Hi,
I am trying to compare values from the “Get Access” result and a static value “Test-Access”, but the compare step always returns false, despite value1 output having a string value that matches value2
There are a couple of issues with your approach. Workflows uses Goessner JSONpath, which doesn’t support the contains operator. Also, the Compare Strings action is meant to compare two strings, but the result of your JSONpath expression will be an array.
If “Test-Access” is the full name of an access item in your list, then you can use the “Verify Data Type” operator with the following configuration. This JSONpath expression will return a value If any accessItem has the name “Test-Access”. If no accessItem has the name, it returns null. Therefore, checking if the data type exists will tell us if the JSONpath expression found any matches.
Thanks for your response.
“Test-Access” is a substring of the Access profile name, not the full name. I did tried with ‘Verify Data Type’ which didn’t work unfortunately.
You might try the loop operator to check each access item name. This will allow you to use the Compare String operator with the “contains” option.
The use-case here is to send one email when there are no accesses found that matches the given substring (ex. Test-Access).in the entire input list.
So, is there a way we could use a global variable within the loop that can be referenced outside of the loop and based on the flag value (true or false), the further processes can take place (like sending an email) ?
There is no way to break the loop, and no global variable at this time.
There may be another way to solve this. Can you describe what this workflow is trying to accomplish?
If you only need to determine if an identity has an access profile that starts with “Test-Access”, then I might have a solution for you. Rather than using Get Access, you can use the HTTP Request action to run a search based on your criteria. The request body will be as follows, but you might have to change the path to the identity ID based on your trigger.
{
"query": {
"query": "id:{{$.trigger.identity.id}} && @access(type:ACCESS_PROFILE && name:\"Test-Access*\")"
},
"indices": [
"identities"
]
}
If the identity you specify has an access profile with a name that starts with Test-Access, then the response body will contain an array with one result. If the identity doesn’t match, then the array will be empty. You can use this in your comparison step to see if there is one element in the array. If true, then you have a match. If false, then no match.
Here’s the workflow script for your reference:
{
"name": "HTTP Test",
"description": "",
"modified": "2022-11-30T14:53:46.979547667Z",
"definition": {
"start": "HTTP Request",
"steps": {
"HTTP Request": {
"actionId": "sp:http",
"attributes": {
"authenticationType": "OAuth",
"jsonRequestBody": "{\n \"query\": {\n \"query\": \"id:{{$.trigger.identity.id}} && @access(type:ACCESS_PROFILE && name:airtable-*)\"\n },\n \"indices\": [\n \"identities\"\n ]\n}",
"method": "post",
"oAuthClientId": "***",
"oAuthClientSecret": "***",
"oAuthCredentialLocation": "oAuthInHeader",
"oAuthTokenUrl": "https://your-tenant.api.identitynow.com/oauth/token",
"requestContentType": "json",
"url": "https://your-tenant.api.identitynow.com/v3/search",
"urlParams": null
},
"nextStep": "Verify Data Type",
"type": "action",
"versionNumber": 2
},
"Verify Data Type": {
"choiceList": [
{
"comparator": "IsPresent",
"nextStep": "success",
"variableA.$": "$.hTTPRequest.body[0]"
}
],
"defaultStep": "failure",
"type": "choice"
},
"failure": {
"failureName": "Fail",
"type": "failure"
},
"success": {
"type": "success"
}
}
},
"creator": {
"type": "IDENTITY",
"id": "2c9180867624cbd7017642d8c8c81f67",
"name": "colin.mckibben"
},
"trigger": {
"type": "EVENT",
"attributes": {
"id": "idn:identity-created"
}
}
}
1 Like
Hi @colin_mckibben,
I have similar requirement I need check if an identity has an access profile that starts with “Test-Access” and substring of “-ps-”, if true I need to send mail else no else action. could you please share your idea’s to achieve this condition
Try this regex in your search string.
name:\"Test-Access.*-ps-*\"
Thanks @colin_mckibben .
if any access matches with this pattern name:"Test-Access.-ps-" found, I need to revoke the access and I need to send an email that you access got revoked for this access item name. If I use Http request how to pass access items to manage action and in email. could you please help me with this.
Another requirement is if any access matches with this pattern name:"Test-Access.-ps-" found, I need to send an email that you access will be removed for this access item name. If I use Http request how to pass access items name in email.
The community can certainly help answer this, but we’re getting off topic. Can you please create a new topic with your question?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.