Workflow to copy entitlement value during account create

Hello everyone,
I am looking to get some assistance in building a workflow

End goal: When a new account gets created in snowflake source, the entitlement value needs to be copied into the account attribute “default role”. Example: when new account gets created in snowflake, user gets assigned an entitlement (role). That role/entitlement name needs to be copied into user account attribute “default role” so entitlement value = default role

I am building the workflow but stuck in an issue:

  1. Trigger - This will allow to see if any new account is created in the source “snowflake”

  2. If the source equals Snowflake, proceed to next step

Then my thought process is to as follows:

  1. Use “Get accounts” action to get the account of the identity. I think i am missing something here.

I would like to get the account entitlements of the account that got created in snowflake then use an HTTP put call to update account attribute “default role” of the user to be same value as the entitlement.

Can you please suggest which API calls/actions can be best suited for the end goal for the workflow?

@salam1 You can use either ‘Source Account Created’ or ‘Provisioning Completed’ trigger instead of Native Change Account Created. Then using Compare String check sourceName equals ‘snowflake’. Next you need to use ‘Get Access’ to get the list of entitlments and ‘Get account’ as well to get account id. Next you need to call ‘HTTP Request’ operation to use below API to update account field ‘default role’.

Hope this helps !

Thank you @sagar_kamalakar Will the “Get Access” return all entitlements from all sources? Because im specifically looking to get the entitlement from just snowflake source and I would pass the name of the snowflake entitlement into the “HTTP request” operation body to update default role.

Hi @salam1, You can update your ‘Get Access’ as ‘By search Query’ and add below search query

@access(type:ENTITLEMENT AND source.name:“snoflake” )

it will return all snowflake entitlements. Double check query with postman tool.

Thank you @sagar_kamalakar Yes so it appears that it will provide all entitlements for snowflake.

When a snowflake account gets created, the snowflake entitlement that gets assigned to the identity during the account creation is the one that needs to be pasted into the default role attrribute value.

I would like to get the name/value of the snowflake entitlement that is added to the identity during snowflake account creation

I think i might have to use this instead:

1 Like