I’m following along with Workflow - Remove Entitlements from selected source - #8, but I have a slightly different requirement. Instead of revoking all entitlements for a particular source, I want to invoke all entitlements for multiple sources that share a tag.
The response object for searching identities doesn’t provide tags for a source, only source ID and source name. You can read more about the available data in the search response here: Searchable Fields - SailPoint Identity Services.
You can try calling the list tagged objects API first to get all sources with a particular tag, and then loop over each source that is returned and use the source name in the filter as shown in my original example.
I need to see your workflow to know where the HTTP requests are in your workflow and where you are attempting to call them. Can you share an image of it and the workflow script itself?
I looked into this further, and I don’t think you can accomplish this with a single workflow. I think you’ll need two. The first workflow will look like this.
It retains most of the logic you already have, with HTTP Request 2 fetching the list of sources by tag name. The only difference is that the loop will need to loop over each source ID and then invoke another workflow. The loop input will be this JSONpath: $.hTTPRequest2.body[*].objectRef.id. And instead of using HTTP Request 1 to invoke the access request API, you’ll use it to invoke the second workflow, as described below.
The second workflow will be this workflow that I use in my show and tell: Workflow to remove access by identity based on special conditions. The only difference is that instead of using an Identity Attribute Changed trigger, you’ll use the external trigger. Your first workflow will call the endpoint generated by the second workflow’s external trigger. You will just need to pass the identity ID and the source ID from each iteration of the loop in workflow 1 to workflow 2. That will allow workflow 2 to know which identity to revoke access from, and which source ID to filter on.
How can we call second workflow from first workflow where we are looping with source ids, can you give us the snippet please that would help a lot! Also in External Trigger of second workflow what would be the input?
We’ve tried but unable to get tagged objects with Path Variable (type: SOURCE). If we’re putting this Path Variable into Query Parameter, it doesn’t seem to be working as it’s returning all tagged objects.