Recommendations to Optimize Leaver Workflow For Ongoing Maintenance

Dear Sailors, looking for some guidiance.

Is it possible to use source tags in a workflow?

Problem Statement

The current challenge pertains to the ongoing maintenance of the leaver workflow, specifically related to the exclusion of a set of accounts from specific sources from being disabled. In the current workflow, there is an action step – Manage Accounts – that’s in a loop where all sources for accounts to be excluded from a disable event are explicitly listed. As more applications are onboarded, maintaining this list manually becomes inefficient and prone to errors. Therefore, a streamlined and optimized approach is needed to manage the list of excluded sources.

image978×417 92.8 KB

Challenges:

1. Manual updates are required every time a new source is identified which may lead to inconsistencies and errors.
2. The maintenance of the list can become cumbersome as more applications are onboarded.

Proposed Solutions
Add tags to sources and use tags in the Manage Accounts action step of the workflow.

We are also investigating including a recursive workflow to iterate through the sources to exclude and use the output of the recursive workflow as input iinto the loop

Hi @aomololu01,

I am not sure if you have a way to tag sources to be used in the workflows to filter them out.

One way, I can think of is by naming the sources in such a way that can be used in the workflow filters. You can try the regular expression or any other filters as per this document.

Take a look a this thread too to see a sample WF for revoking access from selected sources.

Thanks for the insight. I was thinking of a similar solution. I’m also considering the use of a recursive workflow to iterate through the sources using source tags.

Unfortunately, tags are only available to be used in Search and SODs at this point in time. Good to open an idea here : https://ideas.sailpoint.com/