I am fairly new to using workflows and provisioning in IDM and have the
following task I need to accomplish. Background: IDM 3.5.1 (including User
Application with Provisioning running on Linux), eDirectory 8.8 SP2

We would like to create a workflow that allows a user to request to be added
to a group (in eDirectory). The request goes to the user's manager and they
approve or deny the addition to the group. Upon approval the user is now a
member of the group.

I have been reading documentation and realize that two possible ways to
accomplish this in the workflow: entities and entitlements. I'm not sure
which method would be easier to implement my task. From what I've read,
entities seems like it might be slightly less confusing, but then again I've
been struggling with this for a while so this assumption may not be true.

I know this would need a single approval workflow (trying to keep it
simple). I know it may seem trivial, but this is the point that my
frustration sets in. The documentation I've read discusses how to use
entitlements, but they always reference a pre-existing entitlement for their
example (usually something built into the driver already), for which an
equivalent does not exist with the eDirectory driver. I don't know how I
would create/configure the entitlement for access to a specific group.
After trying unsuccessfully for a few hours, I decided to look into
accomplishing my task with an entity. I looked on this forum and saw a
reply to a different inquiry that Mikael Larsson had posted back in May 2007
that included the following instructions to set an attribute to the value
from a field:

"You define a field as "TheField" in a form. For that approval form you
the post-expression to "flowdata.TheField". In the Entity Activity you set
the action to Append Value or Replace All Values and the corresponding
action to "flowdata.get('TheField')" for the actual attribute. That way you
will populate the attribute with a single value from the form. If you would
like to populate multi-value attributes in the Entity Activity this is done
by using Replace All Values and the expression
"flowdata.getObject('TheField'). Note: If you would like to pick a single
value from a field with multiple values you use the expression
"flowdata.getObject('TheField[number]'). This is a XPATH method used in the
expression and number reflects the position for the value in the multivalued

I tried using the User entity in a Single Approval Workflow and did my best
to follow the instructions to set the groupMembership attribute to
"flowdata.get('TheField')" so that it would set (append) the groupMembership
attribute of the person who initiated the request to what the Manager filled
into "TheField" on the approval form. I did not have any luck doing this.
And so at this point I'm left frustrated no closer to accomplishing my task.

Like I said the first thing I need to know is which method (entities or
entitlements) would be best to accomplish my task. At that point I'm
looking for help in how exactly I would need to configure the entity or
entitlement. Any help or guidance is greatly appreciated. I'm really
trying to wrap my brain around exactly how to accomplish my task with a
workflow, and I know that IDM is capable of doing it. Maybe there is
already some documetation out there that tells me exactly what I need to
know, but I have had no luck in finding any such document.

Thanks in advance