Long time listener, first time caller, so I apologize if I missed any reqs for a post. We’re discussing a native way of allowing Helpdesk to generate a token for last resort PW resets within IDN using a mix of forms, event triggers, and/or workflows. A form to get the identity and provide other fields for proofing/accountability. Then use a workflow/event trigger to call the API and return the generated token to the Helpdesk personnel. Trying to avoid PS scripts, Postman, custom app, etc.
I don’t expect a full solution as a response, but if you are willing to share personal experience or high-level steps to accomplishing this, it would be greatly appreciated.
What I really want to know is if this is even possible?
What would be the best way of returning the token/response back to Helpdesk?
@MVKR7T I was hoping to bring this to your attention as the top ambassador, and I see your replies are very knowledgeable on workflows. Any chance you can give some insight on whether this is possible?
Let us say that we build this requirement one or the other way, how do you think Helpdesk will launch this functionality, some button should be there rite ?
We don’t have a way to launch a form or Workflow manually like Quicklinks in SailPoint IdentityIQ if you know about it.
Can you get me some more information on how it will be used by helpdesk ?
@MVKR7T No worries at all. That’s a very fair question that I was hoping for some magic around. There is a part of me that thinks we could build a custom LCS that HD could manually set the identity to, kick off the work flow with an attribute change trigger (e.g. LCS = reset), send form to HD, workflow uses form submitted info to run through the generate-token APIs, return token to HD, HD relays to employee. Typing that out makes me feel this is clunky and inefficient.
At the end of the day, I have a feeling there isn’t going to be a great way to do this natively. If you have any thoughts, I’m open to hearing them. I’m also opening to hearing if you simply don’t think it’s going to be possible one way or the other. Either way, I appreciate the responses!