nhassan
March 21, 2024, 12:21pm
1
Hi All,
Is to possible to cancel all pending access requests of the user via a workflow?
Use case:
When the user lifecycle state is changed to inactive (e.g leaver)
Workflow makes HTTP request to IDN to retrieve all pending access requests of the triggered identity
Using a loop, another HTTP request to IDN to cancel their pending requests
First, using this API call to find the access request status of the triggered identity list-access-request-status | SailPoint Developer Community but I am not sure what would be the possible values for RequestedItemStatusRequestState.
Then another API call to cancel the access requests cancel-access-request | SailPoint Developer Community or close access request close-access-request | SailPoint Developer Community of the triggered identity.
Can you please help me with the steps and details needed for each HTTP Request action?
Thanks
iamology
March 21, 2024, 1:06pm
3
You can use Pending Access Requests beta API with filter requestedFor.id eq ID_FROM_TRIGGER and iterate through the array using loop where you can send a HTTP request to cancel the access request.
1 Like
Swegmann
March 21, 2024, 1:18pm
4
Hi Noor!
I would set up a workflow with firstly a HTTP call as input to a loop:
HTTP Request 1:
GET {{baseUrl}}/v3/access-request-approvals/pending?filters=requestedFor.id eq "{{$.trigger.identity.id}}"
This way you will get all pending approvals for the specifik identity using filter: requestedFor.id
This HTTP request becomes the INPUT for a LOOP .
Inside the Loop , configure a 2nd HTTP request:
HTTP Request 2:
POST {{baseUrl}}/v3/access-request-approvals/{{$.loop.loopInput.id}}/reject
Body:
{
"comment": "Automatic rejection of pending requests for leaver identity"
}
This HTTP request will reject every pending access object in the list that you fetched before the Loop, for the specific identity.
Might be good to have some null checking before the very first HTTP request as well to avoid errors
I believe these 2 HTTP requests is all you need for the use-case. You can add some “Send Email” actions wherever you wish for better clarity.
Hope it helps!
2 Likes
nhassan
March 22, 2024, 12:03pm
5
@Swegmann and @iamology
Thanks for your help with this. Appreciated!
I’ve successfully tested this workflow in sandbox.
@Swegmann I had to use a loop and the workflow runs successfully regardless whether the HTTP request has got a null value.
2 Likes
Hi @nhassan ,
nhassan
April 24, 2024, 12:00pm
7
Hi @polaraojalligampala
Screenshot of the steps and JSON script of the workflow are attached.
You can use this template and change these details accordingly (i.e tenant name, client ID and client secret in your HTTP Request action.
RejectLeaversPendingAccessRequests20240424.json (3.0 KB)
system
June 23, 2024, 12:01pm
8
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
