I want to create a ticket when certificate revocation fails during provisioning. I have created the following workflow and applied below filter, but it did not work. Any idea?
The issue is most likely with the JSONPath syntax and field names. In SailPoint workflow filters, provisioningTarget is typically used instead of source.name, and provisioningResult is usually lowercase ("failed" instead of "FAILED").
Try this filter first to validate the trigger fires:
Also make sure you are using standard quotes " " and not smart quotes “ ”.
One additional recommendation — temporarily remove the filter and inspect the actual provisioning event payload. In many cases the operation/value differs from what is expected (Remove vs Disable/Delete/etc.), which causes the filter not to match.
If this helped you reach your goal please mark it as solution!