Welcome to Adaxes. In this video we’ll be looking at Approval-based
workflows. This feature enables you to safely delegate
various activities in AD, Exchange and Office 365 to lower-level users without losing control
of them. For example, approvals can be used if you
want to delegate user creation to HR staff, but at the same time you want to have an additional
security level and still need somebody to control the process. So, let’s see how Adaxes can be configured for such a scenario. Submitting operations for approval in Adaxes is done with the help of Business Rules. So, let’s now create a new Business Rule
to request approval for creating new users in Active Directory. Since I want to send user creation for approval,
I need to set my Business Rule to be triggered before creating a new user. And then I need to add an action to the rule
that will actually send the operation for approval once the rule is triggered. Here I need to specify the users who will
be approving the operation. I can either set specific users or members
of groups, like, members of the IT staff, and I also have an option to request approval
from the manager of the user who’s performing the operation, from the manager of the new user that’s being created, or from the owners of their OUs. Also, the operation can be submitted for approval
only if certain conditions are met. For example, it can be set such that approval
is required only if the Job Title of the user that’s being created contains the word 'Supervisor'. And I can also add other conditions, like,
the approval might be required only if the user, who’s performing the user creation,
is not a member of the Managers group. Finally, I need to set where my Business Rule
will work. For example, I can assign it over All Objects,
which means that it’ll work for all new users, no matter where in AD they are created. So, now we have the rule all set up, let’s
switch to Adaxes Web Interface and see how approvals work in real life. To create a user account, I need to fill in
this simple form. And let’s make sure that the Job Title of
the user we’re creating is Supervisor, so that the operation will require an approval
according to the rule I’ve set up. And when I’m done with the form, I can see
that the operation was sent for approval. This means that the AD account for the new
user hasn’t been created yet. Now I can see that the user creation operation
was added to the list of the operations I initiated that are awaiting approval. And because I’m the one who started it,
here I can see all the details of the operation and, for example, if I notice that I made
a mistake, I can just cancel it and provide a reason for doing so. Now let’s see how the process looks from
the approvers’ perspective. This is what the email with the approval request
looks like on my phone. As you can see, it contains all the details
of the operation, and, by the way, it’s customizable, so additional information could
be included here, if needed. And if everything is ok and I like what I
see, I can simply go and approve the operation with just a couple of clicks. So, if I now go back to the Web Interface
and search for the new user in Active Directory, I can see that the account has indeed been
created, as the operation was approved. Approvals in Adaxes can also be multi-level. For example, I might want the user creation to first be approved by a member of the IT staff and then I might require one more approval,
but this time from the new user’s manager. So, let’s find out how we can configure
that. Setting up multi-level approvals in Adaxes
is actually pretty straightforward. All I need to do for that is add one more
action to my Business Rule that will also send the operation for approval after the
first one is done. Only this time, I need to specify the new
user’s manager as the approver. Once I’ve done that, the approval has become
multi-level, since to create a new user now, first the IT staff need to give their permission
and then the user’s manager needs to approve it. And in a similar way, I could add any number
of approval levels that I need. Another common scenario where approvals can be useful, is when delegating certain tasks for self-service. For example, I can allow users to request
membership of certain distribution lists from the owners of those lists. So, let’s see how that works. For these purposes, I need another Business
Rule, which I already have configured here. Because here I need approval to add members
to groups, this time the rule is triggered before a new member is added to a group. And once it’s launched, the rule sends the
operation for approval to the owners of the group that the new member is being added to. And the Business Rule is set to work for all
my distribution lists. So, let’s now switch to the Web Interface
for Self Service to see this approval in action. Here I have a list of the groups that I’m
allowed to request membership of; and, let’s join the Company News distribution list. As you can see, when I try to do so, the operation
gets sent for approval. This means that I will be added to the group
only after one of its owners gives their permission by going through the same approval process
that we’ve seen earlier. And similarly to the scenarios that we’ve
seen so far, approvals can also be added to practically any other operation, like modifying
user account properties, resetting passwords, assigning or revoking Office 365 licenses,
restoring deleted objects, and so on. However, approvals can be used not only with
actions that are initiated by users, but also with various operations that are automatically
executed by Adaxes. For example, here I have a Business Rule that
automatically runs the onboarding procedures after a new user account is created in AD. And I can add an approval step for any of
these operations. For example, I can set the creation of an
Office 365 account for the new user and assignment of licenses to require approval by the new
user’s manager, by just enabling the approval option for this particular action. As easy as that. There also might be situations, when the list
of approvers for certain operations, might need to be based on some complex rules. In Adaxes, such a thing can be done with the
help of PowerShell scripts. So, let’s use one of the approvals that
we already have as an example. If I want to form a list of approvers for
the operation based on certain criteria, then, instead of submitting it for approval with
the ‘Send for Approval’ action, as at present, I need to do the same thing, but
using a PowerShell script. To actually send the operation for approval
from the script, all I need to do is simply call the Submit For Approval method of the
predefined PowerShell variable Context. And then I just need to provide the list of
approvers, which I can build earlier in the script according to the rules that I need,
as a parameter here. Not that hard at all. So, the approval-based workflows that Adaxes
provides, significantly widen the field of tasks that you can safely delegate. This way higher level authorities, like, managers
or IT staff, will be spending less time on actually executing them, but at the same time
they will still have full control over the tasks they delegate. Thanks for watching.
