I am currently trying implement asynchronous recursive workflows to remove roles for multiple users based on search criteria, search query returns more than 100 identities.
here i need to pass identity list and the role which needs to be removed from the users as a input to the external trigger. How can i do that ?
Also is it possible to remove roles from multiple identities using “Manage Access” ? i see the document say one or multiple identities, but if i tried to pass multiple id’s it failed with error “json: cannot unmarshal array into Go struct field ManageAccessInput.removeIdentity of type string”
This is a limitation with recursive workflows that I describe int he “Cons” section here: Recursive Workflows in IdentityNow. The way inline variables work prevents us from using objects in the external trigger input. You can only pass the array into the external trigger. So there really is no way to provide additional context, like the role that needs to be removed, in the recursive input. If you know the ID of the role ahead of time, then you could just hardcode that role ID into the recursive workflow so that it will only remove that role from the provided list of identities.
The configuration for Manage Access indicates that only one identity can be selected when removing access. You can only select multiple identities when adding access. This is because the underlying API, create-access-request | SailPoint Developer Community, only allows removing access for one identity at a time.
