace every detected change, workflow execution, and resulting action for troubleshooting confirm polling frequency under the domain resource check activate job service logs for workflow execution errors review event configuration within connector events parameters summary sgcm workflows and event handling deliver automated, policy driven enforcement of security group compliance by linking change detection with configurable workflows, sgcm ensures all active directory modifications are validated, logged, and remediated according to organisational policy