{
  "Id": "4e097540-ca31-4c89-9591-87357a66879d",
  "DisplayName": "Require-Approval-on-Enrollment-for-Selected-Domains",
  "Description": "On enrollment, keyother.com domains requires approval; keyexample.com domain does not require approval.",
  "Key": "507/135",
  "KeyDisplayName": "Enterprise Web Server/Enterprise Web Server EP 3",
  "IsPublished": true,
  "WorkflowType": "Enrollment",
  "Steps": [
    {
      "Id": "ce0c4ef0-229d-4f4e-a9c7-06cf80badb3c",
      "DisplayName": "Enroll for Certificate",
      "UniqueName": "EnrollStep1",
      "ExtensionName": "EnrollStep",
      "Enabled": true,
      "ConfigurationParameters": {},
      "Signals": [],
      "Conditions": [],
      "Outputs": {
        "continue": "Email1"
      }
    },
    {
      "Id": "fb5895ed-2dfe-4919-b8a0-40151a13d8df",
      "DisplayName": "Require Approval for Selected Requests",
      "UniqueName": "RequireApproval1",
      "ExtensionName": "RequireApproval",
      "Enabled": true,
      "ConfigurationParameters": {
        "MinimumApprovals": "1",
        "DenialEmailSubject": "Certificate Request Denied for $(request:cn)",
        "DenialEmailMessage": "Hello $(requester:givenname),\n\nThe certificate you requested on $(subdate) in the name $(request:cn) has not been issued for the following reason:\n\n<blockquote>$(approvalsignalcmnts)</blockquote>\n\nThe certificate details include:\n\n<ul>\n   <li>CN: $(request:cn)</li>\n   <li>DN: $(request:dn)</li>\n   <li>SANs: $(sans)</li>\n</ul>\n\nFor assistance, please contact <a href=\\\"mailto:support@keyexample.com\\\">support@keyexample.com</a>.\n\nThanks!\nYour Certificate Management System",
        "DenialEmailRecipients": [
          "pkiadmins@keyexample.com",
          "$(requester:mail)"
        ],
        "ApprovalEmailSubject": "Certificate Enrollment Request Approved for $(request:cn)",
        "ApprovalEmailMessage": "Hello $(requester:givenname),\n\nThe certificate you requested in the name $(request:cn) on $(subdate) was successfully approved with the following comment:\n\n<blockquote>$(approvalsignalcmnts)</blockquote>\n\nThe certificate details include:\n\n<ul>\n   <li>CN: $(request:cn)</li>\n   <li>DN: $(request:dn)</li>\n   <li>SANs: $(sans)</li>\n</ul>\n\nYou will receive an update when it has been issued. For assistance, please contact <a href=\\\"mailto:support@keyexample.com\\\">support@keyexample.com</a>.\n\nThanks!\nYour Certificate Management System",
        "ApprovalEmailRecipients": [
          "pkiadmins@keyexample.com",
          "$(requester:mail)"
        ],
        "RequesterCanApprove": true
      },
      "Signals": [
        {
          "RoleIds": [],
          "SignalName": "ApprovalStatus"
        }
      ],
      "Conditions": [
        {
          "Id": "dd8e8186-097d-4e8b-b691-9b01041fbb52",
          "Value": "$(shouldRun)"
        }
      ],
      "Outputs": {
        "continue": "EnrollStep1"
      }
    },
    {
      "Id": "d0dbf51a-a584-4983-a538-5fb43bf210ad",
      "DisplayName": "Send Email After Enroll Succeeds",
      "UniqueName": "Email1",
      "ExtensionName": "Email",
      "Enabled": true,
      "ConfigurationParameters": {
        "Subject": "Certificate Issued for $(request:cn)",
        "Message": "Hello $(requester:givenname),\n\nThe certificate you requested in the name $(request:cn) on $(subdate) was successfully issued on $(issuedcert:issuancedate).\n\nThe certificate details include:\n\n<ul>\n   <li>CN: $(issuedcert:cn)</li>\n   <li>DN: $(issuedcert:dn)</li>\n   <li>Thumbprint: $(issuedcert:thumbprint)</li>\n   <li>Serial Number: $(issuedcert:serial)</li>\n   <li>SANs: $(issuedcert:sansformattedprint)</li>\n   <li>Requested Locations<sup>*</sup>: $(locations)</li>\n</ul>\n\n<sup>*</sup> This value represents the certificate stores chosen by the requester for distribution. However, these may differ from the stores where the certificate was successfully updated. Information about completed certificate store updates is not available at the time of enrollment.\n\nFor assistance, please contact <a href=\\\"mailto:support@keyexample.com\\\">support@keyexample.com</a>.\n\nThanks!\nYour Certificate Management System",
        "Recipients": [
          "pkiadmins@keyexample.com",
          "$(requester:mail)"
        ]
      },
      "Signals": [],
      "Conditions": [],
      "Outputs": {
        "continue": "EndNOOP"
      }
    },
    {
      "Id": "1acc5f71-f79f-4d3d-ae75-885355df8c97",
      "DisplayName": "Does Request Require Approval",
      "UniqueName": "PowerShell1",
      "ExtensionName": "PowerShell",
      "Enabled": true,
      "ConfigurationParameters": {
        "ScriptParameters": {
          "SubjectCN": "$(request:cn)"
        },
        "ScriptContent": "# Declare your parameter at the beginning\r\nparam(\r\n   [string]$SubjectCN\r\n)\r\n\r\n# Initialize a variable for the response\r\n$shouldRun = @()\r\n\r\n# Check to see if the requested CN ends with keyexample.com and require approval in the next step if it does not\r\n$Suffix = \"keyexample.com\"\r\n\r\nif ($SubjectCN.EndsWith($Suffix))\r\n{\r\n   $shouldRun = \"False\"\r\n}else {\r\n   $shouldRun = \"True\"\r\n}\r\n\r\n# Return the true/false value to the workflow as a hashtable\r\n$result = @{ \"shouldRun\" = $shouldRun; }\r\nreturn $result"
      },
      "Signals": [],
      "Conditions": [],
      "Outputs": {
        "continue": "RequireApproval1"
      }
    },
    {
      "Id": "b32b6e95-095f-48cf-ba71-96c4fd9711fd",
      "DisplayName": "Start-NOOP",
      "UniqueName": "StartNOOP",
      "ExtensionName": "NOOPStep",
      "Enabled": true,
      "ConfigurationParameters": {},
      "Signals": [],
      "Conditions": [],
      "Outputs": {
        "continue": "PowerShell1"
      }
    },
    {
      "Id": "616c6c5b-b0a3-4e02-9e48-d88bc668c00b",
      "DisplayName": "End-NOOP",
      "UniqueName": "EndNOOP",
      "ExtensionName": "NOOPStep",
      "Enabled": true,
      "ConfigurationParameters": {},
      "Signals": [],
      "Conditions": [],
      "Outputs": {}
    }
  ],
  "DraftVersion": 1,
  "PublishedVersion": 1,
  "Enabled": true
}