LifeCycleState Change Workflow

I am working on building a workflow that when an account moves to an inactive life cycle state that the api call is made to remove ISC roles for Helpdesk and Report Admin. I am trying to validate that the new value on the event call is inactive. When I try the below filtering I am always following the true statement and sending the api call. I am not sure what I am doing wrong with trying to compare the string values.

{
    "id": "acb3eb79-0b4a-4232-b194-20dcd10a1e52",
    "name": "Disable - TSC Access",
    "description": "When a user moves to an inactive LCS remove Helpdesk and Reporting Admin roles for the account.",
    "created": "2024-04-16T11:22:35.070844688Z",
    "modified": "2024-04-16T12:56:27.909543041Z",
    "modifiedBy": {
        "type": "IDENTITY",
        "id": "REMOVED",
        "name": "REMOVED"
    },
    "definition": {
        "start": "Compare Strings",
        "steps": {
            "Compare Strings": {
                "choiceList": [
                    {
                        "comparator": "StringEquals",
                        "nextStep": "HTTP Request",
                        "variableA.$": "$.trigger.changes",
                        "variableB.$": "$.trigger.changes[?(@.newValue == \"inactive\")]"
                    }
                ],
                "defaultStep": "End Step - Success 1",
                "displayName": "",
                "type": "choice"
            },
            "End Step - Success 1": {
                "displayName": "",
                "type": "success"
            },
            "HTTP Request": {
                "actionId": "sp:http",
                "attributes": {
                    "authenticationType": "OAuth",
                    "jsonRequestBody": [
                        {
                            "op": "remove",
                            "path": "/capabilities",
                            "value": [
                                "REPORT_ADMIN",
                                "HELPDESK"
                            ]
                        }
                    ],
                    "method": "patch",
                    "oAuthClientId": "REMOVED",
                    "oAuthClientSecret": "REMOVED",
                    "oAuthCredentialLocation": "oAuthInHeader",
                    "oAuthScope": null,
                    "oAuthTokenUrl": "REMOVED/oauth/token",
                    "requestContentType": "json",
                    "requestHeaders": {
                        "Accept": "application/json",
                        "Content-Type": "application/json-patch+json"
                    },
                    "url": "REMOVED/v3/auth_users/{{$.trigger.identity.id}}"
                },
                "description": null,
                "displayName": "",
                "nextStep": "End Step - Success 1",
                "type": "action",
                "versionNumber": 2
            }
        }
    },
    "enabled": false,
    "executionCount": 0,
    "failureCount": 0,
    "creator": {
        "type": "IDENTITY",
        "id": "REMOVED",
        "name": "REMOVED"
    },
    "owner": {
        "type": "IDENTITY",
        "id": "REMOVED",
        "name": "REMOVED"
    },
    "trigger": {
        "type": "EVENT",
        "attributes": {
            "attributeToFilter": "cloudLifecycleState",
            "filter.$": "$.changes[?(@.attribute == \"cloudLifecycleState\")]",
            "id": "idn:identity-attributes-changed"
        }
    }
}

TEST PAYLOAD TRUE:

{
  "identity": {
    "type": "IDENTITY",
    "id": "6928225c4a8f4688a145ad5a1e77ee0a",
    "name": "A Meyer, Cody"
  },
  "changes": [
    {
      "attribute": "cloudLifecycleState",
      "oldValue": "active",
      "newValue": "inactive"
    }
  ]
}

TEST PAYLOAD FALSE:

{
  "identity": {
    "type": "IDENTITY",
    "id": "6928225c4a8f4688a145ad5a1e77ee0a",
    "name": "A Meyer, Cody"
  },
  "changes": [
    {
      "attribute": "cloudLifecycleState",
      "oldValue": "inactive",
      "newValue": "active"
    }
  ]
}

try after changing above to

"variableA.$": "$.trigger.changes[?(@.attribute == \"cloudLifecycleState\")].newValue",
"variableB.$": "inactive"
1 Like


I am getting an error message when I updated with your suggestion.

"definition": {
        "start": "Compare Strings",
        "steps": {
            "Compare Strings": {
                "choiceList": [
                    {
                        "comparator": "StringEquals",
                        "nextStep": "HTTP Request",
                        "variableA.$": "$.trigger.changes[?(@.attribute == \\\"cloudLifecycleState\\\")].newValue",
                        "variableB.$": "inactive"
                    }
                ],
                "defaultStep": "End Step - Success 1",
                "displayName": "",
                "type": "choice"
            },

I guess this is the issue. It’s got to be \"cloudLifecycleState\" in json. You can use the Workflow builder to fix this instead of json file



Still the same error message.

I suggest create a new temporary workflow to just this test part. I have seen multiple times such errors while testing the workflows and simply recreating the workflow eliminated the error

1 Like

{
  "identity": {
    "type": "IDENTITY",
    "id": "6928225c4a8f4688a145ad5a1e77ee0a",
    "name": "A Meyer, Cody"
  },
  "changes": [
    {
      "attribute": "cloudLifecycleState",
      "oldValue": "active",
      "newValue": "inactive"
    }
  ]
}

please share your json file for this test workflow. This is very strange. I tested the workflow several times and it worked every time

{
    "id": "65efd1fa-16a2-4f47-a7f0-51bf20191f3d",
    "name": "Test Remove IDN from TSC",
    "description": "Remove Helpdesk and Report_Admin from inactive TSC users",
    "created": "2024-04-16T16:07:48.505557596Z",
    "modified": "2024-04-16T16:27:27.230497011Z",
    "modifiedBy": {
        "type": "IDENTITY",
        "id": "REMOVED",
        "name": "REMOVED"
    },
    "definition": {
        "start": "Compare Strings",
        "steps": {
            "Compare Strings": {
                "choiceList": [
                    {
                        "comparator": "StringEquals",
                        "nextStep": "End Step - Success",
                        "variableA.$": "$.trigger.changes[?(@.attribute == \"cloudLifecycleState\")].newValue",
                        "variableB": "inactive"
                    }
                ],
                "defaultStep": "End Step - Success",
                "displayName": "",
                "type": "choice"
            },
            "End Step - Success": {
                "displayName": "",
                "type": "success"
            }
        }
    },
    "enabled": false,
    "executionCount": 0,
    "failureCount": 0,
    "creator": {
        "type": "IDENTITY",
        "id": "REMOVED",
        "name": "REMOVED"
    },
    "owner": {
        "type": "IDENTITY",
        "id": "REMOVED",
        "name": "REMOVED"
    },
    "trigger": {
        "type": "EVENT",
        "attributes": {
            "attributeToFilter": "cloudLifecycleState",
            "filter.$": "$.changes[?(@.attribute == \"cloudLifecycleState\")]",
            "id": "idn:identity-attributes-changed"
        }
    }
}

This is blowing my mind. I added another CompareStrings to your workflow with same conditions (just copied and pasted) and it returns true while the original CompareStrings returns false!!!



I opened CS0284934 with support on this. I will keep this updated with what support comes back with.

1 Like

Hi @mpotti,

I tested it out in my tenant and the 3 step workflow (Identity Attributes Changed - Compare Strings - End) Test gave me incorrect outputs.

But after I added an extra HTTP action, it gave me correct output

FALSE Case

TRUE Case

Also, if the test still doe not work out, try doing an actual test by making a user status active/inactive to see if the WF behaves correctly. I have seen the test following the wrong paths, but the actual Identity changes taking the correct path in the WF’s.

Here is the WF JSON I used. Try uploading this directly as well as creating manually to see if it gives different results.

TestRemoveIDNfromTSC20240417.json (1.3 KB)

Thank you everyone for the help with issue. Here is my final workflow that is working as I would expect it to be.

{
    "id": "REMOVED",
    "name": "Disable - TSC Access",
    "description": "When a user moves to an inactive LCS remove Helpdesk and Reporting Admin roles for the account.",
    "created": "2024-04-16T11:22:35.070844688Z",
    "modified": "2024-04-23T17:21:43.488486322Z",
    "modifiedBy": {
        "type": "IDENTITY",
        "id": "REMOVED",
        "name": "REMOVED"
    },
    "definition": {
        "start": "Compare Strings",
        "steps": {
            "Compare Strings": {
                "choiceList": [
                    {
                        "comparator": "StringEquals",
                        "nextStep": "HTTP Request 1",
                        "variableA.$": "$.trigger.changes[?(@.attribute == \"cloudLifecycleState\")].newValue",
                        "variableB": "inactive"
                    }
                ],
                "defaultStep": "End Step - Success 1",
                "displayName": "",
                "type": "choice"
            },
            "End Step - Success 1": {
                "displayName": "",
                "type": "success"
            },
            "HTTP Request": {
                "actionId": "sp:http",
                "attributes": {
                    "authenticationType": "OAuth",
                    "jsonPatchRequestBody": [
                        {
                            "op": "remove",
                            "path": "/capabilities",
                            "value": [
                                "REPORT_ADMIN",
                                "HELPDESK"
                            ]
                        }
                    ],
                    "jsonRequestBody": [
                        {
                            "op": "remove",
                            "path": "/capabilities",
                            "value": [
                                "REPORT_ADMIN",
                                "HELPDESK"
                            ]
                        }
                    ],
                    "method": "patch",
                    "oAuthClientId": "REMOVED",
                    "oAuthClientSecret": "REMOVED",
                    "oAuthCredentialLocation": "oAuthInHeader",
                    "oAuthScope": null,
                    "oAuthTokenUrl": "https://REMOVED.api.identitynow.com/oauth/token",
                    "requestContentType": "json-patch+json",
                    "requestHeaders": null,
                    "url": "https://REMOVED.api.identitynow.com/v3/auth-users/{{$.trigger.identity.id}}"
                },
                "description": null,
                "displayName": "",
                "nextStep": "End Step - Success 1",
                "type": "action",
                "versionNumber": 2
            },
            "HTTP Request 1": {
                "actionId": "sp:http",
                "attributes": {
                    "authenticationType": "OAuth",
                    "jsonRequestBody": null,
                    "method": "get",
                    "oAuthClientId": "REMOVED",
                    "oAuthClientSecret": "REMOVED",
                    "oAuthCredentialLocation": "oAuthInHeader",
                    "oAuthScope": null,
                    "oAuthTokenUrl": "https://REMOVED.api.identitynow.com/oauth/token",
                    "requestContentType": "json",
                    "requestHeaders": null,
                    "url": "https://REMOVED.api.identitynow.com/v3/auth-users/{{$.trigger.identity.id}}"
                },
                "description": null,
                "displayName": "",
                "nextStep": "Verify Data Type",
                "type": "action",
                "versionNumber": 2
            },
            "Verify Data Type": {
                "choiceList": [
                    {
                        "comparator": "IsNull",
                        "nextStep": "End Step - Success 1",
                        "variableA.$": "$.hTTPRequest1.body.capabilities"
                    }
                ],
                "defaultStep": "HTTP Request",
                "displayName": "",
                "type": "choice"
            }
        }
    },
    "enabled": true,
    "executionCount": 0,
    "failureCount": 0,
    "creator": {
        "type": "IDENTITY",
        "id": "REMOVED",
        "name": "REMOVED"
    },
    "owner": {
        "type": "IDENTITY",
        "id": "REMOVED",
        "name": "REMOVED"
    },
    "trigger": {
        "type": "EVENT",
        "attributes": {
            "attributeToFilter": "cloudLifecycleState",
            "filter.$": "$.changes[?(@.attribute == \"cloudLifecycleState\")]",
            "id": "idn:identity-attributes-changed"
        }
    }
}
1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.