Enabling the IDM Workflow with ForgeOps v7.x


IDM embeds a Flowable Process Engine that initializes in the OSGi container. Workflows are not active by default. This article shows how to enable workflow using Mysql database as data source.


This article assumes the following:

Note: The CDK is a minimal sample deployment of the ForgeRock Identity Platform on Kubernetes that you can use for demonstration and development purposes.

Steps to configure workflow

IDM needs two configuration files to activate the workflow bundle:

  • workflow.json (The Flowable engine configuration, including the data source).

  • datasource.jdbc-default.json (The default data source for Flowable).

  1. Export config

    • ./config export idm my-profile --sort

    This step will create a directory named, my-profile:


  2. Get the following files from on-prem envy and copy it to:


    • endpoint-getavailableuserstoassign.json

    • endpoint-getprocessesforuser.json

    • endpoint-gettasksview.json

    • process-access.json

  3. Create workflow.json and datasource.jdbc-myflow.json
    in forgeops/docker/idm/config-profiles/my-profile/conf directory:


  "groupResource": {

    "path": "managed/group",

    "queryFilter": "/id eq \"${gid}\""


  "useDataSource": "myflow",

  "userResource": {

    "path": "managed/user",

    "queryFilter": "/userName eq \"${username}\""


  "workflowDirectory": "&{idm.instance.dir}/workflow"


Note: myflow needs to match the file name datasource.jdbc-myflow.json 



  "connectionPool": {

    "maximumPoolSize": 50,

    "minimumIdle": 20,

    "type": "hikari"


  "connectionTimeout": 30000,

  "databaseName": "openidm",

  "driverClass": "com.mysql.jdbc.Driver",

  "jdbcUrl": "jdbc:mysql://openidm.:10.x.x.x:3306/openidm?allowMultiQueries=true&characterEncoding=utf8&useSSL=false",

  "password": "yourpassword",

  "username": "openidm"

  1. Create workflow dir and copy sample bar files

    • mkdir -p forgeops/docker/idm/config-profiles/my-profile/workflow
    • cp managedUserApproval.bar contractorOnboarding.bar to this newly created workflow
  2. Modify forgeops/docker/idm/Dockerfile

    • COPY --chown=forgerock:root mysql-connector-java-5.1.48-bin.jar /opt/openidm/bundle
  3. Download msql-xversion.jar and copy it to forgeops/docker/idm

  4. Push the change to docker repo and rebuild Idm

    • . ./forgeops build idm --config-profile my-profile --push-to none
    • ./forgeops delete idm
    • ./forgeops install idm --cdk


Prepare MySQL if it is not set up:


  1. copy database scripts from pod
  2. kubectl cp idm-67b694666-c42wn:/opt/openidm/db/mysql/scripts/openidm.sql openidm.sql
    kubectl cp idm-67b694666-c42wn:/opt/openidm/db/mysql/scripts/createuser.sql createuser.sql`
    kubectl cp idm-67b694666-c42wn:/opt/openidm/db/mysql/scripts/flowable.mysql.all.create.sql flowable.mysql.all.create.sql
  3. Run the script against the database to set up the flowable data source:
  4. mysql -h hostip -u openidm -p
    mysql -u root -p < openidm.sql
    mysql -u root -p < createuser.sql
    mysql -D openidm -u root -p < flowable.mysql.all.create.sql
  5. Check database table content after workflow enabled:
  6. select id_, name_ from ACT_RE_DEPLOYMENT;
    select ID_ , REV_ , PROC_DEF_ID_ from ACT_HI_ACTINST;

Additional resources

image Identity Management


Training Videos