As per OOTB IDN manual revoke behavior, If IdentityNow cannot write changes directly to the source, it creates a task, assigned to the source owner, instructing them to make the required change in the source system. Can instead of this behavior an email be sent to an external email address or internal DL to perform the remediation. If yes, how? We cannot create identities for vendors and mark them as source owners as the MSS contract doesn’t allow for that and again it’s not the best solution.
PS - I explored workflows as well but there seems to be no trigger for certification decision action, which allows me to source identity for which email needs to be sent to external email addresses/DLs.
@brian_weigel mentioned creating a Workgroup for the source that has a Workgroup email set to a DL to notify the 3rd party of the needed action.
Does the email include the ID of the work item? If so, you could use the complete work item endpoint to allow external parties to indicate they have finished the work item in question. You would need some sort of external facing automation that only they would know about and have access to. They would provide the work item ID and the automation will complete the task.
thanks @colin_mckibben
However, workgroups don’t exist in IDN. We have governance groups in IDN which are not equivalent to workgroup concept in IIQ and can’t be made as source owners for e.g. -
The third-party vendors won’t be doing any additional work apart from provisioning the manual request as per the current contract, making them do any additional work has financial implications.
So just to confirm the functionality of just sending email instead of creating work item for source owner doesn’t exist as yet and we would to think of workarounds only?
I’m not aware of any out-of-the-box functionality that will satisfy this requirement. At this point, you’re looking at a custom solution using APIs to make this work. However, you can submit an idea for this and our product team will consider adding it as a feature.
@colin_mckibben thanks for confirming. PS - The work item assignment email doesn’t have the workitem id and I couldn’t find any templates to customize this remediation request email.
just to close this out. We came up with a solution using SailPoint Service Desk ticketing integration and instead of calling standard SNOW API endpoint we called a new ServiceNow API developed which accepted the ticket data being sent and used that to send emails to external/internal DLs and send dummy ticket number to IDN as response.
