Unable to reference identity ID in loop context

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

I am able to remove the entitlements if I enter the identity manually in the ‘Manage Access’. However, when I use $.loop.context.trigger.identity.id, $.loop.context.getidentity.id, or $trigger.identity.id, it does not remove the entitlements. I have attached the JSON file. Can you please help me here?

{
	"name": "Copy of ZTST_Removal testing",
	"description": "testing",
	"modified": "2023-10-26T11:02:06.358295453Z",
	"modifiedBy": {
		"type": "IDENTITY",
		"id": "xxxxxx",
		"name": "xxxxxx"
	},
	"definition": {
		"start": "Get Identity",
		"steps": {
			"Compare Strings": {
				"choiceList": [
					{
						"comparator": "StringEquals",
						"nextStep": "Get Access",
						"variableA.$": "$.getIdentity.attributes.cloudLifecycleState",
						"variableB": "lapsed"
					}
				],
				"defaultStep": "End Step — Failure",
				"type": "choice"
			},
			"End Step — Failure": {
				"failureName": "Failure",
				"type": "failure"
			},
			"End Step — Success 1": {
				"description": "Success",
				"type": "success"
			},
			"Get Access": {
				"actionId": "sp:access:get",
				"attributes": {
					"accessprofiles": false,
					"entitlements": true,
					"getAccessBy": "specificIdentity",
					"identityToReturn.$": "$.getIdentity.id",
					"roles": false
				},
				"nextStep": "Loop",
				"type": "action",
				"versionNumber": 1
			},
			"Get Identity": {
				"actionId": "sp:get-identity",
				"attributes": {
					"id.$": "$.trigger.identity.id"
				},
				"nextStep": "Compare Strings",
				"type": "action",
				"versionNumber": 2
			},
			"Loop": {
				"actionId": "sp:loop:iterator",
				"attributes": {
					"context.$": "",
					"input.$": "$.getAccess.accessItems",
					"start": "Manage Access",
					"steps": {
						"End Step — Success": {
							"description": "Success inside loop",
							"type": "success"
						},
						"Manage Access": {
							"actionId": "sp:access:manage",
							"attributes": {
								"comments": "Removal in lapsed",
								"removeIdentity.$": "$.loop.context.trigger.identity.id",
								"requestType": "REVOKE_ACCESS",
								"requestedItems.$": "$.loop.loopInput"
							},
							"nextStep": "End Step — Success",
							"type": "action",
							"versionNumber": 1
						}
					}
				},
				"nextStep": "End Step — Success 1",
				"type": "action",
				"versionNumber": 1
			}
		}
	},
	"creator": {
		"type": "IDENTITY",
		"id": "9ccdea463acd483c9e100ebda16f3f18",
		"name": "harish.govindaraj"
	},
	"trigger": {
		"type": "EVENT",
		"attributes": {
			"attributeToFilter": "cloudLifecycleState",
			"filter.$": "$.changes[?(@.attribute == \"cloudLifecycleState\")]",
			"id": "idn:identity-attributes-changed"
		}
	}
}
2

It looks like you don’t have anything in your loop context. Try adding a $ to the loop context which will allow you to reference any variable outside of the loop. Once you add the $, you can use $.loop.context.trigger.identity.id.

3

Thank you so much for your help!

1 Like
4

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.