Authorization Workflow
The Hitachi ID Group Manager workflow engine normally uses e-mail to prompt authorizers for approval, to send reminders, to escalate authorization requests and even to send thank-you notes and welcome e-mails.
Note that requests and approvals are expressly not allowed in e-mails, since most mail systems are insecure: plaintext and unauthenticated. E-mail is used strictly to alert participants in the workflow process that their input is required and to provide a URL where they can be securely authenticated prior to providing that input over a secure channel.
The Group Manager workflow engine has built-in support for automatic reminders, escalation and delegation:
- When participants are first chosen, their out-of-office status on their primary e-mail system may be checked, to trigger early escalation.
- Non-responsive participants that have been asked to review a request receive automatic reminders. The reminder interval is configurable.
- Participants who remain non-responsive are automatically replaced with alternate participants, identified using escalation business logic. Escalation is most often based on OrgChart data -- i.e., the original authorizer's direct manager is often the escalated authorizer.
- Participants can pro-actively delegate their authority, temporarily or permanently. Delegation may trigger its own approval -- asking the new authorizer to accept responsibility.
- A workflow manager can reassign the participants attached to open requests, for instance when they are terminated or when a request is urgent and the authorizer is unavailable.