Obtain a Specific Account ID Within Workflow - Reload Account API

Hi ISC community,

I’m trying to run this API call against an Identities Entra account: submit-reload-account | SailPoint Developer Community

Question: Does anyone know how I can retrieve an identities Entra account ID within a workflow & then use it as a variable to execute the call above?

Hurdle: I am able to see the required Entra Account ID as part of a Get Accounts action; however, the identity has multiple accounts which are not nested in specific arrays so it is difficult to target the only one I need. For example, there are x4 “id” results - but I only need the ID relating to the Entra Account: ‘3949c362fd994020ac853b17de3c1353’ (the others are included at the end of this post for context).

Potential Workaround I am considering creating a new identity attribute which populates based on the account ID I need, this would make it much easier to target; however, I feel like this should be doable without having to create identity attributes to find their account ID within a workflow.

Appreciate any help you can give,

Cheers,
Sean

Here’s an example of the multiple id’s the Get Account action retrieves, I only need the one that has the Entra account: **3949c362fd994020ac853b17de3c1353

    },
    "authoritative": false,
    "cloudLifecycleState": "active",
    "connectionType": "direct",
    "created": "2024-07-26T13:11:24.332Z",
    "description": null,
    "disabled": false,
    "features": "PROVISIONING, AUTHENTICATE, SYNC_PROVISIONING, ENABLE, PASSWORD, SEARCH",
    "hasEntitlements": true,
    "id": "3949c362fd994020ac853b17de3c1353",
    "identity": {
      "id": "305e3303b4af455fa14e29ea7b52bfee",
      "name": "Holly Waples",
      "type": "IDENTITY"
    },
	
	  {
    "attributes": null,
    "authoritative": false,
    "cloudLifecycleState": "active",
    "connectionType": null,
    "created": "2024-06-24T13:09:26.117Z",
    "description": null,
    "disabled": false,
    "features": "DISCOVER_SCHEMA, ENABLE, PROVISIONING, SYNC_PROVISIONING, PASSWORD, NO_RANDOM_ACCESS",
    "hasEntitlements": false,
    "id": "a426e65c58e34171bbb616f1016783af",
    "identity": {
      "id": "305e3303b4af455fa14e29ea7b52bfee",
      "name": "Holly Waples",
      "type": "IDENTITY"
    },
	
	    },
    "authoritative": false,
    "cloudLifecycleState": "active",
    "connectionType": "direct",
    "created": "2024-07-26T05:16:28.014Z",
    "description": null,
    "disabled": false,
    "features": "UNLOCK, PREFER_UUID, CURRENT_PASSWORD, GROUPS_HAVE_MEMBERS, SEARCH, MANAGER_LOOKUP, GROUP_PROVISIONING, UNSTRUCTURED_TARGETS, PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING, NO_PERMISSIONS_PROVISIONING, PASSWORD, AUTHENTICATE, SYNC_PROVISIONING, ENABLE",
    "hasEntitlements": true,
    "id": "11616cef02d940bfa2ee82e1a7b58356",
    "identity": {
      "id": "305e3303b4af455fa14e29ea7b52bfee",
      "name": "Holly Waples",
      "type": "IDENTITY"
    },
	
	    },
    "authoritative": true,
    "cloudLifecycleState": "active",
    "connectionType": "direct",
    "created": "2024-06-24T13:09:26.058Z",
    "description": null,
    "disabled": false,
    "features": "PROVISIONING, GROUP_PROVISIONING, ENABLE, DISCOVER_SCHEMA, UNLOCK, DIRECT_PERMISSIONS, SYNC_PROVISIONING",
    "hasEntitlements": false,
    "id": "2558d5c67770461b82d5578e53aa02f0",
    "identity": {
      "id": "305e3303b4af455fa14e29ea7b52bfee",
      "name": "Holly Waples",
      "type": "IDENTITY"
    },

Hello @SeanK-W,

I have two approaches in mind:

1. Iterate through all these accounts in a loop and compare the sourceId. If the sourceId matches the desired source, proceed with the true flow.
2. Instead of getting accounts using get Accounts action , use this API: List Accounts.
   list-accounts | SailPoint Developer Community
   List all accounts - apply the filters identityId eq "identityId" and sourceId eq "abcd". This will return the accounts of the identity in the desired source , which will be maximum 1 (best case scenario) . And use this account id : {{$.hTTPRequest.body[0].id}}

Thanks,
Sid

Hi @SeanK-W,

After the “Get Accounts” action, add a Define Variable step to extract the ID of the source you need. Use the output from “Get Accounts” as input, and filter by source ID like this:

$.getAccounts.accounts[?(@.sourceId==‘{source ID here}’)].id

This will allow you to retrieve the account ID for a specific source.

Hi Sean,

best aproach is to use Search with Innerhit , looking for the entra account in it.
Create a HTTP operation for the search api to use it.

that wasy you can query the user on th Identity level then the entra ccount on the innerhit.

{
  "indices": [
    "identities"
  ],
  "query": {
    "query": "\"John Doe\"",
    "innerHit": {
      "type": "access",
      "query": "source.name:\"Entra ID\""
    }
  }
}

Thanks Ivan,

I’ve tried this method and it gets me the result I’m after! However, how would I change John Doe to be the variable for the identities account name?

Also, whenever I save this into the json workflow, for some reason it re-arranges the format… weird?

Post save:

{“indices”:[“identities”],“query”:{“innerHit”:{“query”:“source.name:"Entra ID"”,“type”:“accounts”},“query”:“"John Doe"”}}

You can retrieve the Entra account ID in a workflow by first aggregating the identity’s accounts and filtering for the Entra source. Then, access the account’s nativeIdentity or the specific attribute holding the Entra account ID. Store that value in a workflow variable for use in your API call. Use the workflow’s Get Accounts or Search Accounts task to fetch the account details. Let me know if you want a code snippet or example for this.

I’ve been able to get what I’m after adjusting the inner hit you suggested, this does the trick:

{"indices":["identities"],"query":{"innerHit":{"query":"source.name:\"Entra ID\"","type":"accounts"},"query":"\"{{$.getIdentity.attributes.identificationNumber}}\""}}

Cheers!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.