Email Notification after Entitlement Removal via Workflow

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
8

I think the token is fine, because my token is sp:scopes:all, but I was wondering if the Request URL cannot work like this, because what we deliver here is the “value” of the entitlement that we deliver with {{$.trigger.accountRequests[0].attributeRequests[0].attributeValue}}, but on get-entitlement | SailPoint Developer Community it requires the “id” instead in the Request URL, but the JSON trigger structure doesn’t deliver the id. On Triggers - SailPoint Identity Services the structure is shown like below, so I wonder if it cannot work like this. Is there any other way how I can fetch the id beforehand to get the displayname in the end?

{
“trackingNumber”:“4b4d982dddff4267ab12f0f1e72b5a6d”,
“action”:“IdentityRefresh”,
“requester”:{
“id”:“2c91808b6ef1d43e016efba0ce470906”,
“name”:“Adam Admin”,
“type”:“IDENTITY”
},
“recipient”:{
“id”:“2c91808b6ef1d43e016efba0ce470909”,
“name”:“Ed Engineer”,
“type”:“IDENTITY”
},
“errors”:[
“General Error”,
“Connector AD Failed”
],
“warnings”:[
“Notification Skipped due to invalid email”
],
“sources”:“Corp AD, Corp LDAP, Corp Salesforce”,
“accountRequests”:[
{
“source”:{
“id”:“4e4d982dddff4267ab12f0f1e72b5a6d”,
“name”:“Corporate Active Directory”,
“type”:“SOURCE”
},
“accountId”:“CN=example,ou=sample,ou=test,dc=ex,dc=com”,
“accountOperation”:“Modify”,
“provisioningResult”:“committed”,
“provisioningTarget”:“Corp AD”,
“ticketId”:“72619262”,
“attributeRequests”:[
{
“operation”:“Add”,
“attributeName”:“memberOf”,
“attributeValue”:“CN=admin,DC=training,DC=com”
}
]
}
]
}

I also tried it with the value via Postman where it failed as well. It only works if I take the id.

But I think it should work with this API list-entitlements | SailPoint Developer Community. In Postman I can filter here for the value.

Screenshot 2024-08-08 085059
Screenshot 2024-08-08 0850591091×547 76.8 KB

But I don’t know how I can apply this in the HTTP Request action. I tried to add it in query parameters, but it doesn’t work as it will still fetches the whole list of entitlements afterwards. On the page Using Workflow’s HTTP Request Action to Work With IdentityNow APIs - Identity Security Cloud (ISC) / ISC Show and Tell - SailPoint Developer Community it is described to put it in a format like "filters:identityId eq “{{$.trigger.identity.id}}” ", but the worklow query parameter only has 2 fields where I first need to provide the attribute and then the respective content. So, I’m not sure how to set this filter on the action item via Workflows.

image

With kind regards

Fabienne