Deprecation notice!
Legacy Workflows are on a deprecation path, and will be fully deprecated after February 2025. See full deprecation schedule here.
Please recreate the Workflows you need using new Workflows.
If you need assistance, contact us and we'll be happy to schedule a migration session with you.
Overview
This guide provides a step-by-step process for getting started using Axiom Security Workflows. Using Workflows, you can automate access requests by choosing a set of targets, sources, and actions.
Currently, Workflows support the following integrations:
AWS
MongoDB Atlas
Postgres
MySQL
Workflows page
The workflows page will open by clicking on the “Workflow” option in the left menu.
On this page, you can see all your workflows and a summary.
You can create a new workflow and watch the details & events of a specific workflow.
Active / Inactive Workflow
The toggle represents the workflow’s activity:
On - the workflow active and work
Off - The workflow exists but is currently in sleep mode. Meaning: even if we find a match between access requests to this workflow - the request will go to manual review.
Create new workflow
From the “Workflows” page, click on “Create new workflow”
The workflow includes 3 sections:
Target
Choose the users this workflow will be applied to (can choose multiple users)
Source
On which vendor do you want to apply this workflow? All the options are under “Location” field.
Please note! The list of vendors is based on your integrations with Axiom Security
By choosing “Location” new fields will show up based on your selection.
Examples
AWS
Account - Multi-selection
Permission set - Multi-selection, all the permission sets under the selected account (Optional)
Please note! You can choose multiple accounts, but by selecting this option, the permission set will not be available.
This will auto-approve/deny (based on your choice in “Action” section) every request on the selected account, without any connection to permission sets.
MongoDB Atlas | Postgres | MySQL:
Project - Multi-selection
Cluster - Multi-selection, all the clusters under the selected project (Optional)
Role - Multi-selection
Please note! You can choose multiple projects, but by selecting this option, the cluster will not be available.
This will auto-approve/deny (based on your choice in “Action” section) every request on the selected account, without any connection to a cluster
Conditions - Optional
You can choose the add conditions to your workflow
Had this permissions previously - the workflow will apply only if the users had the selected permissions before, in the time period you choose
Request duration - the workflow will apply only if the Access-Request duration (chosen by the user) is in a specific time period
Action
Currently, we support two options: Auto approve or Auto Deny.
In the case of “Auto approve” - you need to choose the duration (time til the access will be expired)
Workflow details page
After creating new workflows (or choosing workflow from the “All Workflows” page) - you will redirect to the workflow page.
On this page, you can see all the workflow details & events.
Edit / Remove workflow
You can edit/remove workflow from two places:
Workflows page - Clicking on the “…” menu
Workflow details page - Clicking on the “…” menu
Request view - Approve/Deny by Workflow
A request that was automatically reviewed by workflow will have the workflow name in the “approver” field
Notifications (Slack & Email)
Users will get the same notification as the manual access review.
Tenant Admins / Admins / Resource owners will get a notification on each workflow decision.
Events
You can see all the workflows events in two places:
Under specific workflow page
Under the “Events” page, you can filter the “Type” = “Workflow”
Coming soon: Okta