I have yet to find a way to provide context in recursive workflows.
1 Like
We need to have a workflow that loops over objects in ISC. It does not matter if it occurs recursively or in parallel.
ISC uses offset and limit in their list APIs (at least most of the time, this convention is not always used), which is great and shouldnât be changed.
However, SailPoint workflows is quite limited. One limitation is that it canât work with pagination.
Our workflow should be an external trigger and as input it should get an offset, initially 0. What we then want to do boils down to this pseudocode:
def my_workflow(int offset)
results = get_objects_through_HTTP_operation(url='/v2024/something', limit=50, offset=offset)
if results.size == 0
return
else
new_offset = offset + 50
my_workflow(new_offset)
foreach result in results
do_something(result)
end
end
end
Since SailPoint ISC does not offer this easy simple type of coding, we would as workaround need to create a very complex and long to build workflow to achieve something similar. However, it looks like the workflow functionality of SailPoint is not able to count. We canât define a variable new_offset as the previous offset+50, nor can we perform some kind of increment action 50 times.
Note that the SailPoint workflow is not compatible with the default limit of SailPoint objects, as the former can only support of to 50 records while the latter has a default of 250 objects. This is why I specifically downgraded the limit to 50.
As workaround on top of this workaround we might need to use the HTTP operation to call a server that is actually able to add 50 to a given number? I donât think SailPoint customers should have to rely on third party software to perform addition or any other very basic calculations.
Kind regards,
Angelo
Any progress on this front? Did the SailPoint architects have any suggestions on how to improve this?
It seems wasteful to limit the loop to 100 objects (to avoid excessive usage of resources), just to replace the loop with N thousand invocations. And also to get the situation that you canât list the workflow executions anymore as there are too many of them.
No progress on this front yet. However, workflows is getting some performance upgrades that may allow the team to up the loop limit soon.
If they can do that, it would be awesome! Please keep us posted if you get any updates on this.
This seems to go head to head with the newly introduced limits:
Are these recursive workflows still recommended by SailPoint?
The workflow rate limit is set pretty high. Most customers should not hit the rate limit. While runaway recursion can cause high workflow executions, even a workflow with loops or no looping at all can cause issues. For instance, if you create a workflow that uses the Identity Attributes Changed event trigger without a trigger filter and you run an aggregation on a source that has changed many of the account attributes, you could reach the rate limit without any looping involved. Adding a loop to this could compound the issue.
Recursion should not be the first choice, but it is an option if you are willing to deal with the complexity. I recommend using recursion with caution and handle any edge cases that may cause a high number of executions.