When an IDN campaign or other provisioning “revoke” fails (events where “Remove Entitlement Failed”), trigger a work item (ideally in ServiceNow) for someone with adequate access to revoke the access.
The work item should include as much information as possible including
Hi @mrahulbb ,
You can achieve this with Provisioning Completed workflow trigger. You can use the below input to trigger it only for the certification related removal failures:
$[?(@.action == “Certification”)].accountRequests[?( @.accountOperation == “Modify” && @.provisioningResult == “failed”)].attributeRequests[?(@.operation == “Remove”)]
The trigger would contain the details of requester(which is the campaign owner who has taken action), entitlement display name, recipient/identity and source details.
Campaign ID, or campaign name information is not available, but we have a tracking number of the request to query further. Hope this helps.
Regards,
Uday Kilambi
This is search query??
Hi @mrahulbb,
I Think what @uday_kilambi post it’s a filter that you are going to put in a Workflow trigger of type Provisioning Completed.
You will need to create an Workflow fort this to work, with the filter that @uday_kilambi sends you can then send the information to a email for exemple.
Regards
Can you please share me a search query for the above
Maybe you can use the Campaign Remediation Status Report, this will bring moust of the information that you want and the Status of the Event, if the access got remove or if we have any failure:
Go to Cerfications > Campaigns and choose one Campaign then click on Download Report
And Download the Remediation Status Report:
Hi @mrahulbb ,
If you need a search query to get the list of revocation failures for certification, it can be as below for Events:
“<source_name>” AND status:FAILED AND operation:REMOVE
But, it may not achieve an automated email initiation for failure, for that you need to go with workflow.
Regards,
Uday Kilambi
i am getting trigger filter error
$[?(@.action == “Certification”)].accountRequests[?( @.accountOperation == “Modify” && @.provisioningResult == “failed”)].attributeRequests[?(@.operation == “Remove”)]
we have updated the above tigger filter in workflow but we are getting trigger filter errror.
Can you provide screenshot of the erro that you received. Query looks fine to me and it worked for me as well
Hey @mrahulbb , what @uday_kilambi suggested is create a “Workflow”, there are 3 things in Workflow, 1. Trigger 2. Action 3. Operators.
When Workflow is created, first thing to configure is Trigger, which decides when Workflow will trigger.
Uday has also provided you name of the Trigger to use.
in the filter section inside the Provisioning Completed Trigger, Uday has suggested to enter the filter so that this Worflow will only trigger when any revoke action is failed and generates event as “Revoke Entitlement Failed”.
In the Action section you can use “Manage ServiceNow Ticket” to create a work item in the ServiceNOw tenant.
Hope this explanation helps.
Thanks
Vaibhav
we have added all three 1. Trigger 2. Action 3. Operators. in workflow after saving this workflow we are getting above screenshotted error.
Can you share the json definition of Workfow ?
{
“name”: “Entitlement revoke failed”,
“description”: “Entitlement revoke failed”,
“modified”: “2024-07-09T17:05:41.140774029Z”,
“modifiedBy”: {
“type”: “IDENTITY”,
“id”: “dac1685d04f04045a847be57c542098a”,
“name”: “ram.lingutla_a”
},
“definition”: {
“steps”: {}
},
“creator”: {
“type”: “IDENTITY”,
“id”: “dac1685d04f04045a847be57c542098a”,
“name”: “ram.lingutla_a”
},
“trigger”: {
“type”: “”,
“attributes”: {}
}
}
@mrahulbb Can you try importing this?
{
"name": "Entitlement Revoke Failed",
"description": "",
"definition": {
"start": "Manage ServiceNow Ticket",
"steps": {
"End Step - Success": {
"displayName": "",
"type": "success"
},
"Manage ServiceNow Ticket": {
"actionId": "sp:snow",
"attributes": {},
"displayName": "",
"nextStep": "End Step - Success",
"type": "action",
"versionNumber": 1
}
}
},
"trigger": {
"type": "EVENT",
"attributes": {
"id": "idn:post-provisioning"
}
}
}
If you are not able to import above,
then try creating a workflow like below screenshsot
Then in the provisioning completed Trigger, give this filter, not sure if this filter is accurate, but you can experiment with this on your own,
Filter : $[?(@.accountRequests[?(@.attributeRequests[?(@.operation)])] == “Remove”)]
Let me know if that helps or any further issues.
Thanks,
Vaibhav
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
