There are 2 types of sources that has to be manually aggregated: 1st type ( sources X, Y, Z) weekly and 2nd type monthly (sources A, B).
I want to build a workflow to send email remainder to source owner to aggregate sources if it passes due date of 1 week and a month for 1st and 2nd source type based on last aggregation date.
Any ideas how this can be achieved?
I used “account aggregation completed” as trigger followed by compare timestamp. I didnt see any actions to get list of sources. Https action returns body, statusCode and header.
In the response returned from second API call you will have the last aggregation date. Compare it using timestamp and if its more than a week send an email alert.
I think your requirement is to send a reminder if aggregation not perform for a week/month. Then I am not understanding how can you make use of AccountAggregation Completed trigger? This will hit right after completion of aggregation.
Please check my response clearly. We are making two API calls. First to get all sources, run a loop through these sources and second API call to get last aggregation time. If the time is more that what you need then you send an email.
2nd API call will return list of previous aggregation for sources rather than one aggregation result (latest one). If we set limit to 1, it will return only one latest aggregation for a single source which was aggregated recently, thus skiping other sources.
Its a loop, once you get the aggregation information from second API call, if it falls under your criteria, trigger an email and then loop will continue until it finishes all sources from first API call.
loop will continue if aggregation is returned for all sources. With above filter, it will only return one source. I think loop has a limitation to return upto 50
We can use search queries to fetch the last account aggregation passed event and then if there are no results from the query then you can send an email, if there is a result then we can end the workflow.
Example query to fetch aggregation passed info for a specific source less than one week: type:source_management AND name:“Aggregate Source Account Passed” AND target.name:“Source Name” AND created:<now-1w
We can use Http Action to call the search query api. Feel free to extend the above query based on the requirement to accommodate with different sources names.
{
"query": {
"query": "type:source_management AND name:\"Aggregate Source Account Passed\" AND target.name:\"source name\" AND created:<now-1w"
},
"indices": [
"events"
],
"includeNested": false,
"sort": [
"-created"
]
}
Note: Replace sailpointtenant with your tenant name in the URLs and in the json body replace source name with your source name or customize the query as needed HTTP - Reference screenshot 1
Hi @erie-erie
I understand your requirement and the approach you’re considering via the workflow route because those are flat file sources. However, I believe that manual aggregation remains a task that requires administrative intervention, such as logging into ISC or triggering actions via API.
Using a file upload utility(SailPoint File Upload Utility 4.1.0) can eliminate these manual constraints and significantly reduce the administrative workload. By scheduling the utility on a server and using a task scheduler to automate the process, the job can be completed efficiently without manual intervention.
If we want for multiple sources then we need to tweak the workflow little bit.
Following can be one of the approach only if the number of sources are limited. in this approach i am only considering to send a consolidated email to one person if you want to send to different persons you can customize the workflow as needed.
In the following scenario i am just considering 2 sources, so i will be using 3 HTTP actions, HTTP action increases based on the number of sources:
1st HTTP action search query will contain all source names:
type:source_management AND name:"Aggregate Source Account Passed" AND (target.name:"source name 1" OR target.name:"source name 2") AND created:>now-1w
2nd HTTP action search query will contain only 1st source name:
type:source_management AND name:"Aggregate Source Account Passed" AND target.name:"source name 1" AND created:>now-1w
3rd HTTP action search query will contain only 2nd source name:
type:source_management AND name:"Aggregate Source Account Passed" AND target.name:"source name 2" AND created:>now-1w
For comparison we can use 1st http action response header with variable1 value is “$.hTTPRequest.headers[“X-Total-Count”][0]” and variable value2 is 0
Now in the email template add if conditions for each source and print the source name only if source response header count variable is == 0 otherwise print nothing:
Note: Either you can increase HTTP actions or another approach - have a single http action and write a logic in email template to parse through response body and check for contains sourcename and don’t print the source name in the email.
For over hundreds sources, I guess increasing https actions doesnt seem standard. However, for couple of sources, above approach is the solution. In addition, we have to send email to each source owner