Creating an SSH key workflow

Workflow objects define the parameters required to implement a workflow approval.

You must have the Create permission to the policy where you want to create the workflow.

To create a Workflow object

  1. From the Platform menu bar, click Policy Tree.
  2. Select the policy for which you want to create the workflow.

  3. Click Add > Workflow.

    The Detail View displays the Workflow's associated settings.

  4. In the Name field, enter a friendly name.

  5. In the Conditions box, enter the qualifying conditions.

    Setting

    Description

    If Stage Is

    Enter the condition stage when the workflow event should be triggered. Stages are listed below.

    If Application or Trust Store is

    Do not use for SSH workflows.

    SSH Stage Codes

    Stage Code

    Friendly Name

    Description

    10100

    SSH Key Provisioning

    Before the key is added on the device.

    10200

    SSH Key Edit

    Before the key is edited on the device.

    10900

    SSH Key Removal

    Before the key is removed from the device.

    NOTE  If there are multiple approvals set at the same stage, all approvals will trigger at the same time, and all approvals must be resolved before the workflow can continue. In Aperture, if a user is an approver for multiple workflow tickets at the same stage, approving or rejecting any of the workflow tickets will have the same effect on all workflow tickets assigned to the same object and stage.

  6. In the Actions box, enter the appropriate actions.

    Setting

    Description

    Inject Commands

    Do not use for SSH workflows.

    Request Approval

    Check the box to request approval when this workflow condition is triggered.

    Request Approval From

    Select the source of the approver.

    • Approver assigned to the object. For SSH objects, this is defined by the policy settings for the folder where the device is stored.

      For more information see SSH policy settings details.

    • Specified approver. Hard-code the approvers to be used. Activates the Specified Approver(s) field where you must enter the identities used for the approval.

      If multiple approvers are added, all listed approvers must approve the workflow item before it will be approved. If any of the approvers rejects the workflow, the item will be rejected.

    • Specify approver via macro. Allows you to enter a macro to dynamically select the workflow approver when the workflow is triggered. For more information on the Trust Protection Platform macro language, see the Venafi Trust Protection Platform Macro Guide. Activates the Approver Macro field where you must enter the macro command.

    Approval Reason Code

    Enter the Reason Code you want to include with the notification that is sent to the workflow approver. The maximum Approval Reason Code value is 999.

    IMPORTANT  This option is required if you select Request Approval From.

    Approval Reason Codes also accompany customized explanations or instructions for workflow approvers. The drop-down list displays the Reason Codes defined in the Workflow tree. For more information, see Defining reason codes for certificate approvals.

  7. Click Save.

For a detailed description of the object settings, see Workflow object settings.