Event Triggers and Generating Campaigns

First, I want to say I found the recording of the SailPoint / AWS ‘Howdy Partner’ event really helpful in understanding how to setup EventBridge to see and handle Events from IdentityNow - so thanks!

I have used the example provided in the demo (@neil.mcglennon) and the code for the AWS Lamdba to generate a campaign following a change in an Identity Attribute. And it works, sort of!

The main issue is with the activation of the campaign: it mostly fails (not every time) with an error 'IllegalArgumentException: Campaign xxxxxxxxxxxxxxx is not in a Staged Status. Only Staged campaigns can be activated. I think the problem is a race condition - the AWS Lambda code is generating the campaign and trying to activate it before it is ready (‘staged’).

My question is, how do I extend the code to ensure the activation call works every time?

I have extended the example code to try an ‘sleep’ to introduce a delay - but that is not certain to work.

I will be extending the project (as time permits): I have already modified the code to lookup the subjects Manager to dynamically select the reviewer for the campaign - which seems to work ok. I will work on other models for selecting different campaign reviewers such as role owner. I will also extend the code to set the campaign duration to a week from creation.

@adrianhannen, thanks for posting this question. Neil is going to pop over and share his thoughts on the best path forward you when he has a meeting-free moment today. Hang tight!

Hi @adrianhannen,

Thanks for watching the AWS Howdy Partner session! I am glad you found it helpful!

In order to create a certification via our API, there are two steps. First, you call an API to create a certification. Once this is created, it is generated and goes into a “staged” status. Once that is complete, then you can second, call an API to activate it so end users can see it. You should be able to see those API calls in the AWS Lambda provided.

The error you are are seeing is because you are attempting to activate a certification that is not quite in the “staged” status yet - i.e. it is still generating.

As a quick solution, you can setup a delay or sleep in between API calls to give it more time to generate.

As a long-term solution, this isn’t ideal. The SailPoint take-away is it would be able to be better to be able to call into our create certification APIs and skip the “staging” and go immediately to the “active” stage. That might be something @jordan.violet or @colin_mckibben can take-away with our API product teams.

I hope this helps!

1 Like

Thanks for the quick response.
I kinda thought that would be the case.
I will invest some time to see if I can poll a campaign for it’s state and when ‘staged’, fire in the ‘activate’ call.

1 Like

Thanks @adrianhannen - Let us know what you end up building!

1 Like

Hi Neil,

I am trying to find the inputs for Certification Campaign creation. Could you please share the AWS Howdy Partner session which have these details?

Thank you!

Hey @sailajaprathi,

I believe this might be the link you are looking for:

Hi Michael,

Thank you for the link.

1 Like

No Problem, I am happy to help!

1 Like

I’m getting this same error, have you found a way to poll the campaign for its state, so I can then do the activate?

Or does anyone have a good guess on what the delay should be?

@chrisp You can use this endpoint. You just need to supply the campaign ID and then check the status property. When you are ready to activate, you can use activate-campaign | SailPoint Developer Community.

Thanks Colin. This should be very helpful.

This demo was awesome and the use case of firing off a cert campaign on attribute change has to be something almost every IdN customer wants.

Is there plans to extend event trigger “Subscription Type” options? If I could select “Manager Certification” with a couple configurable options and the 3 required API calls were made for me behind the scenes, that would be a game changer.