Workflow Loop Input Filter issue

sagar_kamalakar · March 18, 2025, 12:07pm

Hi All,
I have a requirement to remove AD entitlements on day 21 after an identity is terminated, except AD ‘O365’ entitlements. I have implemented a workflow that triggers on Day 21 and executes successfully, but it is not removing any entitlements. The issue seems to be with the loop input filter, as the output of my loop is blank. Below is my current loop input filter.

$.hTTPRequest.body[0].access[?(@.type == "ENTITLEMENT" && @.source.name == "Active Directory" && @.name !=~ /.*O365.*/i)]

I am able to achieve this via ‘Get Access’ and ‘Manager Access’ actions, but I am unable to filter only the AD source entitlements. As a result, I chose to use the HTTP request option to filter the AD entitlements.

The following filter works with ‘Get Access’, but I am unable to add the AD source within this filter:

$.getAccess.accessItems[?(@.name !=~ /.*O365.*/i)]

Any pointers would be highly appreciated.

Thanks,
Sagar

Santhakumar · March 18, 2025, 1:02pm

Hi @sagar_kamalakar did you try the sailpoint JSON path evaluator tool to check the filters it can be very handy to use that. Also you can get the sample output/input from workflow itself.

sagar_kamalakar · March 18, 2025, 2:37pm

Hi @Santhakumar yes I tried JSON path evaluator tool its throwing out error on !=~ operator.

kdfreeman · March 18, 2025, 2:54pm

use contains to filter all 0365 entitlements first and negate it to omit 0365 entitlements. Use json path evaluator to make your filter.

sagar_kamalakar · March 18, 2025, 8:24pm

Hi @kdfreeman, I tried my Jsonpath with above and it is returning the expected result
Here is the screenshot but same jsonpath not working in loop Input filter.

$.hTTPRequest.body[0].access[?(@.type == “ENTITLEMENT” && @.source.name ==“Active Directory” && @.name !=~ /.O365./i)]

system · May 17, 2025, 8:25pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.