I am setting a user to Inactive lifecycle state to trigger the out of the box leaver workflow. This user I am setting to Inactive has Delimited App 1 (Auth Source) and Delimited App 2. On the identity profile, i have the Inactive provisioning setting to “maintain”.
The “manage accounts” step in the WF is set to ‘disable accounts’ and I confirmed it is reading each account on the identity. Upon triggering the leaver workflow I can see that it is running and sending the email notification. The default “IdentityNow” account is being disabled properly upon execution of the workflow. However, there is no action taken on the delimited apps.
Ideally, I would like to see a manual task created and assigned to the termed users manager, that tells them to disable the accounts. However in the workflow logs, I can see that these two accounts failed (both delimited).
When I set the identity profile provisioning setting to disable the accounts for these sources, it creates the work items as expected. I would like to see this same behavior through the workflow.
Example task that gets created if Identity Profile ‘Inactive’ provisioning setting is set to disable: (This is what I would like to have created via the leaver workflow)
Currently, there are no APIs to create a work item and existing APIs are for getting the tasks details or updating the existing tasks ( Task Management | SailPoint Developer Community). However, usually the accounts need to be disabled or there might be some sort of workflow bug for delimited type sources.
Thanks. The use case that I am encountering is that I have sources that are delimited, and I need to specify between delete and disable. Some of these accounts will need to be disabled, where some will need to have the account deleted. I can do only one of these operations through the identity profile, which is why the workflow is being considered. It is seemingly not yet possible through the workflow, if that is the case, then I will need to find a different option.