Problem

We faced an issue with performance degradation of Workflows in our SailPoint ISC tenant due to which the workflows were not getting triggered as required and there were lots of delays.

Diagnosis

The workflow which we developed was programmed to send the email notifications to the User’s Manager which were getting Disabled in ISC. In more technical terms, when the cloudLifeCycle State of the user was getting changed from “active” to “disabled”, we were sending an email notification. In the workflow, we used “Identity Attributes Change” trigger and filter inside the trigger we used was $.changes[?(@.attribute == 'cloudLifecycleState')].

The above trigger means that if the “cloudLifecycleState” identity attribute is part of identity attribute change, then, remaining logic of workflow will be TRIGGERED.

Meanwhile, we also had changed the logic LCS state calculation and changed names of LCS state in the transform logic as well.

During the next FULL Aggregation of identities from Authoritative source after fixing the LCS state calculation transform, we saw lots of workflow events were triggered which eventually degraded the performance of Workflow Microservices in SailPoint ISC which impacted the overall performance of the tenant.

The issue was because of the FILTER we used and for more than 50K identities the LCS states were changed, lots of workflow events were triggered. The root cause was FILTER condition was not as required and it was very linear in nature.

Solution

We changed the FILTER condition to be more specific so that WORKFLOWs will be triggered only when its required and when the exact condition is met.

The filter we used is as follows.

$.changes[?(@.attribute == 'cloudLifecycleState' && @.oldValue == 'active' && @.newValue == 'disabled')]

By the doing the above, the performance of Workflows in the tenant was improved and overall microservice of WORKFLOWS was stabilized.