Http Certification Campaign in Workflows failing

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi Team,

I created a workflow ensures that any change in a particular attribute triggers a manager review campaign. I am using the HTTP method to create a search based campaign that contains a filter. The workflow successfully executes until it get’s to the HTTP portion but I am not sure what I am missing. Has anyone seen this done before? Below is the Draft



{“name”: “number2”,“description”: “Creates and starts a certification campaign when an identity’s cost_center_id, location is changed”,“modified”: “2025-09-30T00:07:37.154081583Z”,“modifiedBy”: {“type”: “IDENTITY”,“id”: “x”,“name”: “x”},“definition”: {“start”: “Get Identity”,“steps”: {“Compare Strings”: {“actionId”: “sp:compare-strings”,“choiceList”: [{“comparator”: “StringEquals”,“nextStep”: “Get Identity 2”,“variableA.$”: “$.getIdentity1.attributes.cloudLifecycleState”,“variableB”: “active”}],“defaultStep”: “Get Identity 3”,“description”: “Check LCS to make sure they are active - may not be necessary”,“displayName”: “is old Manager active”,“type”: “choice”},“Create Manager Certification Campaign 1”: {“actionId”: “sp:http”,“attributes”: {“authenticationType”: “OAuth”,“jsonRequestBody”: {“autoRevokeAllowed”: true,“deadline”: “7d”,“description.$”: “$.getIdentity.attributes.displayName”,“emailNotificationEnabled”: false,“filter”: {“id”: “x”,“type”: “CAMPAIGN_FILTER”},“mandatoryCommentRequirement”: “NO_DECISIONS”,“name.$”: “$.getIdentity.attributes.displayName”,“recommendationsEnabled”: false,“searchCampaignInfo”: {“description”: “”,“query.$”: “$.trigger.identity.id”,“reviewer”: {“id.$”: “$.trigger.attributes.manager.id”,“type”: “IDENTITY”},“reviewerId.$”: “$.trigger.attributes.manager.id”,“type”: “IDENTITY”},“type”: “SEARCH”},“method”: “post”,“oAuthClientId”: “8b6ce4b67d8c43749e5d336dbe5d7908”,“oAuthCredentialLocation”: “oAuthInBody”,“oAuthTokenUrl”: “https://XXXX.api.identitynow.com/oauth/token”,“requestContentType”: “json”,“url”: “https://XXXX.api.identitynow.com/v3/campaigns”},“displayName”: “Create Campaign via HTTP”,“nextStep”: “End Step - Success 1”,“type”: “action”,“versionNumber”: 2},“Create Manager Certification Campaign 2”: {“actionId”: “sp:http”,“attributes”: {“authenticationType”: “OAuth”,“jsonRequestBody”: {“autoRevokeAllowed”: true,“deadline”: “7d”,“description.$”: “$.getIdentity.attributes.displayName”,“emailNotificationEnabled”: false,“filter”: {“id”: “x”,“type”: “CAMPAIGN_FILTER”},“mandatoryCommentRequirement”: “NO_DECISIONS”,“name.$”: “$.getIdentity.attributes.displayName”,“recommendationsEnabled”: false,“searchCampaignInfo”: {“description”: “”,“query.$”: “$.trigger.identity.id”,“reviewer”: {“id.$”: “$.trigger.attributes.manager.id”,“type”: “IDENTITY”},“reviewerId.$”: “$.trigger.attributes.manager.id”,“type”: “IDENTITY”},“type”: “SEARCH”},“method”: “post”,“oAuthClientId”: “x”,“oAuthCredentialLocation”: “oAuthInBody”,“oAuthTokenUrl”: “https://XXXX.api.identitynow.com/oauth/token”,“requestContentType”: “json”,“url”: “https://XXXX.api.identitynow.com/v3/campaigns”},“displayName”: “Create Campaign via HTTP”,“nextStep”: “End Step - Success 1”,“type”: “action”,“versionNumber”: 2},“Create Manager Certification Campaign 3”: {“actionId”: “sp:http”,“attributes”: {“authenticationType”: “OAuth”,“jsonRequestBody”: {“autoRevokeAllowed”: true,“deadline”: “7d”,“description.$”: “$.getIdentity.attributes.displayName”,“emailNotificationEnabled”: false,“filter”: {“id”: “x”,“type”: “CAMPAIGN_FILTER”},“mandatoryCommentRequirement”: “NO_DECISIONS”,“name.$”: “$.getIdentity.attributes.displayName”,“recommendationsEnabled”: false,“searchCampaignInfo”: {“description”: “”,“query.$”: “$.trigger.identity.id”,“reviewer”: {“id.$”: “$.trigger.changes[?(@.attribute==‘manager’)].oldValue.id”,“type”: “IDENTITY”},“reviewerId.$”: “$.trigger.changes[?(@.attribute==‘manager’)].oldValue.id”,“type”: “IDENTITY”},“type”: “SEARCH”},“method”: “post”,“oAuthClientId”: “x”,“oAuthClientSecret”: “x”,“oAuthCredentialLocation”: “oAuthInBody”,“oAuthTokenUrl”: “https://XXXX.api.identitynow.com/oauth/token”,“requestContentType”: “json”,“url”: “https://XXXX.api.identitynow.com/v3/campaigns”},“displayName”: “Create Campaign via HTTP”,“nextStep”: “End Step - Success 1”,“type”: “action”,“versionNumber”: 2},“End Step - Success 1”: {“actionId”: “sp:operator-success”,“displayName”: “”,“type”: “success”},“Get Access”: {“actionId”: “sp:access:get”,“attributes”: {“accessprofiles”: true,“entitlements”: true,“getAccessBy”: “specificIdentity”,“identityToReturn.$”: “$.getIdentity.id”,“roles”: true},“displayName”: “”,“nextStep”: “Verify Data Type 1”,“type”: “action”,“versionNumber”: 1},“Get Identity”: {“actionId”: “sp:get-identity”,“attributes”: {“id.$”: “$.trigger.identity.id”},“displayName”: “”,“nextStep”: “Get Access”,“type”: “action”,“versionNumber”: 2},“Get Identity 1”: {“actionId”: “sp:get-identity”,“attributes”: {“id.$”: “$.trigger.changes[?(@.attribute==‘manager’)].oldValue.id”},“displayName”: “Get Old Manager Identity”,“nextStep”: “Compare Strings”,“type”: “action”,“versionNumber”: 2},“Get Identity 2”: {“actionId”: “sp:get-identity”,“attributes”: {“id.$”: “$.trigger.changes[?(@.attribute==‘manager’)].oldValue.id”},“displayName”: “”,“nextStep”: “Create Manager Certification Campaign 3”,“type”: “action”,“versionNumber”: 2},“Get Identity 3”: {“actionId”: “sp:get-identity”,“attributes”: {“id.$”: “$.trigger.changes[?(@.attribute==‘manager’)].newValue.id”},“displayName”: “”,“nextStep”: “Create Manager Certification Campaign 1”,“type”: “action”,“versionNumber”: 2},“Get Identity 4”: {“actionId”: “sp:get-identity”,“attributes”: {“id.$”: “$.trigger.changes[?(@.attribute==‘manager’)].oldValue.id”},“displayName”: “”,“nextStep”: “Create Manager Certification Campaign 2”,“type”: “action”,“versionNumber”: 2},“Verify Data Type 1”: {“actionId”: “sp:compare-unary”,“choiceList”: [{“comparator”: “IsPresent”,“nextStep”: “Get Identity 1”,“variableA.$”: “$.trigger.changes[?(@.attribute == ‘manager’)]”}],“defaultStep”: “Get Identity 4”,“displayName”: “did manager change?”,“type”: “choice”}}},“creator”: {“type”: “IDENTITY”,“id”: “x”,“name”: “x”},“trigger”: {“type”: “EVENT”,“attributes”: {“description”: “$.trigger.changes[?(@.attribute == ‘costCenterId’ || @.attribute == ‘physicalOffice’)]”,“filter.$”: “$.trigger.changes[?(@.attribute == ‘costCenterId’ || @.attribute == ‘physicalOffice’)]”,“id”: “idn:identity-attributes-changed”}}}
2

Hi @kgrant

Please share the execution file for looking into the error

Thank you

3

Hi Tarlapally,

Here you go

{
“authenticationType”: “OAuth”,
“basicAuthPassword”: null,
“basicAuthUserName”: null,
“csvRequestBody”: null,
“formRequestBody”: null,
“headerAuthName”: null,
“headerAuthValue”: null,
“jsonRequestBody”: {
“autoRevokeAllowed”: true,
“deadline”: “7d”,
“description”: “xxxx”,
“emailNotificationEnabled”: false,
“filter”: {
“id”: “xxxxx”,
“type”: “CAMPAIGN_FILTER”
},
“mandatoryCommentRequirement”: “NO_DECISIONS”,
“name”: “xxxxxx”,
“recommendationsEnabled”: false,
“searchCampaignInfo”: {
“description”: “”,
“query”: “1dbdd602da104d08b2a4c8e3065fbdaf”,
“reviewer”: {
“id”: “xxxxxx”,
“type”: “IDENTITY”
},
“reviewerId”: “xxxxx”,
“type”: “IDENTITY”
},
“type”: “SEARCH”
},
“method”: “post”,
“oAuthClientId”: “vv”,
“oAuthClientSecret”: “$.secrets.xx”,
“oAuthCredentialLocation”: “oAuthInBody”,
“oAuthScope”: null,
“oAuthTokenUrl”: “``https://xx.identitynow.com/oauth/token”``,
“requestContentType”: “json”,
“requestHeaders”: null,
“textRequestBody”: null,
“url”: “``https://xx.identitynow.com/v3/campaigns”``,
“urlParams”: null,
“xmlRequestBody”: null
}