Provisioning Completed trigger does not execute until other campaign sources have completed

Hi all,

I have a requirement to open a ServiceNow ticket whenever a provisioning action occurs on an Active Directory source. I’m using a workflow triggered by “Provisioning Completed” to open the ticket with relevant details.

However, when this AD source is part of a certification campaign with disconnected sources, the provisioning event (entitlement removal) happens immediately after signoff, but the workflow trigger is delayed until all sources in the campaign finish provisioning and come across as a bundled event.

This is an issue because some disconnected sources are tied to an SDIM and manual tasks, which can take days to complete and communicate back. As a result, the AD group removal occurs much earlier than the audit ticket in SNOW will appear.

The only solution I can think of is running a separate workflow triggered by scheduled searches to find these events. However, this feels redundant and like a workaround.

I’d appreciate any thoughts or suggestions on disconnecting the AD provisioning event from the certification to improve this process.

Thank you!

Alternatives could be that you can try to call the ServiceNow apis from after provisioning rule of AD. but again sounds like its also a workaround

I do actually feel that your suggestion to use an after-provisioning rule is the best option, @pradeep1602, since it will directly correlate to the actual time the account modification was carried out. In my particular implementation the objective is to keep functionality on the cloud side, however.

It would seem that there is no way to decouple the event trigger from the certification as a whole, so the solution I have devised is a separate workflow to search for entitlement revocations and open tickets accordingly while at the same time filtering “certification” type provisioning events from my primary workflow as I now know their time of completion will not be accurate to the workflow trigger.