WorkFlow - Governance Group

Hi, everyone!
I would like to know if I can create a routine through a workflow that issues a certification directed to the access management team when a member of a governance group is inactive or when the group itself is empty.
Thank you for your help!

Yeah it’s easy, you can create a workflow to flag empty groups or inactive members and send a certification to the access team. Just set up a check and automate the certification trigger.

There doesn’t seem to be a direct trigger you can use for this, but if you’re looking to have this workflow run on schedule, then you can use the Scheduled Trigger.

For the governance group check requirement, there does not seem to be a straightforward way. You can consider this approach:

  1. Make an API call to get the workgroup’s members through the HTTP Request action.
  2. You might consider this API call: list-workgroup-members | SailPoint Developer Community
  3. Loop through the members of your governance group and grab the IDs, save it in a variable and use it in the next step. If you don’t have anyone in the governance group, then directly jump to step 5.
  4. Use the Get Identity action to get each identity, and check for their cloudLifecycleState attribute.
  5. If anyone is found to be inactive, launch a certification campaign to the access management governance group.
  6. You might want to consider tagging processed identities so that your next workflow does not re-trigger a new certification. But think through how you’re planning to untag the identities later.

Hi, thanks for the feedback! How can we create this workflow? Do you have any tips or resources that I can reference?

Hi, thanks for the feedback! Let’s study these methods!