New Capability: Non-Employee Risk Management Workflow Tracing

Announcements Product News
, ,
1

:new_button: New Capability

:bangbang: Workflow Tracing for Non-Employee Risk Management!

:sparkles: Description

Gain complete visibility into your NERM workflow executions with detailed debug logs that capture every step, state change, and action. Workflow Tracing empowers admins and support teams to quickly troubleshoot workflow issues, understand exactly what happened during execution, and resolve problems faster.

:red_exclamation_mark: Problem

When NERM workflows fail or behave unexpectedly, it’s been challenging to understand what went wrong. Customers and support teams often lack visibility into the execution details—which actions ran, what data changed, and where errors occurred. This makes troubleshooting time-consuming, increasing resolution time and impacting your non-employee management operations.

:light_bulb: Solution

NERM Workflow Tracing
NERM Workflow Tracing906Ă—842 75.7 KB

Workflow Tracing provides comprehensive debug logs for every workflow session, giving you complete transparency into workflow execution.

Now you can:

  • See every step: View detailed logs showing each action executed, in chronological order with precise timestamps.
  • Track state changes: Monitor how profile attributes and workflow session data change throughout execution.
  • Understand failures: Access detailed error messages and context when workflows fail or behave unexpectedly.
  • Debug independently: Quickly identify configuration issues or data problems.
  • Export and share: Copy debug logs to your clipboard or export to text files for offline analysis.

:warning: Important: Workflow Tracing captures execution details for workflows launched after this feature is enabled in your environment. Previously executed workflows will not have debug logs available.

The debug log captures:

  • Workflow session state changes with attribute values at each step
  • Profile updates including old and new values
  • Action executions with inputs, outputs, and results
  • Approval outcomes with approver details and timestamps
  • Request form submissions with submitted data
  • Errors and failures with detailed context and stack traces
  • Code branching decisions showing which paths were taken

All logs are presented in an easy-to-read, structured format directly within the Admin → Activity → Requests interface, with the option to expand and explore details for any workflow session.

:busts_in_silhouette: Who is affected?

NERM Customers across all segments

User Roles:

  • NERM Administrator users only - Workflow Tracing is accessible exclusively to users with NERM Administrator privileges to protect sensitive workflow execution data.

Note: Professional Services consultants and SailPoint Support can assist administrators in interpreting debug logs when needed.

:clipboard: Action required

No action required. Workflow Tracing will be automatically available in your NERM environment.

How to access debug logs:

  1. Navigate to Admin → Activity → Requests table.
  2. Select a specific request from the table.
  3. Locate the Workflow Tracing section.
  4. Click to expand and view detailed execution logs.
  5. Use the “Copy to Clipboard” or “Download” buttons to share logs with your team .

Note: a warning is presented when copying or downloading logs, to ensure that the user is complying with their organization’s data privacy policies.

Scope:

  • Workflow Tracing is available for NERM workflow executions (onboarding, lifecycle management, approval workflows, etc.)
  • Debug logs are only captured for workflow sessions launched after this feature is enabled.

:warning: Important: If sharing debug logs externally, please review and redact any sensitive information according to your organization’s data privacy policies.

:date: Important dates

Sandbox availability: Week of 12/8/2025
Production rollout: Week of 12/15/2025
Log retention: Debug logs are stored for 60 days

4 Likes
Understanding NERM Workflow Debug logs
2

The logs displayed in the activity are not intuitive

  1. The variables appearing in the logs seems to be empty for Set attribute step but in reality they are not changed between the steps
    31/03/2026 - 20:19:39.86 UTC - :system - Set Attributes Action - executed - with the following values: {“attr_person_id”=>“NE00716”, “attr_email_address”=>“”, “attr_request_id”=>“”, “attr_last_name”=>“”, “attr_first_name”=>“”, “attr_profile_type”=>“”, “attr_api_response_1”=>“”, “attr_email_holder”=>“”}
  2. The REST API calls payload doesn’t replace the liquid template arguments nor the debugging shows us the http response payload of the REST call
31/03/2026 - 20:30:51.34 UTC - :system - Step Manager - Assigned next action RestApiAction ID: 37309f91-4421-4baf-9f15-7502b426eb71

31/03/2026 - 20:30:52.47 UTC - :system - Rest API Info - Response code: 200

31/03/2026 - 20:30:52.55 UTC - :system - Rest API Action - executed - Endpoint: https://XXXX-sb.nonemployee.com/api/advanced_search/run, HTTP Verb: POST, Body: { “advanced_search”: { “condition_rules_attributes”: [ { “type”: “ProfileAttributeRule”, “condition_object_id”: “c3a4a7e5-72b2-4beb-8b13-836735f16446”, “object_type”: “NeAttribute”, “comparison_operator”: “==”, “value”: “{{request.first_name}}” }, { “type”: “ProfileAttributeRule”, “condition_object_id”: “b298fcbd-5d4e-49cb-8666-37fab52a5765”, “object_type”: “NeAttribute”, “comparison_operator”: “==”, “value”: “{{request.last_name}}” }, { “type”: “ProfileTypeRule”, “comparison_operator”: “==”, “value”: “def48fcf-dcbd-48a5-bd2b-ac137cf48117” } ] } } - with the following values: {“attr_first_name”=>“”, “attr_last_name”=>“”, “attr_flag”=>“0b112626-2cb4-4fad-adaf-5af71c0fa380”, “attr_email_address”=>“”, “attr_request_id”=>“”, “attr_first_and_last_flag”=>“”, “attr_profile_type”=>“”, “attr_email_holder”=>“”}

This makes the debugging difficult because of the liquid template variable non-replacement.

Please fix them in the future. Or at least create a document on how to interpret these logs.