Send email to workgroup when access request has error message

ankit1 · June 25, 2024, 1:07pm

Which IIQ version are you inquiring about?

Version 8.2

Share all details related to your problem, including any error messages you may have received.

I need to notify the workgroup via email when access request provisioning fails or encounters an error. To achieve this, I’ve integrated a step into the LCM workflow just before the finalization step. This new step retrieves the identity request object based on its ID and checks for any errors. However, the workflow is currently not advancing to this step; instead, it’s caught in a retry loop.
I’m seeking assistance to ensure immediate notification to the support team whenever an error occurs, including logging the error message promptly.

AdamVentum · June 25, 2024, 1:36pm

Hi and Hello.

Can you add some logs and also some steps on workflow? @ankit1

Regards,
Adam

ankit1 · June 25, 2024, 1:58pm

I have added below transaction in Refresh Identity Step LCM provisioning but I am not able to see any log.

<Transition to="Notify IIQ Support">
      <Script>
        <Source>

          import sailpoint.tools.Message;
          import sailpoint.tools.Message.Type;
          import sailpoint.object.WorkItem.State;
          import sailpoint.object.IdentityRequest;
          import org.apache.commons.logging.Log;
          import org.apache.commons.logging.LogFactory;

          boolean isError=false;

          private static Log custLog = LogFactory.getLog("com.iiq.accessReqRule");

          custLog.debug("STEP Notify IIQ Support ");

          IdentityRequest identRequest= context.getObjectByName(IdentityRequest.class,identityRequestId);

          custLog.debug("Identity req Name :: "+identRequest.getName());

          List requestErrorMessages = identRequest.getMessagesByType(Message.Type.Error) ;

          custLog.debug(" requestErrorMessages :"+ requestErrorMessages );

          if(null != requestErrorMessages @and !requestErrorMessages.isEmpty())
          {

          isError=true;
          workflow.put("errorList",requestErrorMessages);
          
          for( Message errorMessage: requestErrorMessages)
          {
          
          custLog.debug(" errorMessage:"+errorMessage);

          }
          }else isError=false;

          custLog.debug(" isError :: " + isError);

          return isError;
        </Source>
      </Script>
    </Transition>
<Step action="call:sendEmail" icon="Email" name="Notify IIQ Support" posX="535" posY="290">
    <Arg name="template" value="EmailTemplate-LCMAccessRequestFailed"/>
    <Arg name="identityDisplayName" value="ref:identityDisplayName"/>
    <Arg name="approvalSet" value="ref:approvalSet"/>
    <Arg name="identityRequestId" value="ref:identityRequestId"/>
    <Arg name="to" value="script:getUserEmail(identityName, plan)"/>
    <Arg name="launcher" value="ref:launcher"/>
    <Arg name="errorList" value="ref:errorList"/>
    <Arg name="cc" value="script:getUserEmail(launcher, plan)"/>
    <Transition to="end"/>
  </Step>

AdamVentum · June 25, 2024, 2:08pm

Hi and Hello,
You must have access to the logs. Without it, it’s hard to debug anything. Because you don’t know what point you’ve reached and where the mistake is. You can still do monitoring. Thanks to this, you will see the workflow in catalina.out.

You need to go to setup—>bussiness processes—>choose your workflow—>Proccess Variables.
Find trace.

Regards,
Adam

AdamVentum · June 25, 2024, 2:18pm

@ankit1
here you can change

syntax issues, such as incorrect usage of the @and operator, corrected to && in the if statement.
wrapp the script in <![CDATA[ ... ]]> to ensure that the XML parser correctly handles the script content.

Something also is wrong in xml(in my opinion). Why your “Transition” is not in step?

Look at my workflow

Regards,
Adam

ashutosh08 · June 25, 2024, 4:26pm

Hi @ankit1,

You must add explicitly some transition step and it should not be normal fallback.

If possible, share workflow xml by removing sensitive information. If not, then share the previous step which should call this step to help you further.

Thanks

soswain · June 26, 2024, 9:46am

@ankit1
Few points

Are you able to see the logs from the transition step? If yes, check the value of value of “isError”.
When you say it’s getting into retry loop, where is it getting looped? For better understanding, please add the whole step and logs related to that step.
Always add a default transition

<Transition to="end"/>

This will be for fall back.

ankit1 · June 27, 2024, 1:00pm

Workflow-LCMProvisioning_Dev.xml (41.8 KB)
Please find attached updated workflow where I have added custom step to send email when request get failed.

ashutosh08 · June 27, 2024, 3:16pm

Hi @ankit1,

The workflow being stuck in step “Refresh Identity” is common for all connector type like connected and disconnected or it is just occurring for some type?
Also please confirm if you have tried with some different set of user or not?

Thanks

system · August 26, 2024, 3:16pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Send an email when an error occurred during Access Request ISC Discussion and Questions workflows , identity-security-cloud , provisioning , access-requests	2	48	October 15, 2024
Manually Re-Trigger Access Request Workflow For The Corrupted Access Request IIQ Discussion and Questions identityiq , access-requests	2	32	October 1, 2024
HTML Email Failing To Send IIQ Discussion and Questions identityiq	7	64	November 19, 2024
Initial email notification issue IIQ Discussion and Questions workflows , identityiq	2	24	October 17, 2024
Customizing the LCM Provisioning - Request Access Workflow IIQ Discussion and Questions workflows , identityiq , access-requests	1	141	September 27, 2024

Send email to workgroup when access request has error message

Which IIQ version are you inquiring about?

Share all details related to your problem, including any error messages you may have received.

Related topics