I want to create a Leaver Workflow based on endDate attribute.
In our Sailpoint deployment, endDate attribute is mapped to terminationDate attribute in HR Source. Whenever Identity is relieved from the job, End date is updated in HR Source. This data is aggregated in Sailpoint.
When the endDate attribute value changes from empty to value, Workflow must trigger. In the workflow we want to put a condition that the accounts and access must be removed exactly after 30 days after end date.
I want a sample workflow for this scenario.
Option 1: I would consider LCS attribute to change it to different lifecycle value after 30 days of termination date. For example, change from inactive to “inactiveDisableAccess” and use the cloudLifecycleState configuration in Identity Profile to disable the required accounts and remove the access by using Remove All Access or use Workflow by using the Identity Attributes Changed trigger to trigger the Workflow, but it is based on other aspects like what else you need to do apart from removing access and disabling accounts.
Option 2: Other option is to create new identity attribute (accessRemoveFlag) where you can use Transform to assign a value like “InactiveRemoveAccess“ by calculating 30 days after the end date. Use something similar to Date Math 30 days out
In Workflow, use Identity Attributes Changed trigger to trigger the workflow when the attribute accessRemoveFlag value changed to InactiveRemoveAccess and perform the access removal and account disable operations.
Hope this helps you.
You can do this with life cycle states if you are talking about disablement or removal of access items. You may not need workflows specifically.
Have a transform for cloud life cycle state attribute which changes the value based on term date +30 days.
If I have misunderstood your requirement, please let me know.
Please go through
Setting Up Lifecycle States - SailPoint Identity Services
you dont need a workflow for that. you can use Transform in the cloudLifecyclestate attribute. and configure the whatever action you want on the profile or sources.
Just use a transform with date math.
@SandilyaKrovvidi Can you pls provide me a sample Transform for this. I am new to building transforms
Thanks in advance.
Here it is..
Please test thoroughly as I just assembled transforms in documentation and shared it.
{
"attributes": {
"firstDate": {
"attributes": {
"expression": "+30d",
"roundUp": true,
"input": {
"attributes": {
"input": {
"attributes": {
"sourceName": "HR Source",
"attributeName": "startDate"
},
"type": "accountAttribute"
},
"inputFormat": "MMM dd yyyy, HH:mm:ss.SSS",
"outputFormat": "ISO8601"
},
"type": "dateFormat"
}
},
"type": "dateMath"
},
"secondDate": "now",
"operator": "lt",
"positiveCondition": "termplus30days",
"negativeCondition": "other"
},
"type": "dateCompare",
"name": "Date Compare Transform"
}
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.