Workflow Instances

Example:   You have a custom enrollment Certificate enrollment refers to the process by which a user requests a digital certificate. The user must submit the request to a certificate authority (CA). workflow definition for the EnterpriseWebServer template A certificate template defines the policies and rules that a CA uses when a request for a certificate is received.. It contains a couple of steps including RequireApproval, which requires approval from at least two PKI A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. admins before a certificate with this template may be issued. The workflow definition has been edited and published a few times and is now at version 3. John enrolls for a certificate using the Management Portal PFX A PFX file (personal information exchange format), also known as a PKCS#12 archive, is a single, password-protected certificate archive that contains both the public and matching private key and, optionally, the certificate chain. It is a common format for Windows servers. Enrollment option and selects this template. When the enrollment completes, he receives a message indicating that the request is awaiting approval.

A workflow instance has now been created for his request. Users with appropriate permissions can view the instance in Workflow Instances.

Users with permissions to approve the request can do so through their My Workflows page and the Assigned to Me tab (see My Workflows).

After John completes his enrollment and before it is approved, an administrator makes a change to the workflow for the EnterpriseWebServer template and publishes the new version. The current workflow is now at version 4. However, John's request remains outstanding and valid with version 3 of the workflow. Any change made for version 4 of the template will not be reflected in John's request.

The only circumstance under which John's request might complete using version 4 of the workflow definition would be:

• If the administrator observed the suspended workflow (suspended because it is awaiting approvals), knew there was a new version of the workflow, and pro-actively restarted the workflow instance. A workflow instance restarted from a suspended state will always restart (from the beginning) with the currently active version of the workflow definition.
• If the administrator observed the suspended workflow, stopped the workflow knowing it should not be allowed to complete with the workflow definition it was submitted with, made a further update to the workflow definition, and then restarted the workflow with the newly updated version of the workflow definition. One common reason to stop and restart rather than just restarting would be to allow time to make changes to the workflow.
• If the original request failed for some reason (e.g. the CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. was not responding when the final approval was received and the request was submitted to the CA) and the administrator chose to restart the failed request with the currently active version of the workflow definition (the default) rather than the original version of the workflow after resolving the reason for the failure.