![white-logo.png]](https://www.livingsecurity.com/hs-fs/hubfs/white-logo.png?height=40&name=white-logo.png){kind=logo}
Understanding Workflows
What is a Workflow?
A workflow is a feature that helps you take automated actions based on insights from Unify. It's about setting up a series of predefined actions (workflows) that are automatically initiated when specific conditions are met, eliminating the need for you to manually intervene each time.
Key Components of Workflows
- Triggers: The conditions that need to be met for the workflow to start.
- Identities: The identities (such as individual users or groups) that the workflow applies to.
- Actions: The tasks that will be executed when the trigger conditions are met.
- Payload: The content or data sent to complete the action (like a message or training assignment).
Creating a Workflow
Let's break down the process of setting up a workflow:
- Set the Trigger:
- Determine the insight that triggers the workflow.
- Example: When a power insight is detected, or when a user is observed for a specific behavior (clicks on a real phish or shares sensitive data).
- Define the Identities:
- Identify who or what this workflow will apply to.
- Example: "Any user who", "Any Contractor who", "Any finance user with Elevated Creds who".
- Choose the Action:
- Decide what action will be taken once the trigger is met.
- Example: Assign training, send a notification (not yet released) or kickoff an action in a third-party system (ie. update access in Sailpoint).
- Define the Payload:
- Specify the content necessary for the action.
- Example: A message template for an email or details for a training assignment.
Example Workflow
Imagine you want to automatically assign Phishing Awareness training to your security team whenever a user submits data from a phishing email:
- Subject: Any user who..
- Trigger: Detection of a Simulated Phish Action - Password Submitted insight.
- Action: Automatically assign Phishing Awareness Training.
- Payload: The Living Security Training campaign that includes custom notifications and the “Big Ideas: Phishing” content detailing the risks of Phishing emails and actions to be taken.
Managing Your Workflows
- Reporting: After a workflow is created, Unify allows you to see details about its execution:
- Individuals who triggered the workflow.
- Number of times the workflow was executed.
- Details about the payload execution.
Your workflow will initially be saved in Preview Mode. This means that triggers will activate for the selected identities when there are insight detections, but actions will not be executed—only logged for your reference.
Once a Workflow is Enabled, triggers and actions will execute for identities, but you will no longer be able to change its configuration. You may disable the workflow anytime when needed.
Workflow History Table
The Workflow History Table provides grouped data by either Identity View or Executions View
- Grouped by Identity View
- Workflow data is group by each individual identity. Columns include:
- Identity: Name of the identity with links to detailed records.
- Total Executions: Number of times the identity met workflow criteria.
- Successful Executions: Number of successful actions triggered by the workflow.
- Failed Executions: Number of failures due to system or integration issues.
- Last Execution: Timestamp of the most recent execution for that identity.
- Workflow data is group by each individual identity. Columns include:
- Executions View
- This view provides an audit log for each individual workflow execution. Columns include:
- Identity: Links to identity records.
- Mode: Indicates if the workflow was in Preview or Enabled mode during execution.
- Status: Shows if the execution succeeded or failed.
- Trigger: Details about what triggered the workflow.
- Timestamp: When the execution occurred.
- This view provides an audit log for each individual workflow execution. Columns include:
