...
...
...
...
...
...
...
...
Although Luma provides many automation workflow, in Luma supports a variety of Automation Workflow. In this article, you will learn how to configure Active Directory related Automation Workflows an Automation Workflow related to Powershell Service Configuration as an example.
Overview
You can perform these workflows related to Active Directory on an Active Directory server (on-premise). The workflows are listed below.:
Out-of-the-box Workflows available
...
The OOTB workflows are available on Luma Automation page on the Workflows tab as shown below.
Out-of-the-box Operations available
If you want to create your own workflows for Active Directory, use the following out-of-the-box Operations and customize them as per your need.
...
Below are the ready-to-use, Out-of-the-box (OOTB) Powershell workflows that you can directly use.
...
. You can add these Workflow Services to your Skill as Skill fulfillment and execute the workflow.
| No. | Category | Workflow Service | Description | Input Parameters | Example |
|---|---|---|---|---|---|
| 1 | Powershell | Ldap DeleteUser | Deletes the AD user from LDAP | Update Message On success | Message to be displayed on deleting the user |
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| SAM Account Name | LDAP SAM Account Name | ||||
| 2 | Powershell | Ldap DeleteGroup | Deletes the Group from LDAP | Update Message On success | Message to be displayed on deleting the group |
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| Group SAM Account Name | LDAP Group SAM Account Name | ||||
| 3 | Powershell | Ldap SearchUser | Search for the user in LDAP | Update Message On success | Message to be displayed on success |
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| Filter | Filter criteria for the search | ||||
| 4 | Powershell | Ldap ExistsUser | Find if the user already exists in LDAP | Update Message On success | Message to be displayed on success |
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| SAM Account Name | LDAP SAM Account Name | ||||
| 5 | Powershell | Ldap Change Password | Resets AD user password for a given login name |
| Password | New Password | ||
| Update Message On success | Message to be displayed on successful password change | ||
| Update Message On Failure | Message to be displayed if an error occurred. | ||
| SAM Account Name | LDAP SAM Account Name | ||
| SMS TO | Phone number to which the Self Service Password Reset service sends SMS. | ||
| SMS Body | Specify the SMS message to be sent when changing the password | ||
| 6 | Powershell | Ldap enable User | Enables the AD user |
| Update Message On success | Message to be displayed on enabling the user | ||
| Update Message On Failure | Message to be displayed if an error occurred. | ||
| SAM Account Name | LDAP SAM Account Name | ||
| 7 | Powershell | Ldap disable User | Disables the AD user |
| Update Message On success | Message to be displayed on disabling the user | ||||
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| SAM Account Name | LDAP SAM Account Name | ||||
| 8 | Powershell | Ldap change password at logon | Resets AD user password for a given login name at logon | Password | New Password |
| Update Message On success | Message to be displayed on successful password change | ||||
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| SAM Account Name | LDAP SAM Account Name | ||||
| SMS TO | Phone number to which the Self Service Password Reset service sends SMS. | ||||
| SMS Body | Specify the SMS message to be sent when changing the password | ||||
| 9 | Powershell | Ldap create User | Creates a new user in Active Directory |
| Password | Password for the new user account | ||||
| Update Message On success | Message to be displayed on successful creation of user in LDAP | ||||
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| First Name | User's first name | ||||
| Last Name | User's last name | ||||
| Login Name | User's login name | ||||
| User Principal Name | |||||
| Employee id | User's Employee id | ||||
| Path | |||||
| 10 | Powershell | Ldap Unlock User | Unlocks Active Directory (AD) user | Update Message On success | Message to be displayed on success |
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| SAM Account Name | LDAP Account Name to unlock | ||||
| 11 | Powershell | Ldap create Group | Creates New Group in Active directory for that AD domain |
Following is the list of workflow services:
Active Directory Service Configuration
...
| Update Message On success | Message to be displayed on success | ||||
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| SAM Account Name | LDAP SAM Account Name for Group | ||||
| Path | |||||
| Group Name | New Group name | ||||
| Group Category | Group Category | ||||
| Group Scope | Group scope | ||||
| Description | Group Description | ||||
| 12 | Powershell | Ldap add User To Group | Adds a user to a group | Update Message On success | Message to be displayed on success |
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| Group SAM Account Name | LDAP Group SAM Account Name | ||||
| User SAM Account Name | LDAP User SAM Account Name | ||||
| 13 | Powershell | Azure execute Powershell Script | Executes the Powershell script in the file | Update Message On Success | Message to be displayed on the successful execution of Powershell script. |
| Update Message On Failure | Message to be displayed if an error occurred. | ||||
| File Path | PowerShell script file absolute path. Note: To use the operation, the PowerShell script must be available on the PowerShell machine. | ||||
| File Params | Parameters required to execute the shell script. |
Using Service Workflow in a Skill
Let us look at an example using the Automation workflow service 'Ldap enable User'.
The 'LDAP enable User' Workflow Service enables an end-user in LDAP using a PowerShell script. Follow the below steps to configure and use the workflow service:
Table of Contents minLevel 2
Step 1: Setup Service Configurations
Service Configurations store the information used to connect to the system for automation workflows. Using the Automation Service Configurations page in ISMLuma Skill Builder, you can specify the required login credentials for the specific service to which you want to connect to. For Active Directory, you must specify the AD Server details, Username, Password, Domain Path, Email Domain. Navigate to 
Automation icon. On the Automation page, click the .
Click on Automation icon and navigate to Automation → Service Configurations tab.
Following is the list of service configurations:
For any Active Directory 'Ldap enable User' Workflow, you need to update the following Service Configurations.
- Active Directory Configuration SA Default Configurations
Powershell Configuration- The configuration is used to execute the PowerShell script to enable a user in LDAP. To use Powershell, the following configurations are required:
config.powershell.password Refers to the machine or environment password where you can execute PowerShell or winrm service is running. config.powershell.domain Refers to the machine or environment windows domain name where you can execute PowerShell or winrm service is running. config.powershell.username Refers to the machine or environment username where you can execute PowerShell or winrm service is running. config.powershell.address Refers to the machine or environment address where you can execute PowerShell or winrm service is running. Luma 1.x Configurations- To use the workflow service in Luma Virtual Agent. To use Luma 2.x, the following configurations are required:
config.luma1x.url This is the URL to the Luma 1.x environment you want to connect to. config.luma1x.luma.api.access.key Refers to the API access key created in Luma to allow a third-party system to connect to your tenant.
For more information refer to Out-of-the-box Automation Operations and Workflows.
Mapping Fields
Following are the mapping fields available in Luma for each operation in Active Directory. The data for these fields will be received from the user inputs.
The following table lists which input fields of Automation Workflow can be mapped to the attributes.
For example: Administrator may want to Disable an AD User. The skill prompts the administrator to enter the user_name of the user whose AD account needs to be disabled as shown below.
The data from this attribute needs to be passed to the Automation Workflow. This relationship is configured when the Automation Workflow is associate to a skill.
| Info | ||
|---|---|---|
| ||
requestor input field is common for all workflows. |
...
login_name
...
Step 2: Using the Workflow Service in SKill
The next step is to create a skill in Luma Skill Builder to enable a user in LDAP. Add 'Ldap enable User' Workflow to the skill fulfillment. The Workflow requires the following parameters
| Ldap enable User | Powershell | Enables the AD user | Update Message On success | Message to be displayed on enabling the user |
| Update Message On Failure | Message to be displayed if an error occurred. | |||
| SAM Account Name | LDAP SAM Account Name |
Map the parameters that require user inputs to the attributes in skill. Add attribute 'username' as mandatory input in Conversation Parameters section of the skill and map it to the input field 'SAM Account Name' for Automation Workflow in Skill Fulfillment.
When the skill is executed, Luma prompts the user to enter the user name to be enabled in LDAP. The user input is saved in the 'username' attribute and passed to the Automation Workflow, which in turn enables the account in AD.
