As part of our lifecycles, when an identity leaves we have to temporarily remove one role and add another (all other roles are removed)
At the same time, in the same workflow we disable the account.
But it gets filtered when the workflow launches and replaced by a create (which obviously fails)
As it is not considered an error, I do not have any log to present. But would you have any idea where this is coming from ?
I thought of a theory:
connection issue with the AD (but makes not much sense since the account exists and the request has not been sent)
Just to summarise, you are assigning a role (containing AD entitlements/groups) and removing all the other roles. Then you are trying to disable the AD account in the same workflow, correct? Is it handled through a two different provisioners? or are you trying to execute everything in a single plan?
Hello, is this a new workflow that you are developing for the first time, or are you attempting to resolve an issue in a previously functioning workflow? Kindly provide a brief explanation.
The workflow is almost a year old and all of a sudden some identities (with no discernible difference from regular identities) go through this workflow but the execution fails because the AD account exists. There was no change in the workflow when the issue started to pop up (I mean no prior deployment)
In the access request, the account disable from the workflow plan is filtered, replaced by an account create request (only appears in the provisioning engine part of the access request)
I understood the issue now, we faced a somewhat similar issue with Azure connector in IdentityNow. We had to involve SailPoint to get some answers. As this is a workflow which has already been deployed and made sure to have been running successfully for most identities, my suggestion would be to raise a ticket with SailPoint and get some answers.
Is there a specific fix that Sailpoint suggested for your issue ?
thank you very much for the help, I will try and get in touch with sailpoint for this matter in the meantime.
If anyone else has any input in the meanwhile, it would be much appreciated.