Organization Variables

Overview

Organization Variables serve as the foundational elements for setting and managing configurations across different organizational levels within Rewst. They ensure consistency and control within workflows and facilitate efficient management across the organizational hierarchy.


Inheritance and Overrides

  • Inheritance: Values set at the parent organization cascade down, providing a default setup for all client organizations.

  • Overrides: Sub-organizations can establish their own variables, prioritizing local settings over inherited defaults.


Usage in Workflows

Access variables seamlessly in any workflow with the following syntax:

{{ ORG.VARIABLES.<variable_name> }}

Naming Conventions

  • Employ descriptive and straightforward wording using snake_case for clarity.

  • Prefix integration-specific variables appropriately, like psa_ for PSA-related variables.

Defining Boolean Values: always use lowercase true or false to align with Rewst's standardized practices. This uniform approach applies to all future workflow designs. Existing legacy workflows may display variations.


Use as Default Feature

The "Use as Default" feature allows managing organizations to set a universal default value for an ORG variable. This default is applied to sub-organizations unless they specify their own value.

How "Use as Default" Works

  • Setting a Default: When you set a variable as default at the MSP level, it becomes the fallback for sub-organizations without a specified value.

  • Workflow Execution Context:

    • The default value is only utilized if the workflow is initiated from the managing organization.

    • To apply the default value to Client A, the workflow must start from the MSP, even if it operates within Client Aโ€™s context.

  • Triggers and Context:

    • Implementing triggers in the workflow ensures that the execution context is recognized. This facilitates the use of MSP-level defaults in sub-organization workflows.


Onboarding Requirements

Certain ORG Variables are essential for onboarding processes and are utilized by the Get and Set ORG Variables Workflow to ensure smooth integration and setup for new users or systems.

Form FieldVariableUseValid Values

Default PSA

default_psa

Identifies the PSA that you use

cw_manage kaseya_bms etc

Default RMM

default_rmm

Identifies the RMM that you use

cw_automate datto_rmm ninja_rmm kaseya_vsa etc

Primary Identity Provider

primary_identity_provider

Specify where users are created for the organization, either on premise or in Azure

on_prem azure_ad, jumpcloud

Default Ticket Location

psa_default_board_id

The default PSA board (or other organizing feature) that Rewst will use to create tickets on when running automations

(depends on psa)

Default Ticket Status

psa_default_ticket_status

The default ticket status that Rewst will use when updating tickets. This is the status that Rewst will use when actively working on a ticket. It usually set to "In Progress" or a similar status.

name or id of ticket status

Ticket Status while Waiting for Input

psa_ticket_status_waiting_input

The default ticket status that Rewst will use when tickets are waiting for user input. This applies in cases where the automation will pause and prompt a technician to do an additional step outside of the automation before then returning to the ticket to confirm that action has taken place. This will then kickoff the automation to continue from the position it left off.

name or id of ticket status

Ticket Status when Workflow Complete

psa_ticket_status_completed_task

The default ticket status that Rewst will use when we finish an automation. Consider this the "quality check" status to make sure everything ran properly.

name or id of ticket status

No Time in Tickets

psa_no_ticket_time

Set this when you don't want automation to put time_worked in tickets. The "Yes" option will add notes in the ticket we create when running an automation. The "No" option will let us impersonate a technician to apply time under there name for automations that run. We do this because we can't apply time via the API for most PSAs.

1 or 0 (boolean )

Default Tech ID

psa_default_tech_id

Tech Id to user when updating ticket time

id of tech to use for time entries

Default Work Role

psa_default_tech_workrole

Tech Work Type to user when updating ticket time

id of tech work type to use for time entries

Default Work Type

psa_default_tech_worktype

Tech Work Role to user when updating ticket time

id of tech work role to use for time entries

New User Ticket Type

psa_new_user_ticket_type

Ticket Type to use on the New User Board when creating a ticket

int for type_id in CWM

New User Ticket Subtype

psa_new_user_ticket_subtype

Ticket SubType to use on the New User Board when creating a ticket

int for subtype_id in CWM

New User Ticket Item

psa_new_user_ticket_item

Ticket Item to use on the New User Board when creating a ticket

int for item_id in CWM

Time Entry Ticket Status

time_entry_ticket_status

Set tickets to this status to enable time entry

strStatus Name or int ID to use

New User Approval Email

new_user_approval_email

When email approval is needed for new user adds, use this address

email address

Require Approval For New User

require_approval_for_new_users

Controls the new user approval requirement.

(1 or 0) or (true or false)

Require Authorization for License Purchases

m365_require_authorization_for_new_licenses

Pause workflows for Inquiry when new license purchases are needed

1 or 0 (boolean )

Require Approval For Offboarding Users

require_approval_for_offboarding_users

Controls the new user approval requirement.

bool

Offboard User Approval Email

offboarding_user_approval_email

When email approval is needed for offobarding users, use this address

email address

New User Password Save Location

new_user_password_save_locations

Where to store the password during new user creation. Default to PSA if not defined

List of psa``itglue``hudu``custom-pwpushother systems

New User Password Save Location Custom URL

new_user_password_save_location_custom_url

In the event that we are storing a password in a custom PWPush, put the URL here

User Start Date Action

user_start_date_action

How to handle start_date in user onboarding

default document_only : only show in ticket

Override Email Domains

override_email_domains

List of email domains to show rather than querying from M365

List of domains

New User Automation Task Time

automation_task_new_user_time

Default time for the "New User" workflow, to add to the ticket at completion

int in minutes

Offboard User Automation Task Time

automation_task_offboard_user_time

Default time for the "Offboard User" workflow, to add to the ticket at completion

int in minutes

VIP Contact Type

psa_vip_contact_type

Contact Type to set for VIP users

name or id of Contact Type

Adds a field on forms for specific approver email

new_user_manual_approver_field

Allows the field in New User to show up and add a specific e-mail approver

1 or 0 (boolean )

New Ticket for License Purchases

license_purchases_in_new_ticket

When prompting in tickets for license purchases, do so in a new ticket

1 or 0 (boolean )

Board ID for License Tickets

psa_license_purchase_board_id

The PSA Board ID to use when license purchases are in a separate ticket

int board_id for CWM

Active Customer Statuses

psa_active_customer_status

Statuses in PSA for active customer organizations

List of status types from PSA

Default Priority

psa_default_ticket_priority

The default ticket priority that Rewst will use when creating tickets

name or id of ticket status

Default Agreement Name

psa_default_agreement_name

If you set a default agreement in your PSA on ticket creation, enter the name of it here.

str name of agreement

Send From Address

psa_send_from_address

When sending mail, we can set the "replyTo" address to this, to allow for proper ticket responses

str email addr

Store Password in Ticket

psa_store_password_in_ticket

When documenting the password, this will never store it in the ticket if set to false

bool

Microsoft Licensing Distributor

ms_licensing_distributor

Microsoft License Distributor (where to purchase CSP licenses)

pax8 microsoft_csp

Mandatory Licensing Groups

m365_mandatory_license_groups

If you use license groups with Microsoft 365 you can specify those groups here. This allows you to create a group of licenses that the user will be added to if selected.

list of group_names

Username Format

username_format

The format of the users username

flast firstl firstmlast

Preferred Domain Controller

preferred_domain_controller

Choose this DC instead of letting automation decide

ComputerName in RMM

Preferred ADConnect Server

rmm_preferred_adconnect_server

If your ADConnect is on a specific server, specify it here

str hostname of server

On-Prem Exchange Server

onprem_exchange_server

Server name to use if you have on-prem Exchange

ComputerName in RMM

On-Prem Hybrid Exchange

onprem_hybrid_exchange

Set to true to identify this client as using Hybrid Exchange setup (Usage of Enable-RemoteMailbox)

Preferred Phone Number Format

phone_number_format

Format to use for phone numbers (stringifies ints with formatting)

NXX NXX XXXX NXXNXXXXXX NXX-NXX-XXXX NXX.NXX.XXXX

No PSA - Mail to Address

no_psa_mail_address

If there is no PSA, we will mail information to this address

str email addr

On-Prem No AD Sync (not in form)

onprem_no_adsync

If there is no ADSync configured between on-prem and M365 (needs to be added manually)

bool

M365 Usage Location (not in form)

m365_usage_location

Country Code such as "US" or GB"

str

All Internal Notes

psa_all_notes_internal

When adding notes, check if they should all be internal or allowed some external

bool

Crate - Sync Contacts - Report Only

crate_sync_contacts_report_only

If a user is missing, this will create a ticket for them with the relevant user information

bool

No Azure AD

no_azure_ad

ORG Does not use AzureAD

bool

IT Glue Custom Actions

itglue_custom_actions

If the client uses ITG, this will trigger a subworkflow for actions in the user onboarding workflow

bool

PSA Custom Note

psa_custom_note

If the client wants a custom note on a ticket, we can use this variable to branch off on update tickets

string

PSA Custom Actions

psa_custom_actions

Used to allow a sub-workflow execution at the end of the new employee workflow (set to 1 to enable)

bool

PSA Default Ticket Source

psa_default_ticket_source

Used in the Datto creation of the ticket during new user workflow and defines the source of the ticket

int

HUDU Create Contact In Asset

hudu_create_contact_in_asset

Used to create a contact in Hudu and the password and relate them togehter

int

Licensing Choose Subscription

licensing_choose_subscription

Used to decide whether the "Show Subs" option appears in New User Onboarding form

bool

Form Default: Supervisor

form_default_supervisor

Used so that if the form forces a default, this is the value supplied in the if statement

string

Form Default: OU (OrgUnit)

form_default_orgunit

Used so that if the form forces a default, this is the value supplied in the if statement. Example is [{"id": "fb53fb9f-208f-451c-9391-6092eb7c4e1b","label":"OU=Disabled Users,OU=Pedro Users,OU=Pedro Ltd,DC=ad2,DC=pedroaviary,DC=com"}]

list

Form Default: Location

form_default_location

Used so that if the form forces a default, this is the value supplied in the if statement

string

Form Default: Email Domain

form_default_email_domain

Used so that if the form forces a default, this is the value supplied in the if statement

string

Form Default: License SKU

form_default_license_sku

Used so that if the form forces a default, this is the value supplied in the if statement

list

Form Default: Department

form_default_department

Used so that if the form forces a default, this is the value supplied in the if statement. Example is [{"id": "68c2878a-6739-438c-bf5a-d8c2bea39573","label": "Dist Group Two"},{"id": "936eb764-36c4-4ac6-b264-c532caeb217c","label": "Group Me Up Buttercup - Distribution"}]

list

Form Default: On-Prem Groups

form_default_onprem_groups

Used so that if the form forces a default, this is the value supplied in the if statement. Example is [{"id": "68c2878a-6739-438c-bf5a-d8c2bea39573","label": "Dist Group Two"},{"id": "936eb764-36c4-4ac6-b264-c532caeb217c","label": "Group Me Up Buttercup - Distribution"}]

list

Form Default: AAD Groups

form_default_aad_groups

Used so that if the form forces a default, this is the value supplied in the if statement. Example is [{"department": "Jesse"},{"department": "dam"}]

list

Form Default: AAD Security Groups

form_default_security_aad_groups

Used so that if the form forces a default, this is the value supplied in the if statement. Example is [{"department": "Jesse"},{"department": "dam"}]

list

Form Default: AAD Distribution Groups

form_default_distribution_aad_groups

Used so that if the form forces a default, this is the value supplied in the if statement. Example is [{"department": "Jesse"},{"department": "dam"}]

list

Form Default: Default Phone Number

form_default_phone_number

Used in the workflow itself that if the org var is specified, it'll use it if none on the form

string

Form Default: new_user_azure_ad_attributes_to_copy

new_user_azure_ad_attributes_to_copy

Used to specify which properties of the user being copied to apply to the new user Example is ["location","city","street_address","desk_phone","company","usage_location","department","user_title","mobile_phone","postcode","state"]

list

Form Option: Send password via SMS

send_sms_to_user

Sending passwords via SMS carries associated risks. Please be sure that your risk tolerance is considered before enabling this option.

int

CW Control Session Group Override

cw_control_session_group_override

This org variable setting will allow you to use a different session group than All Machines. The session group name needs to match whatever session group you would like to use and is case sensitive. Example: All Machines by Company

string

Manual License Confirmation No Pod Notification

cwm_nopod

This organization variable is used in the manual license purchase workflow, by default the workflow attempts to prompt for approval via a Manage pod. If pods are not configured in your environment then this org variable should be used to override the default behavior which will provide the prompt via a ticket note.

true(string)

New Employee Output Exclusion Variables

onboard_output_ignore_vars

This organization variable is used to override the default output configuration exclusions for the output_context variable. Example value: ["execution_id","organization","originating_execution_id","rewst","sentry_trace","trigger_instance","max_retries","sendMail_from_user_object"]

list

PSA Alert Type Variable (Halo)

psa_alert_ticket_type

This organization variable is used to specify the ticket type for Halo PSA customers in workflows such as the DUO bypass user workflow and Exchange mailbox nearing quota workflow. The type id should be specified (example: 32)

int

PAX8 Unmapped Company Alert Exclusions

pax8_unmapped_alert_ignore_list

This organization variable is used to specify a list of Rewst OrgID's to ignore when creating alerts for the alert_on_unmapped_orgs setting in the "Pax8 Extra License Removal" workflow of the "Alert on Unused M365 Licenses" crate

list

Last updated