Hi All,
Any idea at which point Account Selection will happen in LCM Provisioning Workflow.
We raise access request from another interface and that interface call SCIM api to launch the workflow. While launching workflow we need to send for which account the underlying entitlement in the role. Users will have multiple accounts in the application.
In the Launch Workflow SCIM API, they will send for which account entitlements need to be assigned.
I know evaluation happens in the Account Selector Rule but before that only we need to do.
If your third-party interface knows which account (and has the native identifier of that account), then when you call the /LaunchedWorkflows SCIM endpoint - you can supply a provisioning plan (the ‘plan’ input variable to LCM Provisioning workflow) that already has the correct nativeIdentity attribute set at the AccountRequest level.
If you want to see what a normal ProvisioningPlan looks like when passed to the LCM Workflow, you can do the following in your development environment:
- Open the LCM Workflow object in Debug mode
- Change the ‘trace’ input variable initializer to ‘true’
<Variable initializer="true" name="trace">
<Description>
Used for debugging this workflow and when set to true trace
will be sent to stdout.
</Description>
</Variable>
- Make an access request similar to what you’d like to invoke from your external tool
- Now, find your IdentityIQ logs and you’ll see the workflow as it was executed - from this you can see all the input variables, including the ‘plan’ variable to capture what the XML should look like.
1 Like