Multi-factor Authentication is a mechanism used across the Cymmetri Identity platform to deal with a second level authentication.

Typically employed using off-band mechanisms, Cymmetri allows flexibility by introducing both modern mechanisms, such as -

1. Time based OTP (through Cymmetri Authenticator mobile application)

2. Time based OTP (through Google Authenticator and other mobile application)

3. Push based Notification (through Cymmetri Authenticator mobile application)

4. SMS OTP

5. Email OTP

In this document, we will go through setting up the Multi-factor authentication options on the Cymmetri Identity Platform, and run through the setup of Multi-factor authentication options and their usage for the login scenario.

Setting up Multi-factor Authentication for the tenant

1. Access Multi-factor authentication by going to Products menu > Multifactor authentication product

2. Next, we select factors sub-menu

3. We now select the Cymmetri Authenticator (Time based OTP) toggle and click confirm to setup Cymmetri Authenticator as an MFA option

4. Similarly we toggle on the Push Notification and SMS Authenticator (OTP) options

5. Next we select the configuration sub-menu to configure the OTP options, here we will enable the Email OTP option by toggling it on.

6. Next we move to configure the rules for Multi-factor authentication policy for login

7. Click on the pencil icon to start editing the policy and change the dropdown of all factors to indicate that they are mandatory (required).

Let us talk about the options available for each factor -

Required - This setting means that the corresponding factor is required to be enabled for each user, and every user must set up this factor in their next login.

Optional - This setting means that the corresponding factor is not required to be enabled for each user, and they may configure this option from their "My Workspace". Once the user configures it, they may use it for the purpose of second level of authentication during authentication. Disabled - This settings means that the corresponding factor is not required or enabled for each user, and the user may not configure or use it for authentication into the Cymmetri platform.

8. Now click on the pencil icon in the upper box to toggle on this rule.

9. All subsequent logins of any user on the Cymmetri Identity platform will now require the use of mandatory MFA for one of these factors.

End user configuring Multi-factor authentication

Please download the Cymmetri Authenticator App from

1. Google Play Store - https://play.google.com/store/apps/details?id=com.unotech.cymmetri&hl=en_IN&gl=US 2. iOS App Store - https://apps.apple.com/in/app/cymmetri-authenticator/id1535591771

1. Since all the multi-factor authentication options are made mandatory (required), the user is prompted to set up their Cymmetri Authenticator first.

2. Clicking on the icon shown below will prompt the setup of the Authenticator app

3. User may download the Cymmetri Authenticator app from Play Store or App Store and then scan the authorization QR code to setup the time-based OTP and enter the OTP received on the mobile app onto the UI.

4. Next, we are prompted to setup Push Authenticator as a multi-factor authentication option.

5. Similarly scanning the QR code received from the previous step after clicking "Push Authentication" link, will show the mobile characteristics on which the QR code is scanned from the Cymmetri Authenticator app.

End user using multi-factor authentication for logging onto the Cymmetri Platform

1. Upon entering their username and password, the user is prompted to perform multi-factor authentication

2. Choosing Cymmetri Authenticator will prompt the user to enter the six-digit OTP they have received on their Cymmetri Authenticator App

3. Choosing Push Authenticator will prompt the user via a push notification on their mobile device with the Cymmetri Authenticator app installed to accept/reject login request.

4. Finally, choosing SMS Authenticator will send an OTP on the user's registered mobile number and their e-mail Address since we have enabled "Receive OTP on email" toggle button.

Webhooks are a way for external systems to receive events from the Cymmetri Identity Platform.

Requires the tenant organization to run a web server that is exposed to the Internet or at least accessible from the Cymmetri Cloud 2.0 deployment on the cloud

Events may be received for the following events -

1. Testing Webhook - Generates a POST request to the /test endpoint of the web server hosted by the tenant. It provides an authorization token that can be used for making any API calls to the Cymmetri Cloud 2.0 APIs. Is generated after this configuration. Go to the Configuration Menu and Select the webhooks menu -

   Click on the save & test button.
2. Pre Create User - Generates a POST request, before the user is created, to the /preCreateUser endpoint of the web server hosted by the tenant.

3. Pre Update User - Generates a POST request, before the user is updated, to the /preUpdateUser endpoint of the web server hosted by the tenant.

4. Post Update User - Generates a POST request, after the user is updated, to the /postUpdateUser endpoint of the web server hosted by the tenant.

5. Validate User - Generates a POST request, before the user is created and validation is to be run, to the /validateUser endpoint of the web server hosted by the tenant.

6. Validate Update User - Generates a POST request, before the user is created and validation is to be run, to the /validateUpdateUser endpoint of the web server hosted by the tenant.

7. Change password - Generates a POST request, upon the change of password for a user, to the /changePassword endpoint of the web server hosted by the tenant.

8. Pre Provision - Generates a POST request, before the provisioning of the user to an application, to the /preProvision endpoint of the web server hosted by the tenant.

9. Post Provision - Generates a POST request, after the provisioning of the user to an application, to the /postProvision endpoint of the web server hosted by the tenant.

10. Policy Map - Generates a POST request, while assigning the application to a user, to the /policyMap endpoint of the web server hosted by the tenant.

11. Deprovision Run - Generates a POST request, upon the update of a user to deprovision a user, to the /runDeprovision endpoint of the web server hosted by the tenant.

While other webhooks operate on a principle of fire-and-forget, the validateUser and the validateUpdateUser expect the response from the tenant as the same or modified body as sent to it for validation.

API body for the endpoints

Test web hook

Purpose : This api is used to test web hook api.

Input Needed: NA

Curl Request:

curl --location --request POST 'http://192.168.29.227:8080/webhook/test' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

}'

Response:

{ "response": {} }

Pre Create User

Purpose : This web hook api is used to do some events before creating a user in the target system.

Input needed :

{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Curl request:

curl --location --request POST 'https://52.66.206.31:8080/webhook/preCreateUser' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}'

Response: {

"response": {

"data": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Post create User

Purpose : This web hook is used to do some events after creating a user in the target system.

Curl request: curl --location --request POST 'http://192.168.1.193:8080/webhook/postCreateUser' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}'

Response : NA

Restful API - Pre update user

Purpose : This web hook is used to do some events before updating a user in the target system.

Input needed:

{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Curl request:

curl --location --request POST 'http://192.168.1.193:8080/webhook/preUpdateUser' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}'

Response

{

"response": {

"data": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Post update user

Purpose : This web hook is used to do some events after updating a user in the target system.

Input needed :

{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Curl request:

curl --location --request POST 'http://192.168.1.193:8080/webhook/postUpdateUser' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}'

Response: NA

Validate User

Purpose : This web hook is used to validate users before creating a user in the target system.

Input Needed :

{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Curl request: curl --location --request POST 'http://192.168.1.193:8080/webhook/validateUser' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}'

Response: {

"response": {

"error": true,

"message": "MobileAlreadyExist"

}

}

Validate update user

Purpose : This web hook is used to validate users before updating a user in the target system.

Input needed:

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Curl request:

curl --location --request POST 'http://192.168.1.193:8080/webhook/validateUpdateUser' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}'

Response:

{

"response": {

"error": true,

"message": "EmailAlreadyExist"

}

}

Change password

Purpose : This web hook is used to do some events on password change.

Input Needed :

{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

},

"passwordText" : "Welcome@123"

}

}

Curl request: curl --location --request POST 'http://192.168.1.193:8080/webhook/changePassword' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

},

"passwordText" : "Welcome@123"

}

}'

Response: NA

Pre provision

Purpose : This web hook is used to do some events before assigning applications to a user.

Input Needed :

{

"request": {

"policyMap" : "email",

"form" : "",

"applicationId" : "620231fee789224ec1cec3dd",

"roleList" : [],

"action" : "Application Create",

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Curl Request:

curl --location --request POST 'http://192.168.1.193:8080/webhook/preProvision' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"policyMap" : "email",

"form" : "",

"applicationId" : "620231fee789224ec1cec3dd",

"roleList" : [],

"action" : "Application Create",

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}'

Response : NA

Post provision

Purpose : This web hook is used to do some events after assigning applications to a user.

Input Needed :

{

"request": {

"policyMap" : "email",

"form" : "",

"applicationId" : "620231fee789224ec1cec3dd",

"roleList" : [],

"action" : "Application Create",

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

},

"isSuccess" : true,

"uid" : "5f36283bc193991db0990d3e"

}

}

Curl response :

curl --location --request POST 'http://192.168.1.193:8080/webhook/postProvision' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"policyMap" : "email",

"form" : "",

"applicationId" : "620231fee789224ec1cec3dd",

"roleList" : [],

"action" : "Application Create",

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

},

"isSuccess" : true,

"uid" : "5f36283bc193991db0990d3e"

}

}'

Response : NA

Policy map

Purpose : This web hook is used to do some events on policy map while assigning the application to a user.

Input needed :

"request": {

"targetAttribute" : "email",

"cymmetrifield" : "email",

"defaultValue" : "example@gmail.com",

"formVeriable" : "",

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Curl request :

curl --location --request POST 'https://52.66.206.31:8080/webhook/policymap' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"targetAttribute" : "email",

"cymmetrifield" : "email",

"defaultValue" : "example@gmail.com",

"formVeriable" : "",

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}'

Response :

{

"response": {

"mappedValue": "valid"

}

}

Run deprovisioning

Purpose : This web hook is used for deprovisioning applications when users get updated .

Input needed :

{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}

Curl request:

curl --location --request POST 'https://52.66.206.31:8080/webhook/runDeprovision' \

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImRlbGVnYXRlZSI6bnVsbCwiZGVsZWdhdGVlSWQiOm51bGwsImZpcnN0TG9naW4iOmZhbHNlLCJyb2xlcyI6WyJPUkdfQURNSU4iLCJVU0VSIl0sInRlbmFudElkIjoiYXMxMDAiLCJleHAiOjE2NDYzOTYzMDgsInVzZXJJZCI6IjYyMTRkYjdiZDY2MWE1NzM4NmE3MWYxMCIsImlhdCI6MTY0NjM5MDMwOH0.bdKZ3UBCedT91bJAWLCo2AOahIs5ClFMAhnj36f_ecQ' \

--header 'Content-Type: application/json' \

--data-raw '{

"request": {

"user": {

"assignedGroups": [],

"provisionedApps": {},

"securityQuestion": {},

"country": "India",

"firstName": "Shreyash2",

"lastName": "Pande2",

"login": "shreyash2",

"userType": "Employee"

}

}

}'

Response:

{

"response": {

"data": true

}

}

Workflows may be configured for a number of use cases in the Cymmetri Identity Platform, primary among them being for assigning application to a user (provisioning), unassigning application to a user (deprovisioning), and running reconciliation campaigns.

Configuring Workflows in Cymmetri Identity Platform

Workflows in Cymmetri Identity Platform may be configured for upto 4 stages of approval.

The administrator may select upto 4 approvers.

For each stage, the administrator may select one of the three options -

User - A particular user may approve workflow request at this stage.

Group - A user belonging to the selected Group may approve Workflow request at this stage.

Reporting Manager - The reporting manager of the user for which the approval is to be provided may approve the workflow request at this stage.

To observe how to workflow runs in action, refer Inbox