Impersonating users using a service account

 
Assume your team is responsible for procuring office supplies for your company from multiple vendors. To achieve that, you have created two processes: Purchase Request and Purchase Order. Each member of your team is in touch with a vendor, and they initiate multiple items in the Purchase Request process. 

Once the item reaches the completed state, you can integrate both the Purchase Request and Purchase Order to create a Purchase Order instantly. When the integration is created, you can formally share it with the vendors.

You can only use your personal access key ID and secret to authenticate an integration. This will make you the initiator of all the items in the Purchase Order, even if another member has initiated the Purchase Request item. With service accounts, you can create integrations so that the initiator of the Purchase Request is the same as the Purchase Order.

Configuring impersonation access

You must be a Super Admin or an IAM Admin to configure impersonation access. The first step is to create a service account, Integration account, and access keys within the respective service account. The next step is configuring impersonation access to both the Purchase Request and Purchase Order processes. The service account can only impersonate members who are part of the flow to which it has impersonation access.

Here’s how we can extend impersonation access:

1. Go to the Purchase Request and Purchase Order process. 
2. Click the More options button () and click Settings.
3. Click Security settings and, scroll down to Impersonation, click Configure. Select the Impersonation account from the list and click Add > Proceed. 

   

    

   

Integrating both processes using an integration

The next step after configuring impersonation access is to create an integration. Using a Kissflow Process integration, you can integrate both processes so that when an item is completed in the Purchase Request process, an item gets subsequently created in the Purchase Order process. Using the impersonation feature of service accounts, you can impersonate the initiator of the item in the Purchase Request to initiate one in the Purchase Order. 

To integrate both processes and configure Impersonation, you should follow the following steps:

1. Inside your Kissflow account, click your profile picture on the top right corner of the screen and click Integrations from the dropdown. Next, click the New Integration button to provide a name and description for your integration.
2. Choose Kissflow Process connector. The trigger is When an item completes its workflow. 
3. Click + Add an account and authenticate using your Account ID and Account Domain, which you can find inside My Settings. Add the Access key ID and secret credentials from the access key created inside the Integration SA service account. You can use existing connections while setting up an integration.

   

4. Select the Purchase Request process as the process in the trigger. 
5. After setting up your trigger step above, click the Add button () next to set up your action step. Search for the Kissflow Process connector and select Create and submit a new item as the desired action from the above list.
6. Choose Purchase Order as the process.
7. Select Yes under Impersonation and select the field _created_by._id. This field retrieves the member who created the item in the Purchase Request process and impersonates that user to initiate an item in the Purchase Order process. If a static user is mapped in this field, that user always starts items in the Purchase Order process. 
8. After authenticating with the Service account connection, add relevant values against the process form fields. You can hit Refresh fields to view all the updated fields in the selected process form. Click Next. 
9. After a successful configuration, test whether your Kissflow Process action step is set up correctly by clicking the Test button. The connector will pull field data from your selected Impersonation account and display it as a JSON output. Similar to the trigger step, errors are notified to you right away. Fix them before retesting the action step.

After creating a custom workflow with your Kissflow Process’s action steps, switch ON the toggle button to activate the integration run. Once a trigger event occurs, the selected Kissflow Process action is activated, and changes are reflected in your account.

Note:
The impersonating user must be a Purchase Request and Purchase Order member. If the user is not, the integration will fail, and any existing mapped fields inside the integration will get reset. 

After creating the integration, you can create and submit an item in the Purchase Request, and the item is automatically submitted in the Purchase Order by the same initiator.