Hello,
I am trying to create a workflow that revokes access based on an attribute changes. Both workflows run successfully, but nothing is being revoked.
I want to remove ALL access when the attribute changes.
I have tried both, but no access is being revoked. Please assist
1.) Workflow 1
2.) Workflow 2
Hi Dawn. Can you please provide more information?
For the first workflow
1.) The workflow is succeeding , but the access is not being revoked.
2.) There are no access requests in the request center to revoke the access.
3.) I am getting all the access I am expecting, but when it goes to manage the access it is saying the identity isn’t found.
4.) I can send you the screenshots of how the get access and manage access steps are configured here:
GET ACCESS
MANAGE ACCESS
5.) I can private message the logs.
For the second workflow
I reconfigured something, but I am unable to actually to test due to a parameter error that is being fixed.
Thank you
This is likely your issue. Can you please provide detailed screenshots of your loop configuration? Somehow, your loop is not passing the identity ID to the loop actions inside, so it is unable to revoke the access.
You have the wrong JSONpath for the identity in the Manage Access step inside your loop.
You have this: $.trigger.identity.id
It should be this: $.loop.context.trigger.identity.id
More information on configuring the loop context can be found here: Operators - SailPoint Identity Services
After testing some access was revoked, but not all I am receiving three different error message.
1.)
2.)
3.)
Hi Colin,
Just an update I was able to achieve what I was looking for in terms revoking all access in reference to the solution you put here. Thanks again!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
