We have created a workflow to trigger access profiles after the AD account is created based on the position ID.
For that identity, attribute is created adAccountExists if the AD account exists set to YES and then based on the positionId assigning the access Profile. For some reason, it is not assigning access profiles. When I checked, the log query did not return the positionId. Do you have any idea what could be the issue?
Below is the log.
{
"displayName": "Get Access",
"input": {
"accessprofiles": true,
"entitlements": false,
"getAccessBy": "searchQuery",
"identityToReturn": null,
**"query": "name.exact:\"{{$.trigger.attributes.positionId}}\" AND source.id:\"** **39485455****ca984addafffb4c165dd2ec3\" ",**
"roles": false,
"suppliedInlineExpression": {
"query": "name.exact:\"{{$.trigger.attributes.positionId}}\" AND source.id:\" 39485455ca984addafffb4c165dd2ec3\" "
}
},
"stepName": "getAccess",
"task": "sp:access:get"
}
below is workflow
{
"name": "Identity Attribute Change Test",
"description": "Identity Attribute Change Test",
"modified": "2024-01-25T18:59:05.074089333Z",
"modifiedBy": {
"type": "IDENTITY",
"id": "5376e16c755844069821bdaddfd",
"name": "Test"
},
"definition": {
"start": "Get Accounts",
"steps": {
"Compare Strings": {
"choiceList": [
{
"comparator": "StringEquals",
"nextStep": "Verify Data Type",
"variableA.$": "$.trigger.changes[?(@.attribute == \"adAccountExists\")].newValue",
"variableB": "YES"
}
],
"defaultStep": "Send Email 2",
"type": "choice"
},
"End Step - Failure": {
"failureName": "Operation Fail",
"type": "failure"
},
"End Step - Failure 1": {
"description": "Failure",
"failureDetails": "Failure",
"failureName": "Failure",
"type": "failure"
},
"End Step - Success": {
"type": "success"
},
"Get Access": {
"actionId": "sp:access:get",
"attributes": {
"accessprofiles": true,
"entitlements": false,
"getAccessBy": "searchQuery",
"query": "name.exact:\"{{$.trigger.attributes.positionId}}\" AND source.id:\"39485455ca984addafffb4c165dd2ec3\" ",
"roles": false
},
"nextStep": "Verify Data Type 1",
"type": "action",
"versionNumber": 1
},
"Get Accounts": {
"actionId": "sp:get-accounts",
"attributes": {
"getAccountsBy": "specificIdentity",
"identity.$": "$.trigger.identity.id"
},
"nextStep": "Compare Strings",
"type": "action",
"versionNumber": 1
},
"Manage Access": {
"actionId": "sp:access:manage",
"attributes": {
"addIdentities.$": "$.trigger.identity.id",
"comments": "Automate Access Addition during Workflow",
"requestType": "GRANT_ACCESS",
"requestedItems": "$.getAccess.accessItems[0]"
},
"nextStep": "Send Email 1",
"type": "action",
"versionNumber": 1
},
"Send Email": {
"actionId": "sp:send-email",
"attributes": {
"body": "IdentityNow encountered o new user ${name}:\n\nError: More than one Access Profile was returned that matched the Template Name attribute: ${TemplateName}",
"context": {
"accessProfileName.$": "$.getAccess.accessItems[0].name",
"name.$": "$.trigger.identity.name"
},
"from": "[email protected]",
"recipientEmailList": [
"[email protected]"
],
"replyTo": "[email protected]",
"subject": "IdentityNow new hire workflow failed to add EPIC to user ${name}"
},
"nextStep": "End Step - Failure",
"type": "action",
"versionNumber": 2
},
"Send Email 1": {
"actionId": "sp:send-email",
"attributes": {
"body": "Adding Access Succes",
"context": {
"accessProfileName.$": "$.getAccess.accessItems[0].name",
"name.$": "$.trigger.identity.name"
},
"from": "[email protected]",
"recipientEmailList": [
"[email protected]"
],
"replyTo": "[email protected]",
"subject": "Success"
},
"nextStep": "End Step - Success",
"type": "action",
"versionNumber": 2
},
"Send Email 2": {
"actionId": "sp:send-email",
"attributes": {
"body": "Compare Failed",
"context": {
"accessProfileName.$": "$.getAccess.accessItems[0].name",
"name.$": "$.trigger.identity.name"
},
"from": "[email protected]",
"recipientEmailList": [
"[email protected]"
],
"replyTo": "[email protected]",
"subject": "Compare Failed"
},
"nextStep": "End Step - Failure 1",
"type": "action",
"versionNumber": 2
},
"Verify Data Type": {
"choiceList": [
{
"comparator": "IsPresent",
"nextStep": "Get Access",
"variableA.$": "$.getAccounts.accounts[?(@.sourceName==\"Workday FF\")].sourceId"
}
],
"defaultStep": "Send Email 2",
"description": null,
"type": "choice"
},
"Verify Data Type 1": {
"choiceList": [
{
"comparator": "IsPresent",
"nextStep": "Manage Access",
"variableA.$": "$.getAccess.accessItems[1]"
}
],
"defaultStep": "Send Email",
"description": "",
"type": "choice"
}
}
},
"creator": {
"type": "IDENTITY",
"id": "5376e16c755844069821bdaddfd",
"name": "test"
},
"trigger": {
"type": "EVENT",
"attributes": {
"id": "idn:identity-attributes-changed"
}
}
}type or paste code here