IIQ 8.3p2
Is there a way to fetch Identity Request Id in workflow once after calling base framework to submit access request using requestManager? I need to get identityrequest id to check its completion status.
hey @DharshiniB !
Let try out to get it by any condition if you can:
IdentityRequest ir = context.getObjectByName(IdentityRequest.class, "request name");
List<IdentityRequest> idReqlist = context.getObjects(IdentityRequest.class, new QueryOptions(Filter.eq("name", "request name")));
one of this options should help you go forward with this topic.
Hi @abartkowski
I will try this out, What we need to keep on request name? Below provided is the snippet that we use for submitting access request, which should we keep for request name.
You have many option how to find the exact one that you need.
I am not sure where you need to find it out.
You could use owner id, name or any other attribute that you are setting up.
If you need to store request id in this workflow you could do something like that:
Add Workflow variable:
<Variable input="true" name="requestId">
<Description>The requestId</Description>
</Variable>
Add argument to for necessary steps
<Arg name="requestId" value="ref:requestId"/>
add code after req variable is created:
requestId = req.getId();
What I don’t fully understand is whether you need to use this request ID in further steps of this workflow or in a completely different place in IIQ. If it’s within this workflow, then it is one of the options I proposed above. However, if you need to find specific requests later in IIQ, you can use the information from my previous post, trying to search in a certain way using query options from the context or the database.
I need it for checking access request status, whether its success or failed, based on status i need to transition for next step for further requirements, correct me if im wrong ,can we able to pass this id in identity request class and fetch its completion status?
Hi
What is the workflow you are trying to do this in?
Is that EH_Request_BASE_Framework a customized version of LCM Provisioning?
yeah its customized workflow of base framework for access request submission.
I need to send mail to application team only if access request is complete successfully, otherwise i should transition the step to stop. But I’m unable to fetch the status.
Hi @abartkowski
Can you please confirm whether i can pass that id in identityrequest class and fetch status?
Best thing you can do is look at identity request in debug. Look at all the attributes that you can see there. Then once you know which one it should be pretty simple to find what is the method to use. For example
<IdentityRequest completionStatus="Incomplete" created="1741429484604" endDate="1741429488091" executionStatus="Completed" id="c0a80a0195751125819575492c3c0176" modified="1741802300621" name="0000001074" priority="Normal" requesterDisplayName="Betty.Young" requesterId="c0a80a01950e1ca581950f49e302075c" significantModified="1741802300621" source="LCM" state="End" targetClass="Identity" targetDisplayName="Betty.Young" targetId="c0a80a01950e1ca581950f49e302075c" type="AccessRequest" verified="1741802300570">
<Attributes>
<Map>
<entry key="approvalSummaries">
<value>
<List>
<ApprovalSummary completer="Michael.Miller" endDate="1741429485487" owner="Michael.Miller" request="Manager Approval - Account Changes for User: Betty.Young" startDate="1741429485075" state="Finished" workItemId="c0a80a0195751125819575492de00177" workItemType="Approval">
<ApprovalSet>
<ApprovalItem application="IIQ" assignmentId="c9f80c4616b84f9e9d17fb8f969f8c40" displayName="Role" displayValue="Accounts Receivable" id="8c8c660558d347e298a8c1ea6456a189" name="assignedRoles" operation="Add" state="Finished" value="Accounts Receivable">
<Attributes>
<Map>
<entry key="attachmentConfigList"/>
<entry key="attachments"/>
<entry key="flow" value="AccessRequest"/>
<entry key="interface" value="LCM"/>
<entry key="operation" value="RoleAdd"/>
</Map>
</Attributes>
</ApprovalItem>
this is fragment of identity request xml. Maybe you need completionStatus or executionStatus or somthing else? If it’s an attribute there most likely is a getter method.
and how to get that identity request same thing could be name or id, so just use that in you getObjectBy name or id method.
Does that help?
I tried to filter using queryoptions to fetch identityrequest, but i couldn’t find it. Is it not possible to fetch in workflow maybe its still not created while trying to fetch?
In LCM Provisioning workflow there is a step with sub workflow “Identity Request Initialize” that creates the IdentityRequest so you should have identityRequestId atttribute available.
Yes, i tried to fetch that in next step but im not able to get it, but i can able to see identity request in debug already created, in same workflow im not able to get it
Do you have this step in your workflow?
<Step icon="Task" name="Initialize" posX="134" posY="10">
<Arg name="flow" value="ref:flow"/>
<Arg name="formTemplate" value="Identity Update"/>
<Arg name="identityName" value="ref:identityName"/>
<Arg name="identityDisplayName" value="ref:identityDisplayName"/>
<Arg name="launcher" value="ref:launcher"/>
<Arg name="optimisticProvisioning" value="ref:optimisticProvisioning"/>
<Arg name="plan" value="ref:plan"/>
<Arg name="workItemPriority" value="ref:workItemPriority"/>
<Arg name="policiesToCheck" value="ref:policiesToCheck"/>
<Arg name="policyScheme" value="ref:policyScheme"/>
<Arg name="source" value="ref:source"/>
<Arg name="trace" value="ref:trace"/>
<Arg name="requireViolationReviewComments" value="ref:requireViolationReviewComments"/>
<Arg name="allowRequestsWithViolations" value="ref:allowRequestsWithViolations"/>
<Arg name="enableRetryRequest" value="ref:enableRetryRequest"/>
<Arg name="batchRequestItemId" value="ref:batchRequestItemId"/>
<Arg name="endOnProvisioningForms" value="ref:endOnProvisioningForms"/>
<Arg name="endOnManualWorkItems" value="ref:endOnManualWorkItems"/>
<Description>
Call the standard subprocess to initialize the request, this includes
auditing, building the approvalset, compiling the plan into
project and checking policy violations.
</Description>
<Return name="project" to="project"/>
<Return name="approvalSet" to="approvalSet"/>
<Return name="policyViolations" to="policyViolations"/>
<Return name="identityRequestId" to="identityRequestId"/>
<Return name="violationReviewDecision" to="violationReviewDecision"/>
<Return merge="true" name="workItemComments" to="workItemComments"/>
<WorkflowRef>
<Reference class="sailpoint.object.Workflow" id="0a00004a86b21ea18186b22f47ab02ef" name="Identity Request Initialize"/>
</WorkflowRef>
<Transition to="Exit On Manual Work Items" when="script:(isTrue(endOnManualWorkItems) && (project.getUnmanagedPlan() != null))"/>
<Transition to="Exit On Provisioning Form" when="script:(isTrue(endOnProvisioningForms) && (project.hasQuestions()))"/>
<Transition to="Exit On Policy Violation" when="script:("cancel".equals(violationReviewDecision) || ((size(policyViolations) > 0 ) && (policyScheme.equals("fail"))))"/>
<Transition to="Create Ticket"/>
</Step>
It’s part of ootb LCM provisioning
Yes, Actually I have a Quicklink to create guest account creation in azure , in the workflow step i have a provisioning plan to create account and provision the account into one group in the step im calling base framework for access request submission. So i need to get that requests completion status to check if it’s failed or completed to transition to next following steps.
As you can see above that step will return identityRequestId so you should pass that into your step that check for the status.
<Arg name="identityRequestId" value="ref:identityRequestId"/>
I tried this way, i can able to see it in debug on identityrequest xml
but in workflow its printing as null.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.