Workflows
Feature Highlight
Product Updates
self-service

Now Generally Available: Cortex Workflows with Enhanced RBAC

Cortex Workflows is now generally available, bringing advanced RBAC controls and powerful automation tools to streamline developer operations.

By
Kate Huff
-
October 29, 2024

After an incredible week at IDPCon, we're excited to share one of the major announcements we unveiled during the event: the General Availability (GA) of Cortex Workflows with advanced Role-Based Access Controls (RBAC). 

One of the most highly requested features for Cortex Workflows, advanced RBAC gives you complete control over who can view, edit, and run workflows, supporting enterprises that deal with sensitive operations.

These new capabilities further solidify Cortex as the leading platform for developer self-service operations, offering enhanced security and controls to streamline workflows across teams.

What are Cortex Workflows?

Cortex Workflows allow teams to centralize and orchestrate key developer operations—from spinning up services and onboarding new developers to deploying resources and managing incidents—all from one unified platform. 

By integrating seamlessly with the tools you already use, Cortex Workflows helps teams automate complex, multi-step processes, saving valuable time and reducing the risk of human error.

Cortex offers the ability to chain together multiple actions to orchestrate activity in connected tools. Beyond just generating an HTTP request and calling a scaffolding template, users can also perform data transformations, request user input with auto-complete, generate a Slack message, or even pause the flow for manual user approvals.

Whether it’s simplifying incident response or speeding up deployments, Cortex Workflows lets teams focus on what matters most—building great software.

How it works 

Here’s how Cortex Workflows enables powerful automation and orchestration within your developer portal:

1. Centralized task management  

Cortex Workflows brings together complex, multi-step operations, creating a central hub for developers to execute critical tasks like deploying resources, updating configurations, or spinning up new services. This consolidation allows teams to manage these workflows in a streamlined, organized way, reducing the need for context-switching across multiple tools.

2. Automated steps with conditional logic  

With Cortex Workflows, you can automate processes by chaining together multiple actions, such as creating a new service or updating cloud resources. 

For example, when onboarding a new developer, workflows can automatically set up access permissions, create necessary Git repositories, and send notifications to relevant teams. By incorporating conditional logic, teams can add stops for manually approvals, data transformations, or branching logic to adjust workflows based on real-time data.

3. Seamless integrations with key developer tools  

Cortex Workflows connects effortlessly with the tools your team already relies on. Developers can trigger workflows from within Slack, GitHub, or other platforms, and Cortex will automate steps such as generating an HTTP request, querying an external database, or sending an approval request to the appropriate team. This integration minimizes the friction of moving between tools and reduces the risk of manual errors.

4. Human-centric workflows with user interaction  

Not all workflows are fully automated; sometimes, human input is essential. Cortex Workflows allows teams to pause flows for manual approvals or specific inputs from users. This interactive approach helps in areas where critical decision points or compliance checks are needed, such as approving high-risk deployments or validating new feature releases.

5. Robust access controls  

The recent addition of enhanced Role-Based Access Control (RBAC) and Entity-Based Permissioning means that teams can limit workflow actions based on user roles or ownership of specific resources. For instance, only team leads or service owners can run workflows involving production deployments, ensuring that critical operations remain secure and managed by the right people.

Examples of Cortex Workflows in Action

Automated service creation: A developer initiates a workflow to create a new microservice. Cortex Workflows automatically creates the service in GitHub, sets up monitoring through Datadog, and sends a notification on Slack, reducing setup time and ensuring everything is configured correctly from the start.

Incident response management: When an alert is triggered, Cortex can launch a predefined incident response workflow that notifies the on-call team, provides an incident checklist, and creates a dedicated Slack channel for real-time updates. Pauses for human input ensure that response teams are directly involved in key decision points.  

Scheduled compliance checks: Security and compliance teams can use Cortex Workflows to schedule recurring compliance checks, such as verifying access permissions on production systems. Cortex Workflows automates notifications, collects user input for compliance confirmations, and logs each action, helping teams maintain security and compliance standards.

Infrastructure deployment with golden paths: Imagine a workflow designed to deploy a new microservice environment following the organization’s approved golden path. A developer initiates the workflow, and Cortex automatically provisions cloud infrastructure according to the prescribed configurations—such as VPC setup, IAM roles, security groups, and monitoring. The workflow verifies configurations against best practices, pauses for necessary approvals, and notifies the developer once deployment is complete. This approach not only saves time but also ensures that all deployed infrastructure meets compliance and security standards by default.

Cortex Workflows' Enhanced RBAC and Entity-Based Permissioning

With the introduction of advanced RBAC in this GA release, teams now have granular control over who can view, edit, or run specific workflows. These capabilities were a crucial request from many enterprise users who needed a way to limit visibility for security and operational efficiency.

These new features offer powerful ways to control access, streamline operations, and protect sensitive workflows:

Granular access controls

The ability to control who can run a workflow—down to the individual user level—gives organizations peace of mind when automating critical operations. It reduces the risk of unauthorized access, ensuring that workflows are only executed by those with the proper clearance.

Specific permissions now available:

  • View Workflows: View workflows and see the workflows sidebar.
  • Edit Workflows: Create and edit workflows.
  • View Workflow Runs: View all workflow runs
  • Execute Workflow Runs: Create and continue workflow runs (e.g., provide user input or approvals)

Entity owner based permissioning

Entity owner based permissioning allows users to control which entities a workflow can be run on, based on ownership. For example, users can restrict workflows so that only those who own certain services or resources can execute them. This prevents users from running workflows on entities they do not manage, adding an additional layer of security and control.

And, no IDP identifies ownership with the level of accuracy as Cortex. One of the most powerful features within Cortex’s platform is its ML/AI-driven ownership model, which automates the process of identifying and assigning service ownership. This solution helps teams tackle a common and time-consuming challenge: ensuring that every service has a clear owner who is responsible for its maintenance and reliability.

Cortex’s ownership model has been tested across millions of services, achieving an accuracy rate of 70% to 95% in predicting the correct owner. Combined with entity-based permissioning, this provides an incredibly robust system for both automating ownership and securing workflows at scale.

Per workflow access controls

Some workflows may involve mission-critical tasks such as deploying infrastructure, updating security policies, or accessing production systems. With per workflow access controls, these workflows can be restricted to only those who need to execute them.

This ensures that potentially risky actions are not inadvertently triggered by users who do not have the necessary expertise or authorization.

Combining multiple access rules

Importantly, Cortex allows organizations to combine multiple access control rules for a single workflow. You can specify that only users with certain roles, who belong to particular teams, and who have specific permissions, can execute a workflow.

This level of customization provides the flexibility needed to manage complex workflows across large teams while keeping sensitive operations secure.

What this means for you 

Consider a workflow that grants temporary access to production systems for auditing purposes. With Per Workflow Access Control, you can limit execution of this workflow to your compliance or audit teams, preventing anyone outside those teams from accessing sensitive environments.

Similarly, workflows that involve deploying changes to live environments can be restricted to engineering leads or SRE teams, reducing the risk of errors in production. 

Enhanced security and compliance

Sensitive workflows, such as those involving customer data or critical infrastructure, can now be restricted to specific teams or roles (e.g., security or compliance teams).

This level of control helps ensure compliance with security standards and prevents accidental or malicious access to sensitive information.

Reduced clutter for more efficient operations

By using ownership-based filtering, teams only see workflows that are relevant to their role, reducing operational noise and enabling them to focus on the tasks at hand.

This streamlined view minimizes distractions, allowing teams to execute their workflows more efficiently and without confusion.

Simplified workflow management
With the ability to control who can run workflows on what entities, organizations can better manage complex workflows that span multiple teams or systems.

This makes it easier to deploy workflows that automate critical tasks while ensuring they are only run by the right people, on the right resources.

Take the next step toward engineering excellence 

Now that Cortex Workflows are generally available with enhanced RBAC and entity-based permissioning, your teams can confidently automate and secure their developer operations. 

Cortex Workflows is about more than just automation—it’s about bringing consistency, security, and efficiency to engineering workflows, setting the foundation for engineering excellence at scale.

As part of our commitment to helping teams drive engineering excellence, we’re offering an Engineering Excellence Bootcamp that provides hands-on guidance in implementing these features to drive better outcomes. Beyond seeing firsthand how Cortex Workflows and our advanced RBAC features can transform your developer operations, you’ll walk away from the Bootcamp with a fully integrated and operational IDP ready to drive engineering excellence.

Workflows
Feature Highlight
Product Updates
self-service
By
Kate Huff
What's driving urgency for IDPs?