We’re trying to do a workflow that finds accounts that belong to a source and searches if they also have an account in AD. If they have an account in AD they must be disabled. But we can’t get the “Manage accounts” to work.
Hi @rcgalvez ,
Is there any error message?
No. It’s just sends the mail but doesn’t disable the account.
Hi @rcgalvez,
Welcome to the community.
Have you tried something like this in the Manage accounts node to see if it works.?
$.getAccounts.accounts[*].id
Or something as below to specifically look for your AD source
$.getAccounts.accounts[?(@.sourceId=='YOUR AD SOURCE ID')].id
If you still face issue, it would be helpful if you can upload your whole workflow JSON (removing sensitive info), so that it will be easy to troubleshoot.
2 Likes
Thank you for your answer. I tried both ways and it didn’t help. Here I leave the .json in case anyone can help me.
{
"name": "Test 4",
"description": "No",
"modified": "2024-06-10T13:32:35.414140146Z",
"modifiedBy": {
"type": "IDENTITY",
"id": "06c1619bb4ad4fa3b793330ced2408fe",
"name": "rcgalvez"
},
"definition": {
"start": "Get List of Identities",
"steps": {
"End Step - Success": {
"displayName": "",
"type": "success"
},
"Get List of Identities": {
"actionId": "sp:get-identities",
"attributes": {
"inputQuery": "@accounts(source.name:\"Sourcename\")",
"searchBy": "searchQuery"
},
"description": null,
"displayName": "",
"nextStep": "Loop",
"type": "action",
"versionNumber": 2
},
"Loop": {
"actionId": "sp:loop:iterator",
"attributes": {
"context.$": "$",
"input.$": "$.getListOfIdentities.identities",
"start": "Get Accounts",
"steps": {
"Compare Strings": {
"choiceList": [
{
"comparator": "StringEquals",
"nextStep": "Manage Accounts",
"variableA.$": "$.loop.loopInput.source.name",
"variableB": "Active Directory"
}
],
"defaultStep": "End Step - Failure",
"displayName": "",
"type": "choice"
},
"End Step - Failure": {
"description": null,
"displayName": "",
"failureName": "fallo",
"type": "failure"
},
"End Step - Success 1": {
"displayName": "",
"type": "success"
},
"Get Accounts": {
"actionId": "sp:get-accounts",
"attributes": {
"getAccountsBy": "specificIdentity",
"identity.$": "$.loop.loopInput.source.name"
},
"displayName": "",
"nextStep": "Compare Strings",
"type": "action",
"versionNumber": 1
},
"Manage Accounts": {
"actionId": "sp:manage-account",
"attributes": {
"accountIds.$": "$.getAccounts.accounts.id",
"operation": "disable"
},
"displayName": "",
"nextStep": "Send Email",
"type": "action",
"versionNumber": 1
},
"Send Email": {
"actionId": "sp:send-email",
"attributes": {
"body": "The identity {{$.loop.loopInput.firstName}} {{$.loop.loopInput.lastName}} of the source {{$.loop.loopInput.source.name}}\n {{$.loop.loopInput.passwordLastSet}}\n {{$.identities.accounts.id}}",
"context": {},
"recipientEmailList": [
"[email protected]"
]
},
"displayName": "",
"nextStep": "End Step - Success 1",
"type": "action",
"versionNumber": 2
}
}
},
"displayName": "",
"nextStep": "End Step - Success",
"type": "action",
"versionNumber": 1
}
}
},
"creator": {
"type": "IDENTITY",
"id": "84a568c1f5024b24b21a25a27379ac66",
"name": "rcgalvez"
},
"trigger": {
"type": "SCHEDULED",
"attributes": {
"cronString": "0 0 * * *",
"dailyTimes": [
"0000-00-0000:00:00.000Z"
],
"frequency": "daily",
"timeZone": "Europe/London"
}
}
}
Raúl, create a external trigger workflow for Disabling the account. and put the HTTP request inside the loop. You iterate on the list callking the external workflow and disabling the accounts .
that would be a more controlled approach in my opinion
Hi @rcgalvez,
Here is an approach you can try :
Step 1 → Scheduled trigger
Step 2 → HTTP Action → Here you can call the Search API with a query like @accounts(source.name:"AD Source") AND @accounts(source.name:"Other Source")
Step 3 → Initiate the loop with input as $.hTTPRequest.body (This is to take the input from the HTTP action’s body which will have all the Identities)
Step 4 → Inside the loop, call HTTP action 2 which is a GET call on IDN accounts to get the Identity’s AD account.
https://{tenant}.api.identitynow.com/v3/accounts?filters=sourceId%20eq%20%22<<replace your AD source ID>>%22%20and%20identityId%20eq%20%22{{$.loop.loopInput.id}}%22
Step 5 → Manage Accounts Action with operation as disabled using the below account selection criteria:
$.hTTPRequest2.body[*].id
The overall WF would look something like this :
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.