Envoyer des notifications Teams depuis NIM (Formerly Usercube)

Products Identity Manager Discussions & Questions
, ,
1

Hello,

As part of improving the user experience, we are looking to replace the email notifications generated by the “Update Permission” workflow with Microsoft Teams notifications.

Context

Currently, when a permission request is submitted or approved, the workflow sends emails to the various stakeholders. We would like to modernize this approach by leveraging Teams’ instant messaging capabilities, which offer better visibility and responsiveness for our users.

Our Idea:

  1. Modify the “Update Permission” workflow to integrate the triggering of a custom PowerShell script, which would handle sending the notification via the Teams API.

  2. Use Workflow Aspects to intercept workflow events and attach custom logic without directly modifying the native workflow.

Questions

  • Is it possible to customize the “Update Permission” workflow to trigger an external PowerShell script instead of (or in addition to) email notifications?

  • Do you have any configuration examples using Workflow Aspects that demonstrate intercepting workflow steps and attaching custom actions?

  • Are there other recommended approaches for this type of integration?

Thank you in advance for your feedback and experience sharing! :folded_hands:

2

Hello,

You have 2 approaches.

  1. Use the “InvokeScriptAspect” option

<InvokeScriptAspect Identifier="Directory_User_InvokeScript" Agent="Default" ScriptFile="C:/Usercube/Scripts/InvokeAspects/aspect.ps1">
    <PointCut Activity="Directory_User_StartInternal:Request" ActivityState="ActionWithRefine-Executed" Mode="After" />
    <PointCut Activity="Directory_User_StartExternal:Request" ActivityState="ActionWithRefine-Executed" Mode="After" />
</InvokeScriptAspect>

You need a job to run in order to execute the script:

  <Job Identifier="InvokeAspects" DisplayName_L1="Invoke Aspects" Agent="Local">
    <InvokeAspectsTask Agent="Default" DisplayName_L1="Execute Powershell for aspects" OutputPath="C:/Usercube/Temp" OpenIdClient="Job" />
  </Job>

Then you need to configure your script to process workflow instances and send Teams notifications.

#
param(
  [Parameter(Mandatory = $true)][string]$instancesPath
)

echo $instancesPath

$instances = Import-CSV -Delimiter ';' -Encoding UTF8 -Path $instancesPath

echo $instances.Count

# PS code to send Teams notification for each instance....

#

  1. Use a “InvokeExpressionTask” option

<Job Identifier="SendTeamsNotifications" DisplayName_L1="Send Teams Notification" Agent="Local">
    <InvokeExpressionTask Identifier="SendTeamsNotifications" DisplayName_L1="Send Teams Notification" InputPath="C:/Usercube/Scripts/SendTeamsNotification.ps1" ContinueOnError="1" Level="0" />
</Job>

The script can be schedule to run daily for example.

In the script you can call Identity Manager APIs to list pending requests of the day (Get workflows instances that has been created that day) and send teams notifications.

The API call should look like this :

$api = "http://localhost:5000"
# Credentials
$apiId = "Job@localhost"
$apiSecret = "secret"

cd C:\Usercube\Runtime

# Body for Token request 
$Body = @{
    'client_id' = $apiId
    'client_secret' = $apiSecret
    'scope' = 'usercube_api'
    'grant_type' = 'client_credentials'
}
# Parameters for Token request 
$Params = @{
    'Uri' = "$api/connect/token"
    'Method' = 'Post'
    'Body' = $Body
    'ContentType' = 'application/x-www-form-urlencoded'
}
# Get the Bearer Token
$AuthResponse = Invoke-RestMethod @Params

# Hearders for GET requests
$Headers = @{
    'Authorization' = "Bearer $($AuthResponse.access_token)"
}

# Headers for POST/PUT Requests
$PostHeaders = @{
    'Authorization' = "Bearer $($AuthResponse.access_token)"
    'Content-Type' = "application/json"
}

$Url = "http://localhost:5000/api/Workflows/WorkflowInstance?api-version=1.0&squery=join Workflow w join CurrentActivityInstance ai join ai.Performer of type Directory_User perf join Workflow_Directory_User:Directory_User Directory_User join Directory_User.MainRecord Directory_UserMainRecord join Directory_UserMainRecord.Title Directory_UserMainRecordTitle join Directory_UserMainRecord.Organization Directory_UserMainRecordOrganization join Directory_UserMainRecord.Site Directory_UserMainRecordSite join Directory_User.ResourceRiskScore Directory_UserResourceRiskScore top 12 select Id, Identifier, IsCompleted, CurrentStateId, w.DisplayName, w.Identifier, ai.Subject, ai.ChangeSetSummary, ai.CreationDate, perf.InternalDisplayName, perf.Id,Directory_UserMainRecord.FirstName,Directory_UserMainRecord.LastName,Directory_UserMainRecordTitle.DisplayName,Directory_User.Id,Directory_User.PhotoTag,Directory_UserMainRecordOrganization.DisplayName,Directory_UserMainRecordSite.DisplayName,Directory_UserResourceRiskScore.Score where (ai.CreationDate>=%222026-05-06T22:00:00.000Z%22) order by ai.CreationDate desc, Id desc&Path=/Workflows/WorkflowInstance/Supervise&QueryRootEntityType=Workflow_Directory_User"
$Result = (Invoke-RestMethod -Headers $Headers -Uri $Url).Result

Regards

Hazem