Workflow Failing on End Step - Success

Hi,

I have a workflow that creates a UAR on identity attribute change. The workflow seems to do everything that is required. However, it fails on End Step - Success.

Screenshot attached

Screenshot_20250425_103855_Chrome1439×1713 187 KB

Error:

{
    "type": "ActivityTaskCompleted",
    "timestamp": "2025-04-25T05:08:06.701513768Z",
    "attributes": {
      "displayName": "Activate Certification Campaign",
      "result": null,
      "stepName": "activateCertificationCampaign",
      "task": "sp:activate-campaign",
      "technicalName": "Activate Certification Campaign"
    }
  },
  {
    "type": "WorkflowExecutionFailed",
    "timestamp": "2025-04-25T05:08:06.733517966Z",
    "attributes": {
      "error": "expected top-level JSON object in string, got unsupported structure (type: Error Parsing Activity Output, retryable: false)"
    }
  }

Hi @sreeram

Can u share your workflow json , mask sensitive data.

An update:

On further investigation and testing, I discovered a workaround; the step “Activate Certification Campaign” was updated to include error handling and directed the next step to “End Step - Success” on Error.

image827×445 27.1 KB

However, the step “Activate Certification Campaign” is completing successfully, the workflow errors out after “Activate Certification Campaign” step.

Certification Campaign Activated [last step before End Step - Success]

image1355×110 5.45 KB

@sreeram
May I know which API calls (related to certification campaign ) are you performing before performing “Activate Certificate Campaign” ?

1. Perform a targeted access search (HTTP Op)
2. Creating a search-based campaign template (HTTP Op)
3. Generating a campaign out of the template (HTTP Op)
4. Wait step - 1 minute
5. Deleting the search-based campaign template (HTTP Op)
6. Activate the generated campaign (Successful)
7. End step

Hi @sreeram

@sreeram I suggest you to use HTTP action to activate the campaign , it should work fine.{{baseUrl}}/campaigns/:id/activate

I have tested this on my tenant , I can confirm this is same for me . I believe this is a bug. The Action Activate Certification Campaign is not producing any output. @colin_mckibben can you please clarify on this ?

Thank you for your response

Check whether this occurs for all certs or a specific cert campaigns. This could happen due to auto close of Cert campaign when no items exists in the campaign.

@sreeram Before activating the campaign just check the status of the campaign using compare operator. If its “staged” only then activate it. There are chances that status may go to “completed” if there is no access to review for that user mentioned as per the search query.

The workflow creates the search-based campaign only if the access (that needs to be reviewed) exists in the Identity cube. (Verify datatype exists)

There is a wait step prior to the Activate Certificate Campaign step. As for no access to review, the UAR is only created if the access is present with the identity triggering the workflow.

I tested the same for other workflows as well, the Activate Certification Campaign step is failing in all of the select samples tested for errors in the QA environment.

This seems to be a persistent issue across prod, QA and Dev environment workflows which were fully functioning prior to April 22nd 2025, we have raised a SailPoint support ticket for further investigation.

can you share the screenshot from workflow like how to activate using http action?

@dgandhi Drag and drop the HTTP step
Provide the credentials based on Auth type (typically OAuth 2.0, client ID and secret)

In the request URL:
https://<TENANTNAME>.api.identitynow.com/v3/campaigns/{{$.hTTPRequest2.body.id}}/activate

Method: POST

The {{$.hTTPRequest2.body.id}} variable name can vary based on the technical name of the HTTP action step which generates the UAR.

Screenshot_20250501_211542_Chrome1439×2105 210 KB

we saw something similar in our environment, did SailPoint respond with a resolution ?

No resolution yet, for any immediate deployments or fix, we are now actively using HTTP action calling the Activate Certification Campaign API.

Raised a ticket with SailPoint and they are aware of this issue and are actively working on to resolve this issue. Currently we do not have any ETA for it.