Workflows allow you to automate any part of the access request lifecycle, such as making automated approve/ deny decisions. Each workflow consists of:
|
Details
Trigger A Trigger can be a built-in Axiom trigger, or custom triggers you define. We currently supports the built-in "Request created /edited" trigger. More triggers, and custom triggers are coming soon
One or more Conditions Workflow logic can be based on any request parameter - see the Conditions section for details.
Action |
Conditions
Every workflow must have at least one condition. Every condition consists of:
Request parameter to be evaluated
System, Target, Principal, Permission, Justification text, Duration.
βOperator
The options available for Operator, change based on the selected request parameter.
βOperator value
Appears only after you select an Operator. It's form (free text, or drop-down options list), and available values depend on the selected Operator.
Caution about entering multiple Duration conditions!
β
You can select the same request parameter for different condition rows in a workflow. When doing so for Duration, ensure that they do not conflict. If they do, your Workflow will always return false (automatic action will not be taken). For example:
- Duration Less than 2 hours
- Duration Equal to 2 hours
Limitation when using multiple Okta accounts
If you use Axiom to manage access to multiple Okta accounts, and you have users with the same email on more than one of these accounts, and you have workflows that use "Is member of Group" for Okta groups, and the groups do not exist on both Okta accounts, then the workflow may not work as expected. If you encounter this, open a support ticket.
Principal vs Requester
Principal is the person (or service account) that will granted the access if the request is approved. It may be different than the requester, which is the Axiom user who submitted the request.
Not finding the condition or operator you need? Submit a feature request