Cert Campaign created in Workflow does not filter

Hi Team,

I have created a workflow that creates a cert campaign and I have added a Campaign filter in the configuration. When I execute a test the filter is not excluding the items I have listed. Has anyone ran across this with campaigns created through Workflows? Below is a snippet of the operation.

},
"Create Certification Campaign ": {
“actionId”: “sp:create-campaign”,
“attributes”: {
“activateUponCreation”: false,
“deadline”: “7d”,
“description”: “User access review on the identity - {{$.getIdentity.attributes.displayName}} , with recent changes on job, such as title, location, department”,
“duration”: “7d”,
“emailNotificationEnabled”: false,
“filter”: {
“id”: “xyz”,
“type”: “CAMPAIGN_FILTER”
},
“name”: “Role\Job change certification for {{$.getIdentity.attributes.displayName}}”,
“recommendationsEnabled”: false,
“reviewerCertificationType”: “IDENTITY”,
“reviewerId.$”: “$.getIdentity.managerRef.id”,
“reviewerIdentitiesToCertify.$”: “$.trigger.identity.id”,
“type”: “REVIEWER_IDENTITY”,
“undecidedAccess”: false
},
“description”: null,
“displayName”: “”,
“nextStep”: “End Step - Success 1”,
“type”: “action”,
“versionNumber”: 2
},

Unfortunately, the Create Certification Campaign action doesn’t allow the use of a filter when doing an Identity certification type. You can use a filter if you do an Access certification.

https://documentation.sailpoint.com/saas/help/workflows/workflow-actions.html#create-certification-campaign

Try a search-based campaign instead.

"Create Campaign": {
                "actionId": "sp:http",
                "attributes": {
                    "authenticationType": "OAuth",
                    "jsonRequestBody": {
                        "autoRevokeAllowed": true,
                        "deadline": "<insert logic>",
                        "description": "<insert description>",
                        "emailNotificationEnabled": false,
                        "filter": {
                            "id": "<campaign filter id>",
                            "type": "CAMPAIGN_FILTER"
                        },
                        "mandatoryCommentRequirement": "NO_DECISIONS",
                        "name": "<name>",
                        "recommendationsEnabled": false,
                        "searchCampaignInfo": {
                            "accessConstraints": null,
                            "description": "<description>",
                            "identityIds": null,
                            "query": "id:{{$.trigger.identity.id}}",
                            "reviewer": {
                                "id": "<reviewer ID>",
                                "name": null,
                                "type": "IDENTITY"
                            },
                            "reviewerId": "<reviewer ID>",
                            "type": "IDENTITY"
                        },
                        "type": "SEARCH"
                    },
                    "method": "post",
                    "oAuthClientId": "<PAT>",
                    "oAuthClientSecret": "<PAT>",
                    "oAuthScope": null,
                    "oAuthTokenUrl": "<tenant OAuth>",
                    "requestContentType": "json",
                    "url": "https://<tenant>.api.identitynow.com/v3/campaigns"
                },
                "displayName": "",
                "nextStep": "<next step>",
                "type": "action",
                "versionNumber": 2
            }

Hi Margo, thanks for chiming in. Does this search-based campaign work through a workflow definition?

Hi Carl thanks for this. Have you seen this done through Workflows?

Yes! The sample provided is a JSON representation of a step in a Workflow

Now this is awesome! Let me give this a go. I’ll keep you posted my friend.

Morning Margo - just wanted to circle back with you on your suggestion. It worked as expected in my workflow. Thanks a bunch for this my friend. You have a new handle. #lifesaver.