Problem Statement: if an identity has MORE than 100 entitlements for the source, the loop operation throws an error.
Proposed Solution:
Limit the input to the loop to 99 Entitlement records, and have multiple loops to process 1-99, 100-199 etc.
Issue Experienced:
I cannot seem to limit the entitlements as the loop input from the HTTP response body with the below JSON path, have tried multiple combinations:
Hi,
A different approach with workflow would be to trigger the workflow on the termination lifecyclestate and get the target identity, create a certification of all access, auto revoke and close the certification.
I could share a workflow if this is a solution you would be happy to follow.
Try it out you will need a clientID and Secret for accessing the API
Edit the workflow and substitute your tenant details
Edit the trigger to use your target lifecycle state etc before uploading
It does remove all access, may need a tweak to target one source if that is required
Hi Anthony,
Thanks for sharing, it did indeed.
Although we ended up going in a different way.
Get Identity →
Get Accounts →
Get Entitlements 1 [https://ABC.identitynow.com/v2024/accounts/{{$.getAccounts.accounts[?(@.sourceName==‘Active Directory’)].id}}/entitlements] → [limit to 99]
Get Entitlements 2 [https://ABC.identitynow.com/v2024/accounts/{{$.getAccounts.accounts[?(@.sourceName==‘Active Directory’)].id}}/entitlements] → [limit to 99, offset 100]
→ then two Loops with input from each of the two Get Entitlement HTTP request nodes above.
Thanks for your suggestion, really insightful and appreciated