Custom workflow for Extend Contractor

Venkatesh0510 · December 18, 2025, 6:35am

I Have created custom workflow which is launching via quick link to update Extending contractor accountExpires value in AD.

Quicklink Extend contractor form>>Entering accountExpires date>> workflow will launch>>setting Identity Attributes >> building Modify plan for AD to update accountExpires and executing plan using Provisioner>> creating Audit Event.

when i do this process, provisioning plan is getting two values for same attribute accountExpires due to provisioning policy update account form and in provisioning transaction channel is showing as Filtered.

I have tried to remove the attribute in update account policy, still in provisioning transaction channel is showing Filtered.

Fyi. same process when i did in development environment is working fine, when i do in production facing the issue.

Could you please any one suggest how to overcome this.

Fyi. Attribute sync also there for that attribute accountExpires

msingh900 · December 18, 2025, 10:45am

Hi @Venkatesh0510

Requests gets filtered in the Access Request when the value that you are trying to add is already there. SailPoint engine does it automatically. So, Can you please verify the data of the user accountExpires in SailPoint identity attribute and also the account attribute value in AD.

Let me know if you get the data or have any more questions regarding this.

Thanks

Manish Singh

Venkatesh0510 · December 18, 2025, 11:22am

It is not an Access Request we are sending accountExpires value from quick link form to update AD attribute using workflow.

Provisioning policy also having same attribute and defined rule in value settings.

while compiling the provisioning plan we are getting two values
one is from quicklink workflow form and one is from provisioning policy form.

Due to this, provisioning is failing and in provisioninig transactions coming as Filtered Requests.

aakashpandita · December 18, 2025, 12:27pm

can you try to remove one of the value from plan using Before Prov Rule of the application.
you can check and if duplicate values are present then remove the one which is not required.

Venkatesh0510 · December 18, 2025, 12:29pm

Hi @aakashpandita ,

Can you provide any sample code snippet if you have handy with you.

aakashpandita · December 18, 2025, 12:32pm

I will be able to help you better if you can share what the final plan is getting created for you, then i will be able to share a better code.

Venkatesh0510 · December 18, 2025, 12:54pm

Hi @aakashaakash,

After compiling plan using provisioner, project is like below.project:

1767033000000 Exists Exists Exists Exists Exists Exists Exists Exists Exists Exists Exists Exists 134115066000000000 134115066000000000 1767033000000

Before provisioning plan:The before plan is:::

134115066000000000 1767033000000

After prov plan:the after plan is:::::

134115066000000000 1767033000000

after executing the above project using provisioner:

<?xml version='1.0' encoding='UTF-8'?> 134115066000000000

please let me know if you need anything from me.

aakashpandita · December 19, 2025, 5:32am

I dont see the plan. is this a formatting issue or what?
I am expecting Plan, AccountRequest, AttributeRequest all that data.

Venkatesh0510 · December 21, 2025, 5:43am

Hi @aakashpandita,

please find the attached text file.

new 23.txt (8.8 KB)

aakashpandita · December 22, 2025, 7:04am

This code will remove the duplicate AttributeRequest from your Plan. Please make sure to provide appropriate conditions(if-else) since this will be placed in Before-Provisioning Rule and it will impact all application level process.

  AccountRequest newAccountRequest = new AccountRequest();
  List accReqs = plan.getAccountRequests();
  AccountRequest accReqToRemove = accReqs.get(0);
  for(AccountRequest accReq : accReqs )
  {
	// create new account request and remove old one	
	newAccountRequest.setApplication(accReq.getApplicationName());
	newAccountRequest.setNativeIdentity(accReq.getNativeIdentity());
	newAccountRequest.setOperation(ProvisioningPlan.AccountRequest.Operation.Modify);
  
	AttributeRequest newAttributeRequest = new AttributeRequest();
	newAttributeRequest.setName("accountExpires");
	newAttributeRequest.setOperation(ProvisioningPlan.Operation.Set);
	
	List attrReqs = accReq.getAttributeRequests();
	for(AttributeRequest attrReq : attrReqs)
	{
		// check whether you want to add first or second value
		newAttributeRequest.setValue(attrReq.getValue());
		break;
	}
	List attrReqList = new ArrayList();
	attrReqList.add(newAttributeRequest);
	newAccountRequest.setAttributeRequests(attrReqList);
  }
  plan.remove(accReqToRemove);
  plan.add(newAccountRequest);

Topic		Replies	Views
Update Provisioning Policy behavior ISC Discussion and Questions identity-security-cloud , provisioning , connectors	3	73	October 27, 2025
De provisioning value IIQ Discussion and Questions identityiq , provisioning	3	40	July 30, 2025
Why does attributes set in JDBC modify account provisioning policy not come up in provisioining plan in IDN ISC Discussion and Questions identity-security-cloud , provisioning	12	549	July 13, 2024
Getting error in provisioning plan IIQ Discussion and Questions workflows , rules , identityiq , provisioning	10	379	August 30, 2024
Reference a provisioning plan attribute in my provisioning policy ISC Discussion and Questions transforms , identity-security-cloud , provisioning	5	1426	January 21, 2024

Custom workflow for Extend Contractor

Related topics