Access Request Provisioning Failure

Hello developers,

We have the situation in IdentityNow where we have applications containing Access Profiles with Active Directory groups. These have an approval flow attached to them. Last week we had an issue with the active directory source and that caused the provisioning to fail. So after being requested and approved, the provisioning step failed.

This provisioning is not automatically retried. Is there a way that we can still provision the access without having the user go through the request/approval process again?

Thank you for your input,
Mike

Hi Mike,

Did you find any solution for this. We are facing a similar issue as well.

Regards,
Rashmi

did you configure retryable error on your ad source? If not would recommend setting that up for common errors. That will help with future such scenarios. For the current scenario , you might need to retrigger operation.
Also note that some common errors like ConnectException and NoRouteToHostException are already identified and retried by IDN automatically.

Hi @aditya_pathak ,

Thank you for your response. How can we configure the retryable errors in sources?

Thank you in advance.

Hey Aditya,
For Access Request Failures does the retry functionality of IdentityNow work ? what I have seen is if it fails you need to retry your operation if it is access request failure?

You need to amend source JSON to add entry, for example -

“retryableErrors”: [
“Unknown Host”,
“Service Unavailable”
],

Also refer Provisioning Overview - SailPoint Identity Services Error section

As per my understanding, retryableErrors are for every provisioning transaction defined per source.

Note that different types of provisioning process in IdentityNow have its own defined frequency and count for automated retries.

It worked, Thank you Aditya !!

Thanks Aditya it worked

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.