Workflow to get list of sources and their last aggregation date to send email remainder to aggregate source

There are 2 types of sources that has to be manually aggregated: 1st type ( sources X, Y, Z) weekly and 2nd type monthly (sources A, B).

I want to build a workflow to send email remainder to source owner to aggregate sources if it passes due date of 1 week and a month for 1st and 2nd source type based on last aggregation date.

Any ideas how this can be achieved?

I used “account aggregation completed” as trigger followed by compare timestamp. I didnt see any actions to get list of sources. Https action returns body, statusCode and header.

Hi,

I think you should use scheduled trigger (weekly trigger) for this.

This follows two steps:

  1. Make an API call to list all sources “https://sailpoint.api.identitynow.com/sources”.
  2. Loop through the array returned from first API call and make another API call to get the last aggregation date “https://sailpoint.api.identitynow.com/beta/task-status/?limit=1&offset=0&filters=sourceId eq “sourceID” and type in (“CLOUD_ACCOUNT_AGGREGATION”)&sorters=-created”.

In the response returned from second API call you will have the last aggregation date. Compare it using timestamp and if its more than a week send an email alert.

-Abhinov

1 Like

we would want to get list of all sources with last aggregation date

In addition: since the https action returns only statusCode, body and header, what will be the json path to refer completed date?

Hi,

I think your requirement is to send a reminder if aggregation not perform for a week/month. Then I am not understanding how can you make use of AccountAggregation Completed trigger? This will hit right after completion of aggregation.

Please check my response clearly. We are making two API calls. First to get all sources, run a loop through these sources and second API call to get last aggregation time. If the time is more that what you need then you send an email.

Let me know if still unclear.

-Abhinov

2nd API call will return list of previous aggregation for sources rather than one aggregation result (latest one). If we set limit to 1, it will return only one latest aggregation for a single source which was aggregated recently, thus skiping other sources.

@erie-erie ,

Its a loop, once you get the aggregation information from second API call, if it falls under your criteria, trigger an email and then loop will continue until it finishes all sources from first API call.

-Abhinov

loop will continue if aggregation is returned for all sources. With above filter, it will only return one source. I think loop has a limitation to return upto 50

Below is what my workflow looks like

Hi,

How many sources you have?

-Abhinov

215 sources. Most are manually aggregated monthly, few are biweekly and rest weekly

Hi @erie-erie ,

We can use search queries to fetch the last account aggregation passed event and then if there are no results from the query then you can send an email, if there is a result then we can end the workflow.

Example query to fetch aggregation passed info for a specific source less than one week:
type:source_management AND name:“Aggregate Source Account Passed” AND target.name:“Source Name” AND created:<now-1w

We can use Http Action to call the search query api. Feel free to extend the above query based on the requirement to accommodate with different sources names.

I hope this helps

Is there some reference where HTTP action is used for sources using search query. I know for identitites I have used in the past

To use the HTTP action, follow the below steps:

{
    "query": {
        "query": "type:source_management AND name:\"Aggregate Source Account Passed\" AND target.name:\"source name\" AND created:<now-1w"
    },
    "indices": [
        "events"
    ],
    "includeNested": false,
    "sort": [
        "-created"
    ]
}

Note: Replace sailpointtenant with your tenant name in the URLs and in the json body replace source name with your source name or customize the query as needed
HTTP - Reference screenshot 1

HTTP - Reference screenshot 2

In the workflow, i am comparing the response count as shown below, so if the count is 0 then send email, if count is greater than 0 then do nothing

To know more on how to use HTTP action, refer: Using Workflow's HTTP Request Action to Work With IdentityNow APIs

I hope this helps.

1 Like

This is helpful. appreciated. This will work for individual source. I wonder if that query can be modified to support multiple sources.

Below is what my workflow gives the same result for individual source with request url https://sailpoint-sb.api.identitynow.com/beta/task-status?filters=sourceId%20eq%20%sourceId"%20and%20type%20in%20("CLOUD_ACCOUNT_AGGREGATION")&limit=1&sorters=-created
in Http action

Verify data Type

Compare Timestamps

Hi @erie-erie
I understand your requirement and the approach you’re considering via the workflow route because those are flat file sources. However, I believe that manual aggregation remains a task that requires administrative intervention, such as logging into ISC or triggering actions via API.

Using a file upload utility(SailPoint File Upload Utility 4.1.0) can eliminate these manual constraints and significantly reduce the administrative workload. By scheduling the utility on a server and using a task scheduler to automate the process, the job can be completed efficiently without manual intervention.

1 Like

If we want for multiple sources then we need to tweak the workflow little bit.

Following can be one of the approach only if the number of sources are limited. in this approach i am only considering to send a consolidated email to one person if you want to send to different persons you can customize the workflow as needed.

In the following scenario i am just considering 2 sources, so i will be using 3 HTTP actions, HTTP action increases based on the number of sources:

  • 1st HTTP action search query will contain all source names:
type:source_management AND name:"Aggregate Source Account Passed" AND (target.name:"source name 1" OR target.name:"source name 2") AND created:>now-1w
  • 2nd HTTP action search query will contain only 1st source name:
type:source_management AND name:"Aggregate Source Account Passed" AND target.name:"source name 1" AND created:>now-1w
  • 3rd HTTP action search query will contain only 2nd source name:
type:source_management AND name:"Aggregate Source Account Passed" AND target.name:"source name 2" AND created:>now-1w
  • For comparison we can use 1st http action response header with variable1 value is “$.hTTPRequest.headers[“X-Total-Count”][0]” and variable value2 is 0

Now in the email template add if conditions for each source and print the source name only if source response header count variable is == 0 otherwise print nothing:

and Email action - Template context:

{
    "source1.$": "$.hTTPRequest1.headers[\"X-Total-Count\"][0]",
    "source2.$": "$.hTTPRequest2.headers[\"X-Total-Count\"][0]"
}

Example Email:

Note: Either you can increase HTTP actions or another approach - have a single http action and write a logic in email template to parse through response body and check for contains sourcename and don’t print the source name in the email.

1 Like

For over hundreds sources, I guess increasing https actions doesnt seem standard. However, for couple of sources, above approach is the solution. In addition, we have to send email to each source owner

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.