Hi Team,
I am generating the source owner certification campaign to remove access in one source when user becomes inactive using workflows. Can we remove the entitlement/access profiles in that certification automatically without taking any decision on the certification.
Hi @sgonuguntla
Yes once you create your campaign you can complete it by using complete-campaign | SailPoint Developer Community but before you must update campaign Due date before try to complete.
In your workflow can create campaign, activate it, wait 2 min, update due date and then complete campaign.
Here an example of completing campaign in Workflow by using HTTP Request :
Hi @sgonuguntla
If you want to revoke the access of inactive users to a specific system/app, and revoking the access doesn’t need approval, then instead of creating the source owner cert, you should be able to achieve this by creating a workflow e.g
-Identity Attributes Changed (Trigger) - set a filter when cloudLifecycleState is set to inactive.
-Get Access (Action) - get the user current access
-Verify Data Type (operator) - does the user has the access to the system/app (validation)
-If not, end the workflow
-If yes, Manage Access (action) - remove the access
-End the workflow
Thanks for the reply.I am currently creating a campaign using HTTPRquest action in the workflow. I am trying to get the campaign name from the body of that create certification campaign HTTP Request action but it is saying not a valid JSON expression.
below is the JSON I am trying to include in the Request URL of the HTTPRequest action which we are using for complete the campaign
https://details
.api.identitynow.com/v3/campaigns/${HTTPRequest.body.name}/complete
For creating campaign or activating, it is better to use campaign actions that you already have into workflow Actions - SailPoint Identity Services rather than using HTTP Request action. You can use it only for completion or due date settings.
And for completion you need newly created Campaign id and not name.
below is the sample you can use
"Autocomplete Leaver Campaign": {
"actionId": "sp:http",
"attributes": {
"authenticationType": "OAuth",
"jsonRequestBody": {
"autoCompleteAction": "REVOKE"
},
"method": "post",
"oAuthClientId.$": "$.defineVariable3.clientId",
"oAuthClientSecret": " ",
"oAuthCredentialLocation": "oAuthInHeader",
"oAuthScope": null,
"oAuthTokenUrl": "https://{{$.defineVariable3.baseUrl}}/oauth/token",
"requestContentType": "json",
"requestHeaders": "Content-Type:application/json",
"url": "https://{{$.defineVariable3.baseUrl}}/v3/campaigns/{{$.hTTPRequest.body.id}}/complete"
},
"catch": [
{
"next": "Define Variable 2"
}
],
"description": "Use the Identity Security Cloud Complete a Campaign API to auto-complete the generated Campaign and remove all access within",
"nextStep": "Get Accounts",
"type": "action",
"versionNumber": 2
},
I am trying to create a campaign using OOTB action create certificate campaign as you suggested and trying to complete the campaign by taking the id of the campaign from create certification campaign using HTTP request action but throwing an error “request failed and check request URL”.below is the reuqest url I am providing
“https://details.api.identitynow.com/beta/campaigns/{{$.createCertificationCamapign.id}}/complete”
we are ok that details in your url is your tenant name ?
yes details are nothing but my tenant details
1 Like
Did you check error message in details ?
“404 not found”,The server did not find a current representation for the target source is the error
You can get the different approach here Workflow to remove ALL leavers' standing access which includes Workflow JSON.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.