Configuring Step Properties

Workflow Owner This topic is intended for SecureChange workflow owners, who are responsible for creating and maintaining workflows.

Overview

When configuring steps in a workflow, you can configure properties for each step in the workflow (click a step and click the Properties tab):

  • Change the name and description of a step Edit the name and description fields of the step.
  • Allow the requester to set the request priority (First step only): Select Define request priority so that the priority levels are shown when a user creates a request.
  • Allow the requester to add attachments (First step only): Select Add attachments so that the user can add attachments to the request when the user creates a request.
  • Allow the requester to use group notification (First step only): Select Use group notification so that the user can select a group to receive notifications.

  • Set a step to run workflow tools automatically and move to next step (Not available for the first step): In the step mode options, select either:

    • Manual : Requires user intervention to run/complete the step.

    • Auto: Runs the step automatically, and on successful completion, continues with the next step.

      After you save the step, an A is displayed on the step tab to indicate that it is an automatic step.

      The behavior and options for a step in Auto mode differs according to the type of workflow. For details, see Auto step mode behavior

Auto Step Mode Behavior

When a step is set to Auto mode, the options available and the behavior differs depending on the workflow type.

Decommission Network Object workflow

Decommission Network Object workflows do not support Auto steps. Instead, you can run the workflow tools through the Server Decommission Rest APIs.

Access Request workflow

For Access Request workflows, the following automatic step actions are available in Auto step mode. The actual actions available may vary for each vendor.

  • Suggest target: If the target of the access request is not specified, SecureChange adds a target based on SecureTrack policy and topology information. (Only available for workflows that use topology)
  • Run risk: Runs risk analysis so that its results are ready for the next handler.

  • Run designer: Designs the changes required to implement the requests

    • Update policy/device: Applies and implements the Designer changes (Supported devices only)
    • Assign to handler: The ticket is assigned to a handler after Designer runs and before the ticket moves to the next step. (This option cannot be enabled with Update policy/device or Run verification)
  • Run verification: Verifies if the access request is already configured in the current policy revision.

If there is a pending license issue for a target device in a ticket with an auto step and there is no default handler assigned (for example, if the task is configured with Self-assigned mode), the auto step does not complete and the ticket is placed in the Tickets list with the status Awaiting assignment.

If there are automatic steps that require "Commit-Now" that include Designer results, but the provisioning process was unable to successfully save the policy changes, the automatic step will fail and the workflow will not be completed.

Workflow

Rule Recertification workflow

For Rule Recertification workflows, Auto step mode automatically populates certification metadata for rules to SecureTrack's Rule Viewer when the step runs. The certification owner does not have to explicitly click Update Metadata in the ticket after defining a certification status for the rule.

Requirements

For the step to run in Auto mode, every rule in the ticket must have a certification status (Certified or Decertified). If at least one rule is not set with a certification status, the step will not run and the rule handler will receive a notification.

Best practice

To automatically populate SecureTrack, add a final step configured with Update rules metadata to run in Auto mode.

How Do I Get Here?

SecureChange > Workflows > Create a workflow > Step Name > Properties tab
or
SecureChange > Workflows > Click the name of a workflow > Step Name > Properties tab