Fetch Entitlement name from the Access Profile in the Workflow with Access Request Decision Trigger

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hello,

We need to fetch entitlement name from the Access Profile requested. I’m using Access Request Decision Trigger and trying to use Search query in GET ACCESS Step. I’ve passed search query as name:$.trigger.requestedItemsStatus[0].name and it returns only access profile’s name, id and type. However, I need the entire json object of that access profile requested so that I can retrieve the entitlement name from it.

Let me know if further details needed.

Regards,
Jai.

2

The “Get Access” action returns an output that is suitable for use in “Manage Access”, hence the reason you are not seeing the full access profile object representation. To get the full representation, you will need to use an HTTP Request action against the appropriate API endpoint. In your case, you can configure the HTTP Request action as follows:

image
image373×878 36.5 KB

image
image402×875 34.4 KB

You will need to configure your authentication details according to your personal access token, and the request URL should be https://{tenant}.api.identitynow.com/beta/access-profiles/{{$.trigger.requestedItemsStatus[0].id}}

The output of this request will follow the schema of the get access profile API. For example:

{
  "id": "2c91808a7190d06e01719938fcd20792",
  "name": "Employee-database-read-write",
  "description": "Collection of entitlements to read/write the employee database",
  "created": "2021-03-01T22:32:58.104Z",
  "modified": "2021-03-02T20:22:28.104Z",
  "enabled": true,
  "owner": {
    "type": "IDENTITY",
    "id": "2c9180a46faadee4016fb4e018c20639",
    "name": "support"
  },
  "source": {
    "id": "2c91809773dee3610173fdb0b6061ef4",
    "type": "SOURCE",
    "name": "ODS-AD-SOURCE"
  },
  "entitlements": [
    {
      "id": "2c91809773dee32014e13e122092014e",
      "type": "ENTITLEMENT",
      "name": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local"
    }
  ],
  "requestable": true,
  "accessRequestConfig": {
    "commentsRequired": true,
    "denialCommentsRequired": true,
    "approvalSchemes": [
      {
        "approverType": "GOVERNANCE_GROUP",
        "approverId": "46c79819-a69f-49a2-becb-12c971ae66c6"
      }
    ]
  },
  "revocationRequestConfig": {
    "approvalSchemes": [
      {
        "approverType": "GOVERNANCE_GROUP",
        "approverId": "46c79819-a69f-49a2-becb-12c971ae66c6"
      }
    ]
  },
  "segments": [
    "f7b1b8a3-5fed-4fd4-ad29-82014e137e19",
    "29cb6c06-1da8-43ea-8be4-b3125f248f2a"
  ],
  "provisioningCriteria": {
    "operation": "OR",
    "children": [
      {
        "operation": "AND",
        "children": [
          {
            "attribute": "dn",
            "operation": "CONTAINS",
            "value": "useast"
          },
          {
            "attribute": "manager",
            "operation": "CONTAINS",
            "value": "Scott.Clark"
          }
        ]
      },
      {
        "operation": "AND",
        "children": [
          {
            "attribute": "dn",
            "operation": "EQUALS",
            "value": "Gibson"
          },
          {
            "attribute": "telephoneNumber",
            "operation": "CONTAINS",
            "value": "512"
          }
        ]
      }
    ]
  }
}
1 Like
3

Thanks for the Idea. It is working as expected :slight_smile:

1 Like