Problem
My business utilizes the file upload utility to run regular aggregations for our flat file sources. We had two sources that their files were no longer being uploaded due to a problem with the delivered reports, so no account aggregation was initiated. Unlike non-flat file sources where this results in a failure to alert on, no action was initiated to fail in the first place. This caused a certification to miss dozens of users and updated entitlements.
Diagnosis
No alerting of stale sources is available in SailPoint ISC so I needed a way to find the last successful account aggregation date and alert my team if that date was greater than a week to investigate the issue.
Solution
I ended up creating a workflow to get all sources and then run a search query on each one for their most recent successful account aggregation event. One note is that I do exclude all known static sources from my initial source search. My definition of static is a source that is manually updated on an as needed basis vs on a schedule.
Workflow screenshot:
I am using a send email action here to alert but will likely be switching it to create an issue ticket in my ITSM solution instead.
I had initially formed my idea by reading through this thread if anyone wants to look through it as well, workflow-to-get-list-of-sources-and-their-last-aggregation-date-to-send-email-remainder-to-aggregate-source.
Feel free to use my workflow file in your own tenant. Tenant names will need to be added as well as client IDs and secrets for the API calls.
AlertOnStaleConnectorData.json (3.9 KB)
I hope this helps!