Step

Steps are comparable to pages in a form, where each step includes sections that focus on a specific area. By linking steps, one can create highly customizable IAM solutions.

Creating a step

A step is represented by a json object. Steps can be loaded from one json file or multiple files. Recommended setup is to keep each step in a single file. This will simplify configuration and overview.

Name

Description

Default

Mandatory

document_title

Text shown in browser tab. Overrides overlay.

Forms - Fortified ID

order

Sort order of step. Omitting will result in undetermined execute order.

N/A

time_lock

Used as a robot mitigator. How long before a step is allowed to be posted back to the server. Format conforms to https://en.wikipedia.org/wiki/ISO_8601

favicon

Favicon for this step.

Internal FortifiedID icon

verbose_logs

Same as Flow but can override in a step

Empty array[]

controls

List if controls for this step

N/A

pipe

Pipe to be executed moving to next step.

N/A

buttons.xxx

Same as for flow but can override in a step.

See Flow

enabled

Enable or disable this step.

true

include_expr

Predicate expression controlling if step should be included or not.

"true"

Example step to create a user.

{
    "controls": [
        {
            "id": "top_text_label",
            "type": "Markdown",
            "data": "# Create an Active Directory user \nEnter information about the user you want to create."
        },
        {
            "id": "givenName",
            "type": "Input",
            "ui": {
                "ui:size": {
                    "md": 6
                }
            },
            "schema": {
                "format": "strict"
            },
            "config": {
                "type": "string",
                "required": true
            }
        },
        {
            "id": "sn",
            "type": "Input",
            "ui": {
                "ui:size": {
                    "md": 6
                }
            },
            "schema": {
                "format": "strict"
            },
            "config": {
                "type": "string",
                "required": true
            }
        },
        {
            "id": "mail",
            "type": "Input",
            "ui": {
                "ui:size": {
                    "md": 6
                }
            },
            "schema": {
                "format": "email"
            },
            "config": {
                "type": "string",
                "required": true
            }
        },
        {
            "id": "mobile",
            "type": "Input",
            "ui": {
                "ui:size": {
                    "md": 6
                }
            },
            "schema": {
                "format": "phone"
            },
            "config": {
                "type": "string"
            }
        },
        {
            "id": "chooseRole",
            "type": "ValuePicker",
            "ui": {
                "ui:size": {
                    "md": 6
                }
            },
            "config": {
                "required": false,
                "options": [
                    {
                        "title": "Human Resources",
                        "value": "hr"
                    },
                    {
                        "title": "Sale",
                        "value": "sale"
                    },
                    {
                        "title": "IT",
                        "value": "it"
                    },
                    {
                        "title": "Engineering",
                        "value": "engineering"
                    }
                ]
            }
        },
        {
            "id": "adUserFindManager",
            "type": "ActiveDirectorySingleSelect",
            "ui": {
                "ui:size": {
                    "md": 6
                }
            },
            "config": {
                "attributes": [
                    "cn"
                ],
                "namespace": "${globals.ldap1_name}",
                "base_dn": "${globals.ldap1_flows_search_user_dn}",
                "scope": "SUB",
                "pre_filter": "(distinguishedName={{flow.manager}})",
                "filter": "(cn={{search_query}})",
                "value_key": "distinguishedName",
                "display_key": "cn"
            }
        }
    ]
}

Example step to edit and find users.

{
    "controls": [
        {
            "id": "top_text_label",
            "type": "Markdown",
            "data": "# Change user\nSelect the user you want to modify"
        },
        {
            "id": "findActiveDirectoryUser",
            "type": "Selector",
            "config": {
                "columns": ["displayName","sAMAccountName","url","manager"],
                "pipe_id": "active_directory_edit_user_step01_widget"
            }
        }
    ],
    "pipe": "active_directory_edit_user_step01"
}

Example with all main properties.

{
    "document_title": "flow00.step01.document_title",
    "favicon": "favicon.ico",
    "order": 1,
    "verbose_logs": [
        "flow",
        "session"
    ],
    "time_lock": "PT3S",
    "controls": [],
    "pipe": "forms.flow00.step01",
    "buttons": {
        "next_button": {
            "enabled": true,
            "text": "flow00.step01.next_button"
        },
        "save_button": {
            "enabled": true,
            "text": "flow00.step01.create_button"
        },
        "restart_button": {
            "enabled": true,
            "text": "flow00.step01.restart_button"
        }
    }
}

Pipe execution

If configured, execution of a pipe is done with all data available to the step. This means data will vary depending on what step is executed.

Data from all previous executed steps will be sent to pipe and accessed in pipes using {{request. pattern.

Returning from pipe execution

In order to be able to access any data returned from a pipe, return a single item in a pipe.

Data will available using {{flow.xxx}} pattern.

Skipping execution

A step can be enabled/disabled using the "enabled" flag. Both the page user interface and the pipe-execution is disabled if this flag is false.

Skipping execution conditionally

You can also enable/disable a step conditionally using the "include_expr"-expression (an expression that returns true or false). If the expression is evaluated to true, the step is included, otherwise skipped.

The actual filter is an ECMA-script (JavaScript) that MUST evaluate to true, false or to a boolean function returning true or false.

// Not included 
"include_expr": "false"

// Only included if session contains a username property
"include_expr": "session.username != null"

// Only included if a control from a previous step (findMyActiveDirectoryExtendAccountExpires) has a value
"include_expr": "str.isNotNullOrEmpty(flow.findMyActiveDirectoryExtendAccountExpires)",

PreviousInput and Output (JWT)NextLayout