├── workflows ├── assign-roles-using-forms │ ├── .gitkeep │ ├── README.md │ ├── AssignRolesviaForms.json │ └── Assign Roles via Form.json ├── emergency-termination │ ├── .gitkeep │ ├── README.md │ └── EmergencyIdentityTermination.json ├── new-hire-additional-info │ ├── .gitkeep │ ├── README.md │ ├── UserOnboardingFormWorkflow.json │ └── User Onboarding Form.json ├── request-response-trigger │ ├── .gitkeep │ ├── AccessRequestPreapproval.json │ └── UpdateAccessRequestPreapprovalAccessToken.json ├── manage-service-now-ticket │ ├── .gitkeep │ ├── README.md │ ├── ManageServiceNowTicketwithHTTPRequestinWorkflows.json │ └── ManageServiceNowTicketwithWorkflows.json ├── run-unoptomized-aggregation │ ├── .gitkeep │ ├── README.md │ └── RunUnoptimizedAggregation.json ├── account-aggregation-failed-notification │ ├── .gitkeep │ ├── README.md │ └── AccountAggregationFailedNotification.json ├── scheduled-full-source-aggregation-delta │ ├── .gitkeep │ ├── README.md │ └── ScheduledFullSourceAggregation.json ├── delayed-deprovisioning-of-birthright-role-on-mover │ ├── .gitkeep │ ├── README.md │ ├── Workflow-Delayed Birthright Role DeProvisioning on Transfer.json │ └── Form - Delayed Birthright Role DeProvisioning.json ├── fasttrack-identity-onboarding │ ├── README.md │ ├── UserOnboardingAssignRoles.json │ ├── FastTrackUserOnboarding.json │ └── UserOnboardingServiceNowRequests.json ├── reassign-object-owners │ ├── ReassignWorkflows.json │ ├── ReassignGovernanceGroups.json │ ├── ReassignIdentityProfiles.json │ ├── ReassignSources.json │ ├── ReassignRoles.json │ ├── ReassignEntitlements.json │ ├── ReassignAccessProfiles.json │ └── ObjectOwnerReassignment.json ├── retry-failed-workflows │ ├── RetryFailedWorkflowsFormHandler.json │ ├── RetryFailedWorkflowsForm.json │ └── RetryFailedWorkflowsRecursiveProcessor.json ├── sod-add-dynamic-approver │ └── SoDynamicApproverv0.json ├── access-request-for-account-management │ └── RequestHandler-ManageAccounts.json └── temporary-admin-access │ └── TemporaryAdminAccess20240305.json ├── .github ├── workflows │ └── greetings.yml ├── CODEOWNERS └── ISSUE_TEMPLATE │ ├── feature-request.md │ └── bug-report.md ├── LICENSE.txt └── README.md /workflows/assign-roles-using-forms/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /workflows/emergency-termination/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /workflows/new-hire-additional-info/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /workflows/request-response-trigger/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /workflows/manage-service-now-ticket/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /workflows/run-unoptomized-aggregation/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /workflows/account-aggregation-failed-notification/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /workflows/scheduled-full-source-aggregation-delta/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /workflows/delayed-deprovisioning-of-birthright-role-on-mover/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /workflows/account-aggregation-failed-notification/README.md: -------------------------------------------------------------------------------- 1 | Account Aggregation Failed Notification 2 | 3 | This workflow sends out an email notification to the Source admin whenever source aggregation fails. 4 | 5 | Please modify the Source Name and Recipient Email address in the workflow. -------------------------------------------------------------------------------- /workflows/new-hire-additional-info/README.md: -------------------------------------------------------------------------------- 1 | New Hire Additional Info 2 | 3 | This workflow sends an onboarding form to the manager for filing in additional info about a new hire. This workflow demonstrates the use of all types pf Form attributes, it's Input and Conditions. 4 | 5 | Please modify the Form receipient and the receipent email address in the Send Email action. 6 | -------------------------------------------------------------------------------- /workflows/manage-service-now-ticket/README.md: -------------------------------------------------------------------------------- 1 | Managing Service Now Tickets from Workflows 2 | 3 | There are two workflows : 4 | 5 | 1. Manage Managing Service Now Tickets from Workflows & 6 | 2. Managing Service Now Tickets from Workflows using HTTP Request 7 | 8 | For more details about this workflow please refer this blog: 9 | https://developer.sailpoint.com/discuss/t/managing-service-now-tickets-in-workflows/14420 -------------------------------------------------------------------------------- /workflows/run-unoptomized-aggregation/README.md: -------------------------------------------------------------------------------- 1 | Run Unoptimized Aggregation 2 | 3 | This workflows uses an HTTP Request to call load Accounts API to run an unoptized aggregation for a source. 4 | 5 | Please modify: 6 | 1. Modify the scheduled trigger time based on your needs. 7 | 2. The tenant name, client ID, secret and source ID in HTTP Request action. 8 | 3. The receipient email address in Send Email action. 9 | 10 | Note: This HTTP Request URL will have to be modified once we receive a V3 or a BETA API replacement for loadAccounts CC API. -------------------------------------------------------------------------------- /workflows/emergency-termination/README.md: -------------------------------------------------------------------------------- 1 | Emergency Terminations 2 | 3 | This workflow can be invoked from any target system (eg SAP) that supports API calls. Once triggered it will disable the identity access and target account (eg. AD) immediately. You will have to modify the workflow to populate the actual workflow ID in the trigger and also modify any source ids as required in the Manage Accounts step. 4 | 5 | For more details about this workflow please refer this blog: 6 | https://developer.sailpoint.com/discuss/t/emergency-terminations-of-identities-using-identitynow/12827 -------------------------------------------------------------------------------- /.github/workflows/greetings.yml: -------------------------------------------------------------------------------- 1 | name: Greetings 2 | 3 | on: [pull_request_target, issues] 4 | 5 | jobs: 6 | greeting: 7 | runs-on: ubuntu-latest 8 | permissions: 9 | issues: write 10 | pull-requests: write 11 | steps: 12 | - uses: actions/first-interaction@v1 13 | with: 14 | repo-token: ${{ secrets.GITHUB_TOKEN }} 15 | issue-message: "🎉 Thanks for opening your first issue here! Welcome to the community!" 16 | pr-message: "🎉 Thanks for opening this pull request! We really appreciate contributors like you! 🙌" 17 | -------------------------------------------------------------------------------- /workflows/assign-roles-using-forms/README.md: -------------------------------------------------------------------------------- 1 | Assign Roles using Forms 2 | 3 | This workflow sends a form to the manager for selecting roles that can/need to be added to a new hire user. Once he submits the form, tho selected roles are provisioned to the user. If there is no approval scheme setup they will be auto approved and provisioned. If there is an approval scheme defined for the roles, an access request will be started and notification will be sent out to the first approver. Once access request is approved, the role will be provisioned. 4 | 5 | Please modify the receipient email address in Send Email action in the workflow. 6 | -------------------------------------------------------------------------------- /workflows/scheduled-full-source-aggregation-delta/README.md: -------------------------------------------------------------------------------- 1 | Scheduled Full Source Aggregation for source that supports Delta Aggregation 2 | 3 | This workflows runs a scheduled full source aggregation for a source enabled for delta aggregation. It uses HTTP Request to disable delta aggregation, then run a full aggregation for the source and finally reinstate the delta aggregation flag to true. 4 | 5 | Please modify: 6 | 1. Modify the scheduled trigger time based on your needs. 7 | 2. The tenant name, client ID, secret and source ID in HTTP Request actions. 8 | 3. Add a Send Email action if an Admin notification is required. 9 | 10 | Note: This HTTP Request URL will have to be modified once we receive a V3 or a BETA API replacement for loadAccounts CC API. -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | workflows/request-response-trigger @colin-mckibben-sp 2 | workflows/manage-service-now-ticket @iam-sharvari 3 | workflows/emergency-termination @iam-sharvari 4 | workflows/scheduled-full-source-aggregation-delta @iam-sharvari 5 | workflows/run-unoptomized-aggregation @iam-sharvari 6 | workflows/account-aggregation-failed-notification @iam-sharvari 7 | workflows/assign-roles-using-forms @iam-sharvari 8 | workflows/new-hire-additional-info @iam-sharvari 9 | workflows/reassign-object-owners @colin-mckibben-sp 10 | workflows/assign-roles-using-forms @iam-sharvari 11 | workflows/new-hire-additional-info @iam-sharvari 12 | workflows/temporary-admin-access @colin-mckibben-sp 13 | workflows/delayed-deprovisioning-of-birthright-role-on-mover @ruben-elizondo-sp 14 | workflows/fasttrack-identity-onboarding @iam-sharvari 15 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature-request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature Request 3 | about: Suggest an idea for this project. 4 | title: "[FEATURE] Your Feature Request Here " 5 | labels: enhancement 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like.** 14 | A clear and concise description of what you want to happen. Ex. It would be nice if [...] 15 | 16 | **Describe alternatives you've considered.** 17 | A clear and concise description of any alternative solutions or features you've considered. Ex. I have seen similar features on [...] 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /workflows/fasttrack-identity-onboarding/README.md: -------------------------------------------------------------------------------- 1 | Fast Track Identity Onboarding 2 | 3 | These workflows will help you fast track Identity onboarding in Identity Security Cloud. 4 | 5 | Workflow 1 - FastTrackUserOnboarding.json 6 | Sends a form (User Onboarding Form.json) to the manager to collect information and sends back email notification with response. 7 | 8 | Workflow 2 - UserOnboardingServiceNowRequests.json 9 | Receives form submitted by manager and based on the repsonse, creates Service Now ticket 10 | 11 | Workflow 3 - UserOnboardingAssignRoles.json 12 | Receives form submitted by manager and based on the repsonse, requests roles for the user. 13 | 14 | 15 | 16 | For more details about this form and workflow please refer to the blog here: 17 | https://developer.sailpoint.com/discuss/t/fast-track-identity-onboarding/50793 18 | 19 | PS - To import the form into your tenant you may have to remove the image tags from it. 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug Report 3 | about: Create a report to help us improve. 4 | title: "[BUG] Your Bug Report Here" 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Operating System (please complete the following information):** 27 | - OS: [e.g. Windows 10 19044.1889, Ubuntu 18.04, Mac OS Monterey 12.4] 28 | - CLI Environment [e.g. Command Prompt, Powershell, Terminal] 29 | - Version [e.g. 1.04] 30 | 31 | **Additional context** 32 | Add any other context about the problem here. 33 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 SailPoint 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /workflows/request-response-trigger/AccessRequestPreapproval.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Access Request Preapproval", 3 | "description": "Receive and respond to the access request preapproval event trigger. This workflow does preliminary processing on every access request to automatically determine if it should move on to the next approver in the chain or if it should fail immediately.", 4 | "modified": "2023-04-13T16:30:07.903067305Z", 5 | "definition": { 6 | "start": "HTTP Request", 7 | "steps": { 8 | "HTTP Request": { 9 | "actionId": "sp:http", 10 | "attributes": { 11 | "authenticationType": null, 12 | "jsonRequestBody": { 13 | "output": { 14 | "approved": true, 15 | "approver": "Workflow", 16 | "comment": "This access has passed workflow approval." 17 | }, 18 | "secret": "{{$.trigger._metadata.secret}}" 19 | }, 20 | "method": "post", 21 | "requestContentType": "json", 22 | "url.$": "$.trigger._metadata.callbackURL" 23 | }, 24 | "nextStep": "success", 25 | "type": "action", 26 | "versionNumber": 2 27 | }, 28 | "success": { 29 | "type": "success" 30 | } 31 | } 32 | }, 33 | "trigger": { 34 | "type": "EXTERNAL", 35 | "attributes": { 36 | "clientId": "862aa98b-f39b-490c-97af-49d23ad18102", 37 | "url": "/beta/workflows/execute/external/a0e1c956-556c-4c2f-9c19-82ae9b71e1dc" 38 | } 39 | } 40 | } -------------------------------------------------------------------------------- /workflows/account-aggregation-failed-notification/AccountAggregationFailedNotification.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Account Aggregation Failed Notification", 3 | "description": "Account Aggregation Failed Notification", 4 | "definition": { 5 | "start": "Compare Strings", 6 | "steps": { 7 | "Compare Strings": { 8 | "choiceList": [ 9 | { 10 | "comparator": "StringEquals", 11 | "nextStep": "Send Email", 12 | "variableA.$": "$.trigger.status", 13 | "variableB": "Error" 14 | } 15 | ], 16 | "defaultStep": "End Step — Success 1", 17 | "description": "Check if aggregation status equals failed", 18 | "type": "choice" 19 | }, 20 | "End Step — Success": { 21 | "type": "success" 22 | }, 23 | "End Step — Success 1": { 24 | "description": "Aggregation Completed Successfully without any Errors", 25 | "type": "success" 26 | }, 27 | "Send Email": { 28 | "actionId": "sp:send-email", 29 | "attributes": { 30 | "body": "Hi,

Account Aggregation for Source ${sourceName} has Failed.
Aggregation Start Time : ${startTime}
Aggregation Completion Time ${completedTime}.

Thank you,
IAM Team", 31 | "context": { 32 | "completedTime.$": "$.trigger.completed", 33 | "sourceName.$": "$.trigger.source.name", 34 | "startTime.$": "$.trigger.started" 35 | }, 36 | "recipientEmailList": [ 37 | "sshah@sshah.com" 38 | ], 39 | "subject": "ALERT: {{$.trigger.source.name}} source aggregation has Failed" 40 | }, 41 | "description": "Notify the Source Admin of Source aggregation failure", 42 | "nextStep": "End Step — Success", 43 | "type": "action", 44 | "versionNumber": 2 45 | } 46 | } 47 | }, 48 | "trigger": { 49 | "type": "EVENT", 50 | "attributes": { 51 | "filter.$": "$[?(@.source.name ==\"Active Directory\")]", 52 | "id": "idn:account-aggregation-completed" 53 | } 54 | } 55 | } -------------------------------------------------------------------------------- /workflows/delayed-deprovisioning-of-birthright-role-on-mover/README.md: -------------------------------------------------------------------------------- 1 | **Configuration** 2 | 3 | Form 4 | VS Code: 5 | 6 | 1. Navigate to the project directory, right-click on the 'forms' section, and select "import". 7 | 2. Choose the file you downloaded from this page, "Form - Delayed Birthright Role DeProvisioning.json". 8 | 9 | Log in to the Environment and Update the Owner 10 | 11 | Workflow 12 | 1. Open the file "Workflow - Delayed Birthright Role DeProvisioining on Transfer.json" and replace the tokens in the file. 13 | 14 | URLs 15 | 16 | - %%API_URL%% (e.g. https://company1983-poc.api.identitynow-demo.com) 17 | 18 | Oauth Client Tokens 19 | 20 | - %%OAUTH_CLIENT_ID%% 21 | 22 | Admin Email (for emailing on failed provisioning events) 23 | 24 | - %%ADMIN_EMAIL%% 25 | 26 | Import 27 | 28 | UI Option: Workflows > New Workflow > Upload File 29 | 30 | VS Code option: In project directory, right click Workflows section and choose "import" and choose the file you just updated. 31 | 32 | Update Client Secret 33 | 34 | UI Option: Open Workflow > Edit in Builder > update client secret in the following steps: 35 | 36 | 1. Get Identity History Snapshots 37 | 2. Get Removed Roles 38 | 3. Make Role Requestable 39 | 4. Make Role Unrequestable 40 | 41 | VS Code Option 42 | 43 | Locate and replace “oAuthClientSecret” key occurrences (total of four times), inserting your client secret value accordingly. Note that this secret will not encrypt until you make modifications via UI & save. 44 | 45 | Additional Details 46 | 47 | - For more than one role, an access request would be created for each role. 48 | - Typically, birthright roles are configured as non-requestable. This workflow loops through each role designated for an extension and modifies the role status to requestable. This temporarily allows for role assignment with an expiration date before immediately reverting the role back to being non-requestable, therefore securing system integrity. 49 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | [![Discourse Topics][discourse-shield]][discourse-url] 3 | [![Issues][issues-shield]][issues-url] 4 | [![Contributor Shield][contributor-shield]][contributors-url] 5 | 6 | [discourse-shield]: https://img.shields.io/discourse/topics?server=https%3A%2F%2Fdeveloper.sailpoint.com%2Fdiscuss&link=https%3A%2F%2Fdeveloper.sailpoint.com%2Fdiscuss%2Fc%2Fcolab%2Fcolab-workflows%2F60 7 | [discourse-url]: https://developer.sailpoint.com/discuss/c/colab/colab-workflows/60 8 | [issues-shield]:https://img.shields.io/github/issues/sailpoint-oss/colab-workflows?label=Issues 9 | [issues-url]:https://github.com/sailpoint-oss/colab-workflows/issues 10 | [contributor-shield]:https://img.shields.io/github/contributors/sailpoint-oss/colab-workflows?label=Contributors 11 | [contributors-url]:https://github.com/sailpoint-oss/colab-workflows/graphs/contributors 12 | 13 | # Developer Community CoLab - Workflows 14 | 15 | [Explore all Workflows in the CoLab »](https://developer.sailpoint.com/discuss/c/colab/colab-workflows/60) 16 | 17 | [New to the CoLab? Click here »](https://developer.sailpoint.com/discuss/t/about-the-sailpoint-developer-community-colab/11230) 18 | 19 | 20 | ## Contributing 21 | 22 | Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**. 23 | 24 | If you have a suggestion that would make a workflow in this repository better, please fork the repo and create a pull request for the workflow you want to contribute to. You can also simply open an issue with the tag `enhancement`. 25 | Don't forget to give the project a star! Thanks again! 26 | 27 | 1. Fork the Project 28 | 2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`) 29 | 3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`) 30 | 4. Push to the Branch (`git push origin feature/AmazingFeature`) 31 | 5. Open a Pull Request 32 | 33 |

(back to top)

34 | 35 | 36 | ## License 37 | 38 | Distributed under the MIT License. See `LICENSE.txt` for more information. 39 | 40 |

(back to top)

41 | 42 | 43 | ## Discuss 44 | [Click Here](https://developer.sailpoint.com/discuss/new-topic?title=Your%20CoLab%20question%20title&body=Your%20CoLab%20question%20body%20here&category_id=2&tags=colab) to discuss the CoLab with other users. 45 | 46 |

(back to top)

47 | -------------------------------------------------------------------------------- /workflows/fasttrack-identity-onboarding/UserOnboardingAssignRoles.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "User Onboarding Assign Roles", 3 | "description": "User Onboarding Assign Roles to a user via Forms Selection", 4 | "definition": { 5 | "start": "Verify Data Type", 6 | "steps": { 7 | "End Step — Success": { 8 | "type": "success" 9 | }, 10 | "Get Identity": { 11 | "actionId": "sp:get-identity", 12 | "attributes": { 13 | "id.$": "$.getListOfIdentities.identities[0].id" 14 | }, 15 | "nextStep": "Loop", 16 | "type": "action", 17 | "versionNumber": 2 18 | }, 19 | "Get List of Identities": { 20 | "actionId": "sp:get-identities", 21 | "attributes": { 22 | "inputQuery": "attributes.identificationNumber.exact:{{$.trigger.formData.employeeNumber}}", 23 | "searchBy": "searchQuery" 24 | }, 25 | "nextStep": "Get Identity", 26 | "type": "action", 27 | "versionNumber": 2 28 | }, 29 | "Loop": { 30 | "actionId": "sp:loop:iterator", 31 | "attributes": { 32 | "context.$": "$.getIdentity", 33 | "input.$": "$.trigger.formData.roles", 34 | "start": "Manage Access", 35 | "steps": { 36 | "End Step — Success 1": { 37 | "type": "success" 38 | }, 39 | "Manage Access": { 40 | "actionId": "sp:access:manage", 41 | "attributes": { 42 | "addIdentities.$": "$.loop.context.id", 43 | "comments": "Providing additional access as requested by manager", 44 | "removeIdentity.$": "$.getIdentity.id", 45 | "requestType": "GRANT_ACCESS", 46 | "requestedItems": [ 47 | { 48 | "id": "{{$.loop.loopInput}}", 49 | "type": "ROLE" 50 | } 51 | ] 52 | }, 53 | "nextStep": "End Step — Success 1", 54 | "type": "action", 55 | "versionNumber": 1 56 | } 57 | } 58 | }, 59 | "nextStep": "End Step — Success", 60 | "type": "action", 61 | "versionNumber": 1 62 | }, 63 | "Verify Data Type": { 64 | "choiceList": [ 65 | { 66 | "comparator": "IsPresent", 67 | "nextStep": "Get List of Identities", 68 | "variableA.$": "$.trigger.formData.roles" 69 | } 70 | ], 71 | "defaultStep": "End Step — Success", 72 | "description": "Verify Roles have been selected by manager", 73 | "displayName": "", 74 | "type": "choice" 75 | } 76 | } 77 | }, 78 | "trigger": { 79 | "type": "EVENT", 80 | "attributes": { 81 | "formDefinitionId": "5e1810c7-cf38-4d1a-bedf-e6326248840f", 82 | "id": "sp:form-submitted" 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /workflows/run-unoptomized-aggregation/RunUnoptimizedAggregation.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Run Unoptimized Aggregation", 3 | "description": "Run Unoptimized Aggregation", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "Compare Numbers": { 8 | "choiceList": [ 9 | { 10 | "comparator": "NumericEquals", 11 | "nextStep": "Send Email", 12 | "variableA.$": "$.hTTPRequest.statusCode", 13 | "variableB": 202 14 | } 15 | ], 16 | "defaultStep": "Send Email 1", 17 | "type": "choice" 18 | }, 19 | "HTTP Request": { 20 | "actionId": "sp:http", 21 | "attributes": { 22 | "authenticationType": "OAuth", 23 | "formRequestBody": "disableOptimization:true", 24 | "method": "post", 25 | "oAuthClientId": "", 26 | "oAuthClientSecret": "", 27 | "oAuthCredentialLocation": "oAuthInHeader", 28 | "oAuthTokenUrl": "https://tenant.api.identitynow-demo.com/oauth/token", 29 | "requestContentType": "form", 30 | "url": "https://tenant.api.identitynow.com/beta/sources/:id/load-accounts" 31 | }, 32 | "description": "Run unoptimized aggregation", 33 | "nextStep": "Compare Numbers", 34 | "type": "action", 35 | "versionNumber": 2 36 | }, 37 | "Send Email": { 38 | "actionId": "sp:send-email", 39 | "attributes": { 40 | "body": "Unoptimized Aggregation for Active Directory has been completed..
IAM Team", 41 | "context": {}, 42 | "from": null, 43 | "recipientEmailList": [ 44 | "sshah@sshah.com" 45 | ], 46 | "subject": "Run Unoptimized Aggregation" 47 | }, 48 | "description": "Run Unoptimized Aggregations", 49 | "nextStep": "success", 50 | "type": "action", 51 | "versionNumber": 2 52 | }, 53 | "Send Email 1": { 54 | "actionId": "sp:send-email", 55 | "attributes": { 56 | "body": "Unoptimized Aggregation for Active Directory has Failed.
IAM Team", 57 | "context": {}, 58 | "from": null, 59 | "recipientEmailList": [ 60 | "sbharatiya@cybersolve.com" 61 | ], 62 | "subject": "Run Unoptimized Aggregation" 63 | }, 64 | "description": "Run Unoptimized Aggregation Failed", 65 | "nextStep": "success", 66 | "type": "action", 67 | "versionNumber": 2 68 | }, 69 | "success": { 70 | "description": "End", 71 | "type": "success" 72 | } 73 | } 74 | }, 75 | "trigger": { 76 | "type": "SCHEDULED", 77 | "attributes": { 78 | "cronString": "0 15 * * 6", 79 | "frequency": "weekly", 80 | "timeZone": "US/Eastern", 81 | "weeklyDays": [ 82 | "Saturday" 83 | ], 84 | "weeklyTimes": [ 85 | "1969-12-31T20:30:00.000Z" 86 | ] 87 | } 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /workflows/request-response-trigger/UpdateAccessRequestPreapprovalAccessToken.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Update Access Request Preapproval Access Token", 3 | "description": "", 4 | "modified": "2023-04-18T14:10:36.785966514Z", 5 | "definition": { 6 | "start": "HTTP Request", 7 | "steps": { 8 | "HTTP Request": { 9 | "actionId": "sp:http", 10 | "attributes": { 11 | "authenticationType": null, 12 | "method": "post", 13 | "url": "https://{tenant}.api.identitynow.com/oauth/token", 14 | "urlParams": { 15 | "client_id": "862aa98b-f39b-490c-xxx-xxxxx", 16 | "client_secret": "6ebf9b15xxxxxx", 17 | "grant_type": "client_credentials" 18 | } 19 | }, 20 | "nextStep": "HTTP Request 1", 21 | "type": "action", 22 | "versionNumber": 2 23 | }, 24 | "HTTP Request 1": { 25 | "actionId": "sp:http", 26 | "attributes": { 27 | "authenticationType": "OAuth", 28 | "jsonPatchRequestBody": [ 29 | { 30 | "op": "replace", 31 | "path": "/httpConfig/bearerTokenAuthConfig/bearerToken", 32 | "value": "{{$.hTTPRequest.body.access_token}}" 33 | } 34 | ], 35 | "jsonRequestBody": { 36 | "description": "", 37 | "enabled": true, 38 | "httpConfig": { 39 | "basicAuthConfig": null, 40 | "bearerTokenAuthConfig": { 41 | "bearerToken": "{{$.hTTPRequest.body.access_token}}" 42 | }, 43 | "httpAuthenticationType": "BEARER_TOKEN", 44 | "httpDispatchMode": "ASYNC", 45 | "url": "https://{tenant}.api.identitynow.com/beta/workflows/execute/external/{id}" 46 | }, 47 | "name": "Workflow", 48 | "responseDeadline": "PT1H", 49 | "triggerId": "idn:access-request-pre-approval", 50 | "triggerName": "Access Request Submitted", 51 | "type": "HTTP" 52 | }, 53 | "method": "patch", 54 | "oAuthClientId": "1758c03fdbf64401876f69b6c6e2c7b7", 55 | "oAuthClientSecret": "$.secrets.5919bcbf-8f1d-4d96-9747-63634446ff10", 56 | "oAuthCredentialLocation": "oAuthInHeader", 57 | "oAuthTokenUrl": "https://devrel.api.identitynow.com/oauth/token", 58 | "requestContentType": "json-patch+json", 59 | "url": "https://{tenant}.api.identitynow.com/beta/trigger-subscriptions/{id}" 60 | }, 61 | "nextStep": "success", 62 | "type": "action", 63 | "versionNumber": 2 64 | }, 65 | "success": { 66 | "type": "success" 67 | } 68 | } 69 | }, 70 | "trigger": { 71 | "type": "SCHEDULED", 72 | "attributes": { 73 | "cronString": "0 0 * * 0", 74 | "frequency": "weekly", 75 | "timeZone": "America/New_York", 76 | "weeklyDays": [ 77 | "Sunday" 78 | ], 79 | "weeklyTimes": [ 80 | "00:00" 81 | ] 82 | } 83 | } 84 | } -------------------------------------------------------------------------------- /workflows/reassign-object-owners/ReassignWorkflows.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Reassign Workflows", 3 | "description": "Reassign all workflows belonging to one identity to another identity", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "End Step — Success 1": { 8 | "type": "success" 9 | }, 10 | "HTTP Request": { 11 | "actionId": "sp:http", 12 | "attributes": { 13 | "authenticationType": "OAuth", 14 | "method": "get", 15 | "oAuthClientId": "", 16 | "oAuthClientSecret": "", 17 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 18 | "url": "https://{tenant}.api.identitynow.com/beta/workflows" 19 | }, 20 | "nextStep": "Loop", 21 | "type": "action", 22 | "versionNumber": 2 23 | }, 24 | "Loop": { 25 | "actionId": "sp:loop:iterator", 26 | "attributes": { 27 | "context.$": "$.trigger", 28 | "input.$": "$.hTTPRequest.body", 29 | "start": "Compare Strings", 30 | "steps": { 31 | "Compare Strings": { 32 | "choiceList": [ 33 | { 34 | "comparator": "StringEquals", 35 | "nextStep": "HTTP Request 1", 36 | "variableA.$": "$.loop.loopInput.owner.id", 37 | "variableB.$": "$.loop.context.previousOwnerId" 38 | } 39 | ], 40 | "defaultStep": "End Step — Success", 41 | "type": "choice" 42 | }, 43 | "End Step — Success": { 44 | "type": "success" 45 | }, 46 | "End Step — Success 2": { 47 | "type": "success" 48 | }, 49 | "HTTP Request 1": { 50 | "actionId": "sp:http", 51 | "attributes": { 52 | "authenticationType": "OAuth", 53 | "jsonPatchRequestBody": [ 54 | { 55 | "op": "replace", 56 | "path": "/owner", 57 | "value": { 58 | "id": "{{$.loop.context.newOwnerId}}", 59 | "type": "IDENTITY" 60 | } 61 | } 62 | ], 63 | "method": "patch", 64 | "oAuthClientId": "", 65 | "oAuthClientSecret": "", 66 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 67 | "requestContentType": "json-patch+json", 68 | "url": "https://{tenant}.api.identitynow.com/beta/workflows/{{$.loop.loopInput.id}}" 69 | }, 70 | "nextStep": "End Step — Success 2", 71 | "type": "action", 72 | "versionNumber": 2 73 | } 74 | } 75 | }, 76 | "nextStep": "End Step — Success 1", 77 | "type": "action", 78 | "versionNumber": 1 79 | } 80 | } 81 | }, 82 | "trigger": { 83 | "type": "EXTERNAL", 84 | "attributes": { 85 | "clientId": "", 86 | "description": "Accepts the following input\n\n{\n \"previousOwnerId\": \"{identity ID}\",\n \"newOwnerId\": \"{identity ID}\n}", 87 | "url": "" 88 | } 89 | } 90 | } -------------------------------------------------------------------------------- /workflows/reassign-object-owners/ReassignGovernanceGroups.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Reassign Governance Groups", 3 | "description": "Reassign all governance groups belonging to one identity to another identity.", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "End Step — Success 1": { 8 | "type": "success" 9 | }, 10 | "HTTP Request": { 11 | "actionId": "sp:http", 12 | "attributes": { 13 | "authenticationType": "OAuth", 14 | "method": "get", 15 | "oAuthClientId": "", 16 | "oAuthClientSecret": "", 17 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 18 | "url": "https://{tenant}.api.identitynow.com/beta/workgroups?limit=100&offset={{$.trigger.offset}}&sorters=name" 19 | }, 20 | "nextStep": "Loop", 21 | "type": "action", 22 | "versionNumber": 2 23 | }, 24 | "Loop": { 25 | "actionId": "sp:loop:iterator", 26 | "attributes": { 27 | "context.$": "$.trigger", 28 | "input.$": "$.hTTPRequest.body", 29 | "start": "Compare Strings", 30 | "steps": { 31 | "Compare Strings": { 32 | "choiceList": [ 33 | { 34 | "comparator": "StringEquals", 35 | "nextStep": "HTTP Request 1", 36 | "variableA.$": "$.loop.loopInput.owner.id", 37 | "variableB.$": "$.loop.context.previousOwnerId" 38 | } 39 | ], 40 | "defaultStep": "End Step — Success", 41 | "type": "choice" 42 | }, 43 | "End Step — Success": { 44 | "type": "success" 45 | }, 46 | "End Step — Success 2": { 47 | "type": "success" 48 | }, 49 | "HTTP Request 1": { 50 | "actionId": "sp:http", 51 | "attributes": { 52 | "authenticationType": "OAuth", 53 | "jsonPatchRequestBody": [ 54 | { 55 | "op": "replace", 56 | "path": "/owner", 57 | "value": { 58 | "id": "{{$.loop.context.newOwnerId}}" 59 | } 60 | } 61 | ], 62 | "method": "patch", 63 | "oAuthClientId": "", 64 | "oAuthClientSecret": "", 65 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 66 | "requestContentType": "json-patch+json", 67 | "url": "https://{tenant}.api.identitynow.com/beta/workgroups/{{$.loop.loopInput.id}}" 68 | }, 69 | "nextStep": "End Step — Success 2", 70 | "type": "action", 71 | "versionNumber": 2 72 | } 73 | } 74 | }, 75 | "nextStep": "End Step — Success 1", 76 | "type": "action", 77 | "versionNumber": 1 78 | } 79 | } 80 | }, 81 | "trigger": { 82 | "type": "EXTERNAL", 83 | "attributes": { 84 | "clientId": "", 85 | "description": "Accepts the following payload:\n{\n \"previousOwnerId\": \"{identity ID}\",\n \"newOwnerId\": \"{identity ID}\",\n \"offset\": 0\n}", 86 | "url": "" 87 | } 88 | } 89 | } -------------------------------------------------------------------------------- /workflows/reassign-object-owners/ReassignIdentityProfiles.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Reassign Identity Profiles", 3 | "description": "Reassign all identity profiles belonging to one identity to another identity.", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "End Step — Success 1": { 8 | "type": "success" 9 | }, 10 | "HTTP Request": { 11 | "actionId": "sp:http", 12 | "attributes": { 13 | "authenticationType": "OAuth", 14 | "method": "get", 15 | "oAuthClientId": "", 16 | "oAuthClientSecret": "", 17 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 18 | "url": "https://{tenant}.api.identitynow.com/v3/identity-profiles?limit=100&offset={{$.trigger.offset}}&sorters=name" 19 | }, 20 | "nextStep": "Loop", 21 | "type": "action", 22 | "versionNumber": 2 23 | }, 24 | "Loop": { 25 | "actionId": "sp:loop:iterator", 26 | "attributes": { 27 | "context.$": "$.trigger", 28 | "input.$": "$.hTTPRequest.body", 29 | "start": "Compare Strings", 30 | "steps": { 31 | "Compare Strings": { 32 | "choiceList": [ 33 | { 34 | "comparator": "StringEquals", 35 | "nextStep": "HTTP Request 1", 36 | "variableA.$": "$.loop.loopInput.owner.id", 37 | "variableB.$": "$.loop.context.previousOwnerId" 38 | } 39 | ], 40 | "defaultStep": "End Step — Success", 41 | "type": "choice" 42 | }, 43 | "End Step — Success": { 44 | "type": "success" 45 | }, 46 | "End Step — Success 2": { 47 | "type": "success" 48 | }, 49 | "HTTP Request 1": { 50 | "actionId": "sp:http", 51 | "attributes": { 52 | "authenticationType": "OAuth", 53 | "jsonPatchRequestBody": [ 54 | { 55 | "op": "replace", 56 | "path": "/owner", 57 | "value": { 58 | "id": "{{$.loop.context.newOwnerId}}" 59 | } 60 | } 61 | ], 62 | "method": "patch", 63 | "oAuthClientId": "", 64 | "oAuthClientSecret": "", 65 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 66 | "requestContentType": "json-patch+json", 67 | "url": "https://{tenant}.api.identitynow.com/beta/identity-profiles/{{$.loop.loopInput.id}}" 68 | }, 69 | "nextStep": "End Step — Success 2", 70 | "type": "action", 71 | "versionNumber": 2 72 | } 73 | } 74 | }, 75 | "nextStep": "End Step — Success 1", 76 | "type": "action", 77 | "versionNumber": 1 78 | } 79 | } 80 | }, 81 | "trigger": { 82 | "type": "EXTERNAL", 83 | "attributes": { 84 | "clientId": "", 85 | "description": "Accepts the following payload:\n{\n \"previousOwnerId\": \"{identity ID}\",\n \"newOwnerId\": \"{identity ID}\",\n \"offset\": 0\n}", 86 | "url": "" 87 | } 88 | } 89 | } -------------------------------------------------------------------------------- /workflows/reassign-object-owners/ReassignSources.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Reassign Sources", 3 | "description": "Reassign all sources belonging to one identity to a new identity.", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "End Step — Success": { 8 | "type": "success" 9 | }, 10 | "End Step — Success 1": { 11 | "type": "success" 12 | }, 13 | "HTTP Request": { 14 | "actionId": "sp:http", 15 | "attributes": { 16 | "authenticationType": "OAuth", 17 | "method": "get", 18 | "oAuthClientId": "", 19 | "oAuthClientSecret": "", 20 | "oAuthCredentialLocation": "oAuthInHeader", 21 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 22 | "url": "https://{tenant}.api.identitynow.com/v3/sources?filters=owner.id%20eq%20%22{{$.trigger.previousOwnerId}}%22&limit=1" 23 | }, 24 | "description": "Gets a single source owned by the previous identity.", 25 | "nextStep": "Verify Data Type", 26 | "type": "action", 27 | "versionNumber": 2 28 | }, 29 | "HTTP Request 1": { 30 | "actionId": "sp:http", 31 | "attributes": { 32 | "authenticationType": "OAuth", 33 | "jsonPatchRequestBody": [ 34 | { 35 | "op": "replace", 36 | "path": "/owner", 37 | "value": { 38 | "id": "{{$.trigger.newOwnerId}}" 39 | } 40 | } 41 | ], 42 | "method": "patch", 43 | "oAuthClientId": "", 44 | "oAuthClientSecret": "", 45 | "oAuthCredentialLocation": null, 46 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 47 | "requestContentType": "json-patch+json", 48 | "url": "https://{tenant}.api.identitynow.com/v3/sources/{{$.hTTPRequest.body[0].id}}" 49 | }, 50 | "description": "Update the source owner to the new owner.", 51 | "nextStep": "HTTP Request 2", 52 | "type": "action", 53 | "versionNumber": 2 54 | }, 55 | "HTTP Request 2": { 56 | "actionId": "sp:http", 57 | "attributes": { 58 | "authenticationType": "OAuth", 59 | "jsonRequestBody.$": "$.trigger", 60 | "method": "post", 61 | "oAuthClientId": "{Client ID of this workflow's External Trigger}", 62 | "oAuthClientSecret": "{Client Secret of this workflow's External Trigger}", 63 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 64 | "requestContentType": "json", 65 | "url": "{URL of this workflow's External Trigger}" 66 | }, 67 | "description": "Invoke this workflow again to reassign any remaining sources.", 68 | "nextStep": "End Step — Success 1", 69 | "type": "action", 70 | "versionNumber": 2 71 | }, 72 | "Verify Data Type": { 73 | "choiceList": [ 74 | { 75 | "comparator": "IsPresent", 76 | "nextStep": "HTTP Request 1", 77 | "variableA.$": "$.hTTPRequest.body[0]" 78 | } 79 | ], 80 | "defaultStep": "End Step — Success", 81 | "type": "choice" 82 | } 83 | } 84 | }, 85 | "trigger": { 86 | "type": "EXTERNAL", 87 | "attributes": { 88 | "clientId": "", 89 | "description": "Must use the following payload when invoking this trigger:\n{\n \"previousOwnerId\": \"{identity ID}\",\n \"newOwnerId\": \"{identity ID}\"\n}", 90 | "url": "" 91 | } 92 | } 93 | } -------------------------------------------------------------------------------- /workflows/reassign-object-owners/ReassignRoles.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Reassign Roles", 3 | "description": "Reassign all roles belonging to one identity to a new identity.", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "End Step — Success": { 8 | "type": "success" 9 | }, 10 | "End Step — Success 1": { 11 | "type": "success" 12 | }, 13 | "HTTP Request": { 14 | "actionId": "sp:http", 15 | "attributes": { 16 | "authenticationType": "OAuth", 17 | "method": "get", 18 | "oAuthClientId": "", 19 | "oAuthClientSecret": "", 20 | "oAuthCredentialLocation": "oAuthInHeader", 21 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 22 | "url": "https://{tenant}.api.identitynow.com/v3/roles?filters=owner.id%20eq%20%22{{$.trigger.previousOwnerId}}%22&limit=1" 23 | }, 24 | "description": "Gets a single role owned by the previous identity.", 25 | "nextStep": "Verify Data Type", 26 | "type": "action", 27 | "versionNumber": 2 28 | }, 29 | "HTTP Request 1": { 30 | "actionId": "sp:http", 31 | "attributes": { 32 | "authenticationType": "OAuth", 33 | "jsonPatchRequestBody": [ 34 | { 35 | "op": "replace", 36 | "path": "/owner", 37 | "value": { 38 | "id": "{{$.trigger.newOwnerId}}", 39 | "type": "IDENTITY" 40 | } 41 | } 42 | ], 43 | "method": "patch", 44 | "oAuthClientId": "", 45 | "oAuthClientSecret": "", 46 | "oAuthCredentialLocation": null, 47 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 48 | "requestContentType": "json-patch+json", 49 | "url": "https://{tenant}.api.identitynow.com/v3/roles/{{$.hTTPRequest.body[0].id}}" 50 | }, 51 | "description": "Update the role owner to the new owner.", 52 | "nextStep": "HTTP Request 2", 53 | "type": "action", 54 | "versionNumber": 2 55 | }, 56 | "HTTP Request 2": { 57 | "actionId": "sp:http", 58 | "attributes": { 59 | "authenticationType": "OAuth", 60 | "jsonRequestBody.$": "$.trigger", 61 | "method": "post", 62 | "oAuthClientId": "{Client ID of this workflow's External Trigger}", 63 | "oAuthClientSecret": "{Client Secret of this workflow's External Trigger}", 64 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 65 | "requestContentType": "json", 66 | "url": "{URL of this workflow's External Trigger}" 67 | }, 68 | "description": "Invoke this workflow again to reassign any remaining sources.", 69 | "nextStep": "End Step — Success 1", 70 | "type": "action", 71 | "versionNumber": 2 72 | }, 73 | "Verify Data Type": { 74 | "choiceList": [ 75 | { 76 | "comparator": "IsPresent", 77 | "nextStep": "HTTP Request 1", 78 | "variableA.$": "$.hTTPRequest.body[0]" 79 | } 80 | ], 81 | "defaultStep": "End Step — Success", 82 | "type": "choice" 83 | } 84 | } 85 | }, 86 | "trigger": { 87 | "type": "EXTERNAL", 88 | "attributes": { 89 | "clientId": "", 90 | "description": "Must use the following payload when invoking this trigger:\n{\n \"previousOwnerId\": \"{identity ID}\",\n \"newOwnerId\": \"{identity ID}\"\n}", 91 | "url": "" 92 | } 93 | } 94 | } -------------------------------------------------------------------------------- /workflows/reassign-object-owners/ReassignEntitlements.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Reassign Entitlements", 3 | "description": "Reassign all entitlements belonging to one identity to a new identity.", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "End Step — Success": { 8 | "type": "success" 9 | }, 10 | "End Step — Success 1": { 11 | "type": "success" 12 | }, 13 | "HTTP Request": { 14 | "actionId": "sp:http", 15 | "attributes": { 16 | "authenticationType": "OAuth", 17 | "method": "get", 18 | "oAuthClientId": "", 19 | "oAuthClientSecret": "", 20 | "oAuthCredentialLocation": "oAuthInHeader", 21 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 22 | "url": "https://{tenant}.api.identitynow.com/v3/entitlements?filters=owner.id%20eq%20%22{{$.trigger.previousOwnerId}}%22&limit=1" 23 | }, 24 | "description": "Gets a single entitlement owned by the previous identity.", 25 | "nextStep": "Verify Data Type", 26 | "type": "action", 27 | "versionNumber": 2 28 | }, 29 | "HTTP Request 1": { 30 | "actionId": "sp:http", 31 | "attributes": { 32 | "authenticationType": "OAuth", 33 | "jsonPatchRequestBody": [ 34 | { 35 | "op": "replace", 36 | "path": "/owner", 37 | "value": { 38 | "id": "{{$.trigger.newOwnerId}}", 39 | "type": "IDENTITY" 40 | } 41 | } 42 | ], 43 | "method": "patch", 44 | "oAuthClientId": "", 45 | "oAuthClientSecret": "", 46 | "oAuthCredentialLocation": null, 47 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 48 | "requestContentType": "json-patch+json", 49 | "url": "https://{tenant}.api.identitynow.com/v3/entitlements/{{$.hTTPRequest.body[0].id}}" 50 | }, 51 | "description": "Update the role owner to the new owner.", 52 | "nextStep": "HTTP Request 2", 53 | "type": "action", 54 | "versionNumber": 2 55 | }, 56 | "HTTP Request 2": { 57 | "actionId": "sp:http", 58 | "attributes": { 59 | "authenticationType": "OAuth", 60 | "jsonRequestBody.$": "$.trigger", 61 | "method": "post", 62 | "oAuthClientId": "{Client ID of this workflow's External Trigger}", 63 | "oAuthClientSecret": "{Client Secret of this workflow's External Trigger}", 64 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 65 | "requestContentType": "json", 66 | "url": "{URL of this workflow's External Trigger}" 67 | }, 68 | "description": "Invoke this workflow again to reassign any remaining sources.", 69 | "nextStep": "End Step — Success 1", 70 | "type": "action", 71 | "versionNumber": 2 72 | }, 73 | "Verify Data Type": { 74 | "choiceList": [ 75 | { 76 | "comparator": "IsPresent", 77 | "nextStep": "HTTP Request 1", 78 | "variableA.$": "$.hTTPRequest.body[0]" 79 | } 80 | ], 81 | "defaultStep": "End Step — Success", 82 | "type": "choice" 83 | } 84 | } 85 | }, 86 | "trigger": { 87 | "type": "EXTERNAL", 88 | "attributes": { 89 | "clientId": "", 90 | "description": "Must use the following payload when invoking this trigger:\n{\n \"previousOwnerId\": \"{identity ID}\",\n \"newOwnerId\": \"{identity ID}\"\n}", 91 | "url": "" 92 | } 93 | } 94 | } -------------------------------------------------------------------------------- /workflows/reassign-object-owners/ReassignAccessProfiles.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Reassign Access Profiles", 3 | "description": "Reassign all access profiles belonging to one identity to a new identity.", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "End Step — Success": { 8 | "type": "success" 9 | }, 10 | "End Step — Success 1": { 11 | "type": "success" 12 | }, 13 | "HTTP Request": { 14 | "actionId": "sp:http", 15 | "attributes": { 16 | "authenticationType": "OAuth", 17 | "method": "get", 18 | "oAuthClientId": "", 19 | "oAuthClientSecret": "", 20 | "oAuthCredentialLocation": "oAuthInHeader", 21 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 22 | "url": "https://{tenant}.api.identitynow.com/v3/access-profiles?filters=owner.id%20eq%20%22{{$.trigger.previousOwnerId}}%22&limit=1" 23 | }, 24 | "description": "Gets a single access profile owned by the previous identity.", 25 | "nextStep": "Verify Data Type", 26 | "type": "action", 27 | "versionNumber": 2 28 | }, 29 | "HTTP Request 1": { 30 | "actionId": "sp:http", 31 | "attributes": { 32 | "authenticationType": "OAuth", 33 | "jsonPatchRequestBody": [ 34 | { 35 | "op": "replace", 36 | "path": "/owner", 37 | "value": { 38 | "id": "{{$.trigger.newOwnerId}}", 39 | "type": "IDENTITY" 40 | } 41 | } 42 | ], 43 | "method": "patch", 44 | "oAuthClientId": "", 45 | "oAuthClientSecret": "", 46 | "oAuthCredentialLocation": null, 47 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 48 | "requestContentType": "json-patch+json", 49 | "url": "https://{tenant}.api.identitynow.com/v3/access-profiles/{{$.hTTPRequest.body[0].id}}" 50 | }, 51 | "description": "Update the role owner to the new owner.", 52 | "nextStep": "HTTP Request 2", 53 | "type": "action", 54 | "versionNumber": 2 55 | }, 56 | "HTTP Request 2": { 57 | "actionId": "sp:http", 58 | "attributes": { 59 | "authenticationType": "OAuth", 60 | "jsonRequestBody.$": "$.trigger", 61 | "method": "post", 62 | "oAuthClientId": "{Client ID of this workflow's External Trigger}", 63 | "oAuthClientSecret": "{Client Secret of this workflow's External Trigger}", 64 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 65 | "requestContentType": "json", 66 | "url": "{URL of this workflow's External Trigger}" 67 | }, 68 | "description": "Invoke this workflow again to reassign any remaining sources.", 69 | "nextStep": "End Step — Success 1", 70 | "type": "action", 71 | "versionNumber": 2 72 | }, 73 | "Verify Data Type": { 74 | "choiceList": [ 75 | { 76 | "comparator": "IsPresent", 77 | "nextStep": "HTTP Request 1", 78 | "variableA.$": "$.hTTPRequest.body[0]" 79 | } 80 | ], 81 | "defaultStep": "End Step — Success", 82 | "type": "choice" 83 | } 84 | } 85 | }, 86 | "trigger": { 87 | "type": "EXTERNAL", 88 | "attributes": { 89 | "clientId": "", 90 | "description": "Must use the following payload when invoking this trigger:\n{\n \"previousOwnerId\": \"{identity ID}\",\n \"newOwnerId\": \"{identity ID}\"\n}", 91 | "url": "" 92 | } 93 | } 94 | } -------------------------------------------------------------------------------- /workflows/assign-roles-using-forms/AssignRolesviaForms.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Assign Roles via Forms", 3 | "description": "Assign Roles to a user via Forms Selection", 4 | "definition": { 5 | "start": "Form", 6 | "steps": { 7 | "End Step — Success": { 8 | "type": "success" 9 | }, 10 | "Form": { 11 | "actionId": "sp:forms", 12 | "attributes": { 13 | "deadline": "7d", 14 | "formDefinitionId": "57e25357-e5d5-4ba0-a6ac-d3bb6520731d", 15 | "inputForForm_employeeName.$": "$.trigger.attributes.displayName", 16 | "inputForForm_employeeNumber.$": "$.trigger.attributes.employeeNumber", 17 | "notificationBody": "Hi,

Please use this form to assign additional roles to user - {{$.trigger.attributes.displayName}}.

Regards,
IAM Team", 18 | "notificationSubject": "Action: Role Assignment Required", 19 | "recipient": "bcae0dce3d7f4dac827e7853835882d1", 20 | "reminder": "2d", 21 | "reminderBody": "Hi,

Please use this form to assign additional roles to user - {{$.trigger.attributes.displayName}}.

Regards,
IAM Team" 22 | }, 23 | "description": "Form sent to Manager to select Role Assignemnt for user", 24 | "nextStep": "Send Email", 25 | "type": "action", 26 | "versionNumber": 1 27 | }, 28 | "Get Identity": { 29 | "actionId": "sp:get-identity", 30 | "attributes": { 31 | "id.$": "$.getListOfIdentities.identities[0].id" 32 | }, 33 | "nextStep": "Loop", 34 | "type": "action", 35 | "versionNumber": 2 36 | }, 37 | "Get List of Identities": { 38 | "actionId": "sp:get-identities", 39 | "attributes": { 40 | "inputQuery": "attributes.identificationNumber.exact:{{$.form.formData.employeeNumber}}", 41 | "searchBy": "searchQuery" 42 | }, 43 | "nextStep": "Get Identity", 44 | "type": "action", 45 | "versionNumber": 2 46 | }, 47 | "Loop": { 48 | "actionId": "sp:loop:iterator", 49 | "attributes": { 50 | "context.$": "$.getIdentity", 51 | "input.$": "$.form.formData.selectRoles", 52 | "start": "Manage Access", 53 | "steps": { 54 | "End Step — Success 1": { 55 | "type": "success" 56 | }, 57 | "Manage Access": { 58 | "actionId": "sp:access:manage", 59 | "attributes": { 60 | "addIdentities.$": "$.loop.context.id", 61 | "comments": "Providing additional access", 62 | "removeIdentity.$": "$.getIdentity.id", 63 | "requestType": "GRANT_ACCESS", 64 | "requestedItems": [ 65 | { 66 | "id": "{{$.loop.loopInput}}", 67 | "type": "ROLE" 68 | } 69 | ] 70 | }, 71 | "nextStep": "End Step — Success 1", 72 | "type": "action", 73 | "versionNumber": 1 74 | } 75 | } 76 | }, 77 | "nextStep": "End Step — Success", 78 | "type": "action", 79 | "versionNumber": 1 80 | }, 81 | "Send Email": { 82 | "actionId": "sp:send-email", 83 | "attributes": { 84 | "body": "{{$.form.formData.selectRoles}}", 85 | "context": {}, 86 | "recipientEmailList": [ 87 | "xxxxx@xxxxx.com" 88 | ], 89 | "subject": "Form Data" 90 | }, 91 | "nextStep": "Get List of Identities", 92 | "type": "action", 93 | "versionNumber": 2 94 | } 95 | } 96 | }, 97 | "trigger": { 98 | "type": "EVENT", 99 | "attributes": { 100 | "id": "idn:identity-created" 101 | } 102 | } 103 | } -------------------------------------------------------------------------------- /workflows/retry-failed-workflows/RetryFailedWorkflowsFormHandler.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Retry Failed Workflows: Form Handler", 3 | "description": "This workflow listens for the Retry Workflows Form to be submitted. It will then invoke the recursive retry workflow to process the failed executions.", 4 | "definition": { 5 | "start": "Get Identity", 6 | "steps": { 7 | "Define Variable": { 8 | "attributes": { 9 | "id": "sp:define-variable", 10 | "variables": [ 11 | { 12 | "description": "", 13 | "name": "startDate", 14 | "transforms": [ 15 | { 16 | "id": "sp:transform:substring:string", 17 | "input": { 18 | "length": 10, 19 | "start": 0 20 | } 21 | } 22 | ], 23 | "variableA.$": "$.trigger.formData.startDate" 24 | }, 25 | { 26 | "description": "", 27 | "name": "endDate", 28 | "transforms": [ 29 | { 30 | "id": "sp:transform:substring:string", 31 | "input": { 32 | "length": 10, 33 | "start": 0 34 | } 35 | } 36 | ], 37 | "variableA.$": "$.trigger.formData.endDate" 38 | } 39 | ] 40 | }, 41 | "displayName": "", 42 | "nextStep": "HTTP Request", 43 | "type": "Mutation" 44 | }, 45 | "End Step - Success": { 46 | "displayName": "", 47 | "type": "success" 48 | }, 49 | "Get Identity": { 50 | "actionId": "sp:get-identity", 51 | "attributes": { 52 | "id.$": "$.trigger.submittedBy.id" 53 | }, 54 | "description": "Get the email of the form submitter so they can be notified when the processing of failed executions starts.", 55 | "displayName": "Get Email of Form Submitter", 56 | "nextStep": "Define Variable", 57 | "type": "action", 58 | "versionNumber": 2 59 | }, 60 | "HTTP Request": { 61 | "actionId": "sp:http", 62 | "attributes": { 63 | "authenticationType": "OAuth", 64 | "jsonRequestBody": { 65 | "email": "{{$.getIdentity.attributes.email}}", 66 | "end": "{{$.defineVariable.endDate}}T{{$.trigger.formData.endTime}}Z", 67 | "start": "{{$.defineVariable.startDate}}T{{$.trigger.formData.startTime}}Z", 68 | "workflowId": "{{$.trigger.formData.workflowId}}" 69 | }, 70 | "method": "post", 71 | "oAuthClientId": "128f6d07-8b68-468c-be14-876648c2c12d", 72 | "oAuthClientSecret": "$.secrets.dd3a3a87-281d-4feb-897a-10ac94320b45", 73 | "oAuthTokenUrl": "https://devrel.api.identitynow.com/oauth/token", 74 | "requestContentType": "json", 75 | "url": "https://devrel.api.identitynow.com/beta/workflows/execute/external/ba067050-3a26-4bda-995d-55717da4ebeb" 76 | }, 77 | "description": "Invoke the recursive workflow to retry all failed executions for the given workflow within the start and end date.", 78 | "displayName": "Start Processing", 79 | "nextStep": "Send Email", 80 | "type": "action", 81 | "versionNumber": 2 82 | }, 83 | "Send Email": { 84 | "actionId": "sp:send-email", 85 | "attributes": { 86 | "body": "Your request to retry failed workflows for workflow {{$.trigger.formData.workflowId}} between the dates {{$.defineVariable.startDate}}T{{$.trigger.formData.startTime}}Z and {{$.defineVariable.endDate}}T{{$.trigger.formData.endTime}}Z has begun. You will be notified once all failed workflows have been retried.", 87 | "context": {}, 88 | "recipientEmailList.$": "$.getIdentity.attributes.email", 89 | "subject": "Started retrying failed workflows" 90 | }, 91 | "description": "Only notify the form submitter after the processing starts, just in case the request to start processing fails.", 92 | "displayName": "Notify Form Submitter", 93 | "nextStep": "End Step - Success", 94 | "type": "action", 95 | "versionNumber": 2 96 | } 97 | } 98 | }, 99 | "trigger": { 100 | "type": "EVENT", 101 | "attributes": { 102 | "description": "Listen for the Retry Failed Workflows form", 103 | "filter.$": "$[?(@.formDefinitionId == '77b0f669-d299-4119-ac10-0ab807b8f4ef')]", 104 | "formDefinitionId": "77b0f669-d299-4119-ac10-0ab807b8f4ef", 105 | "id": "sp:form-submitted" 106 | } 107 | } 108 | } -------------------------------------------------------------------------------- /workflows/scheduled-full-source-aggregation-delta/ScheduledFullSourceAggregation.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Full Source Aggregation", 3 | "description": "Run a scheduled full source aggregation for a source enabled for delta aggregation", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "Compare Numbers": { 8 | "choiceList": [ 9 | { 10 | "comparator": "NumericEquals", 11 | "nextStep": "HTTP Request 1", 12 | "variableA.$": "$.hTTPRequest.statusCode", 13 | "variableB": 200 14 | } 15 | ], 16 | "defaultStep": "End Step — Success", 17 | "description": null, 18 | "type": "choice" 19 | }, 20 | "Compare Numbers 1": { 21 | "choiceList": [ 22 | { 23 | "comparator": "NumericEquals", 24 | "nextStep": "HTTP Request 2", 25 | "variableA.$": "$.hTTPRequest1.statusCode", 26 | "variableB": 200 27 | } 28 | ], 29 | "defaultStep": "End Step — Success", 30 | "description": null, 31 | "type": "choice" 32 | }, 33 | "Compare Numbers 2": { 34 | "choiceList": [ 35 | { 36 | "comparator": "NumericEquals", 37 | "nextStep": "End Step — Success", 38 | "variableA.$": "$.hTTPRequest2.statusCode", 39 | "variableB": 200 40 | } 41 | ], 42 | "defaultStep": "End Step — Success", 43 | "description": null, 44 | "type": "choice" 45 | }, 46 | "End Step — Success": { 47 | "type": "success" 48 | }, 49 | "HTTP Request": { 50 | "actionId": "sp:http", 51 | "attributes": { 52 | "authenticationType": "OAuth", 53 | "jsonPatchRequestBody": [ 54 | { 55 | "op": "replace", 56 | "path": "/connectorAttributes/deltaAggregationEnabled", 57 | "value": "false" 58 | } 59 | ], 60 | "method": "patch", 61 | "oAuthClientId": "", 62 | "oAuthClientSecret": "", 63 | "oAuthCredentialLocation": "oAuthInHeader", 64 | "oAuthTokenUrl": "https://tenant.api.identitynow-demo.com/oauth/token", 65 | "requestContentType": "json-patch+json", 66 | "url": "https://tenant.api.identitynow-demo.com/v3/sources/ef7ad4d0f07a46d6b62064cd3efa1abe" 67 | }, 68 | "description": "Update the source configuration using REST API and set Delta aggregation flag to false", 69 | "nextStep": "Compare Numbers", 70 | "type": "action", 71 | "versionNumber": 2 72 | }, 73 | "HTTP Request 1": { 74 | "actionId": "sp:http", 75 | "attributes": { 76 | "authenticationType": "OAuth", 77 | "jsonPatchRequestBody": null, 78 | "method": "post", 79 | "oAuthClientId": "", 80 | "oAuthClientSecret": "", 81 | "oAuthCredentialLocation": "oAuthInHeader", 82 | "oAuthTokenUrl": "https://tenant.api.identitynow-demo.com/oauth/token", 83 | "requestContentType": "json-patch+json", 84 | "url": "https://tenant.api.identitynow-demo.com/cc/api/source/loadAccounts/XXXXX" 85 | }, 86 | "description": "Trigger a Full Source Account Aggregation", 87 | "nextStep": "Compare Numbers 1", 88 | "type": "action", 89 | "versionNumber": 2 90 | }, 91 | "HTTP Request 2": { 92 | "actionId": "sp:http", 93 | "attributes": { 94 | "authenticationType": "OAuth", 95 | "jsonPatchRequestBody": [ 96 | { 97 | "op": "replace", 98 | "path": "/connectorAttributes/deltaAggregationEnabled", 99 | "value": "true" 100 | } 101 | ], 102 | "method": "patch", 103 | "oAuthClientId": "", 104 | "oAuthClientSecret": "", 105 | "oAuthCredentialLocation": "oAuthInHeader", 106 | "oAuthTokenUrl": "https://tenant.api.identitynow-demo.com/oauth/token", 107 | "requestContentType": "json-patch+json", 108 | "url": "https://tenant.api.identitynow-demo.com/v3/sources/ef7ad4d0f07a46d6b62064cd3efa1abe" 109 | }, 110 | "description": "Update the source configuration using REST API and set Delta aggregation flag to true", 111 | "nextStep": "Compare Numbers 2", 112 | "type": "action", 113 | "versionNumber": 2 114 | } 115 | } 116 | }, 117 | "trigger": { 118 | "type": "SCHEDULED", 119 | "attributes": { 120 | "cronString": "0 2 * * 6", 121 | "frequency": "weekly", 122 | "timeZone": "Asia/Kolkata", 123 | "weeklyDays": [ 124 | "Saturday" 125 | ], 126 | "weeklyTimes": [ 127 | "1969-12-31T20:30:00.000Z" 128 | ] 129 | } 130 | } 131 | } -------------------------------------------------------------------------------- /workflows/emergency-termination/EmergencyIdentityTermination.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Emergency Terminations", 3 | "description": "Workflow to immediately disable the accounts of identities that are terminated by the Authoritative Source", 4 | "definition": { 5 | "start": "Compare Strings", 6 | "steps": { 7 | "Compare Strings": { 8 | "choiceList": [ 9 | { 10 | "comparator": "StringEquals", 11 | "nextStep": "Get List of Identities", 12 | "variableA.$": "$.trigger.action", 13 | "variableB": "terminated" 14 | } 15 | ], 16 | "defaultStep": "End Step — Success 1", 17 | "description": "Verifies that the change in cloudLifecycleState is to \"terminated\".", 18 | "type": "choice" 19 | }, 20 | "End Step — Success": { 21 | "description": "Finishes the workflow in a Success state.", 22 | "type": "success" 23 | }, 24 | "End Step — Success 1": { 25 | "description": "Terminates the workflow when the comparison operator indicates the user was changed to any lifecycle state other than \"terminated.\"", 26 | "type": "success" 27 | }, 28 | "Get Access": { 29 | "actionId": "sp:access:get", 30 | "attributes": { 31 | "accessprofiles": true, 32 | "entitlements": false, 33 | "getAccessBy": "specificIdentity", 34 | "identityToReturn.$": "$.getIdentity.id", 35 | "roles": false 36 | }, 37 | "description": "Get User access", 38 | "nextStep": "Get Accounts", 39 | "type": "action", 40 | "versionNumber": 1 41 | }, 42 | "Get Accounts": { 43 | "actionId": "sp:get-accounts", 44 | "attributes": { 45 | "getAccountsBy": "specificIdentity", 46 | "identity.$": "$.getIdentity.id" 47 | }, 48 | "description": "Retrieves the identity's current list of accounts.", 49 | "nextStep": "Manage Access", 50 | "type": "action", 51 | "versionNumber": 1 52 | }, 53 | "Get Identity": { 54 | "actionId": "sp:get-identity", 55 | "attributes": { 56 | "id.$": "$.getListOfIdentities.identities[0].id" 57 | }, 58 | "description": "Retrieves available details about the identity.", 59 | "nextStep": "Get Access", 60 | "type": "action", 61 | "versionNumber": 2 62 | }, 63 | "Get Identity 1": { 64 | "actionId": "sp:get-identity", 65 | "attributes": { 66 | "id.$": "$.getIdentity.managerRef.id" 67 | }, 68 | "description": "This node is used to gather information about the user's manager to populate their email in the recipient field.", 69 | "nextStep": "Send Email 1", 70 | "type": "action", 71 | "versionNumber": 2 72 | }, 73 | "Get List of Identities": { 74 | "actionId": "sp:get-identities", 75 | "attributes": { 76 | "inputQuery": "attributes.identificationNumber.exact:{{$.trigger.employee_id}}", 77 | "searchBy": "searchQuery" 78 | }, 79 | "description": "Find the identities to be terminated", 80 | "nextStep": "Get Identity", 81 | "type": "action", 82 | "versionNumber": 2 83 | }, 84 | "Manage Access": { 85 | "actionId": "sp:access:manage", 86 | "attributes": { 87 | "comments": "Emergency Termination of user in Authoritative Source", 88 | "removeIdentity.$": "$.getIdentity.id", 89 | "requestType": "REVOKE_ACCESS", 90 | "requestedItems.$": "$.getAccess.accessItems" 91 | }, 92 | "description": "Remove user access", 93 | "nextStep": "Manage Accounts", 94 | "type": "action", 95 | "versionNumber": 1 96 | }, 97 | "Manage Accounts": { 98 | "actionId": "sp:manage-account", 99 | "attributes": { 100 | "accountIds.$": "$.getAccounts.accounts[?(@.sourceId=='6edbfdf26c4640cda9289ba5125b7de6')].id", 101 | "operation": "disable" 102 | }, 103 | "description": "Disable the accounts returned by the Get Accounts step or filter a particular account to disable.", 104 | "nextStep": "Get Identity 1", 105 | "type": "action", 106 | "versionNumber": 1 107 | }, 108 | "Send Email 1": { 109 | "actionId": "sp:send-email", 110 | "attributes": { 111 | "body": "Dear ${manager}

This email is to notify you that user ${displayName} is no longer active in Identity Now system. Their access to Active Directory system has been disabled successfully.



Thank you,
IAM Team", 112 | "context": { 113 | "displayName.$": "$.getIdentity.attributes.displayName", 114 | "manager.$": "$.getIdentity1.attributes.firstname" 115 | }, 116 | "recipientEmailList.$": "$.getIdentity1.attributes.email", 117 | "subject": "Employee Leaving" 118 | }, 119 | "description": "Notifies the users manager that the user is now inactive. This step can also be configured to notify security admins using a distribution list.", 120 | "nextStep": "End Step — Success", 121 | "type": "action", 122 | "versionNumber": 2 123 | } 124 | } 125 | }, 126 | "trigger": { 127 | "type": "EXTERNAL", 128 | "attributes": { 129 | "clientId": "46e0a060-9b52-4c6a-bfaa-620e91a08629", 130 | "description": "External Trigger to be called from SAP", 131 | "url": "https://tenant-name.api.identitynow.com/beta/workflows/execute/external/0acb99ca-974f-46c3-ac10-b61efc1b4ca6" 132 | } 133 | } 134 | } -------------------------------------------------------------------------------- /workflows/new-hire-additional-info/UserOnboardingFormWorkflow.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Cybersolve User Onboarding Form Workflow", 3 | "description": "Cybersolve User Onboarding Form Workflow", 4 | "definition": { 5 | "start": "Form", 6 | "steps": { 7 | "Define Variable": { 8 | "attributes": { 9 | "id": "sp:define-variable", 10 | "variables": [ 11 | { 12 | "description": "Date of Birth\n\nhttps://velocity.apache.org/tools/devel/apidocs/org/apache/velocity/tools/generic/DateTool.html", 13 | "name": "Date of Birth", 14 | "transforms": [ 15 | { 16 | "id": "sp:transform:substring:string", 17 | "input": { 18 | "length": 10, 19 | "start": 0 20 | } 21 | } 22 | ], 23 | "variableA.$": "$.form.formData.dateOfBirth" 24 | } 25 | ] 26 | }, 27 | "nextStep": "Send Email", 28 | "type": "Mutation" 29 | }, 30 | "End Step — Success": { 31 | "type": "success" 32 | }, 33 | "Form": { 34 | "actionId": "sp:forms", 35 | "attributes": { 36 | "deadline": "7d", 37 | "formDefinitionId": "0f116186-9b9c-47ff-ada8-054866c34ef5", 38 | "inputForForm_employeeName.$": "$.trigger.identity.name", 39 | "inputForForm_employeeNumber.$": "$.trigger.attributes.employeeNumber", 40 | "notificationBody": "Hello,

Please fill out the form below for {{$.trigger.identity.name}}. It includes the additional information required by IT and HR teams

Thank you!

Regards,
IT Team", 41 | "notificationSubject": "ATTN : Please Enter Additional User Information for Onboarding", 42 | "recipient": "bcae0dce3d7f4dac827e7853835882d1", 43 | "reminder": "2d", 44 | "reminderBody": "Hello,

Please fill out the form below for {{$.trigger.identity.name}}. It includes the additional information required by IT and HR teams

Thank you!

Regards,
IT Team" 45 | }, 46 | "description": "Cybersolve User Onboarding Form", 47 | "nextStep": "Get Identity", 48 | "type": "action", 49 | "versionNumber": 1 50 | }, 51 | "Get Identity": { 52 | "actionId": "sp:get-identity", 53 | "attributes": { 54 | "id.$": "$.form.formData.referredBy" 55 | }, 56 | "description": "Get Referred By User Name", 57 | "nextStep": "Define Variable", 58 | "type": "action", 59 | "versionNumber": 2 60 | }, 61 | "Send Email": { 62 | "actionId": "sp:send-email", 63 | "attributes": { 64 | "body": "Hi,

Thank you for filing out the Additional Information for user ${employeeName}.

\nPersonal Details
\nEmployee Name - ${employeeName}
\nEmployee Number - ${employeeNumber},
\nUser Type - #if( ${userType} == 'true')Full Time#{else}Part Time#end,
\nPersonal Phone - ${personalPhone},
\nPersonal Email - ${personalEmail},
\nDate of Birth - ${dob},
\nReferred By - ${referredBy},
\nHobbies - ${hobbies}

\nAddress Details
\nAddress Line 1 - ${addressLine1},
\nCity - ${city}

\nIT Requests
\nPreferred Laptop - ${preferredLaptop},
\n#if($preferredLaptop == 'Windows')Windows OS - ${windowsOsVersion},
#end\n#if($preferredLaptop == 'Linux')Linux OS - ${linuxOs},
#end\n
Applications to Install :
\nOracle - #if( ${oracle} == 'true')Yes#{else}No#end,
\nMicrosoft - #if( ${microsoft} == 'true')Yes#{else}No#end,
\nEclipse - #if( ${eclipse} == 'true')Yes#{else}No#end,
\nPostman - #if( ${postman} == 'true')Yes#{else}No#end
\n
Additional Requests - #if($additionalRequests)${additionalRequests}#{else}None#end
\n

Thank you,
IAM Team
", 65 | "context": { 66 | "additionalRequests.$": "$.form.formData.additionalRequests", 67 | "addressLine1.$": "$.form.formData.addressLine1", 68 | "city.$": "$.form.formData.city", 69 | "dateOfBirth.$": "$.form.formData.dateOfBirth", 70 | "dob.$": "$.defineVariable.dateOfBirth", 71 | "eclipse.$": "$.form.formData.eclipse", 72 | "employeeName.$": "$.form.formData.employeeName", 73 | "employeeNumber.$": "$.form.formData.employeeNumber", 74 | "hobbies.$": "$.form.formData.hobbies", 75 | "linuxOs.$": "$.form.formData.linuxOs", 76 | "microsoft.$": "$.form.formData.microsoft", 77 | "oracle.$": "$.form.formData.oracle", 78 | "personalEmail.$": "$.form.formData.personalEmail", 79 | "personalPhone.$": "$.form.formData.personalPhone", 80 | "postman.$": "$.form.formData.postman", 81 | "preferredLaptop.$": "$.form.formData.preferredLaptop", 82 | "referredBy.$": "$.getIdentity.attributes.displayName", 83 | "userType.$": "$.form.formData.userType", 84 | "windowsOsVersion.$": "$.form.formData.windowsOsVersion" 85 | }, 86 | "from": null, 87 | "recipientEmailList": [ 88 | "xxxxx@xxxxx.com" 89 | ], 90 | "replyTo.$": "", 91 | "subject": "User Onboarding Form Submission Complete" 92 | }, 93 | "description": "Send Email Notification To Manager", 94 | "nextStep": "End Step — Success", 95 | "type": "action", 96 | "versionNumber": 2 97 | } 98 | } 99 | }, 100 | "trigger": { 101 | "type": "EVENT", 102 | "attributes": { 103 | "id": "idn:identity-created" 104 | } 105 | } 106 | } -------------------------------------------------------------------------------- /workflows/sod-add-dynamic-approver/SoDynamicApproverv0.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "SoD Dynamic Approver", 3 | "description": "This workflow adds a dynamic approver if a SoD policy is violated. In this example, the SoD Violation owner is added as approver.", 4 | "definition": { 5 | "start": "Get Identity", 6 | "steps": { 7 | "Compare Numbers": { 8 | "choiceList": [ 9 | { 10 | "comparator": "NumericGreaterThanEquals", 11 | "nextStep": "HTTP Request 4", 12 | "variableA.$": "$.hTTPRequest2.body[0].sodViolationContext.violationCheckResult.violatedPolicies.length()", 13 | "variableB": 1 14 | } 15 | ], 16 | "defaultStep": "HTTP Request", 17 | "description": "Check if the current item violates at least one SoD Policy.", 18 | "type": "choice" 19 | }, 20 | "End Step — Success": { 21 | "type": "success" 22 | }, 23 | "End Step — Success 1": { 24 | "type": "success" 25 | }, 26 | "Get Identity": { 27 | "actionId": "sp:get-identity", 28 | "attributes": { 29 | "id.$": "$.trigger.requestedFor.id" 30 | }, 31 | "description": "Search the targeted identity info", 32 | "nextStep": "HTTP Request 1", 33 | "type": "action", 34 | "versionNumber": 2 35 | }, 36 | "HTTP Request": { 37 | "actionId": "sp:http", 38 | "attributes": { 39 | "authenticationType": "OAuth", 40 | "jsonRequestBody": { 41 | "output": { 42 | "id": "", 43 | "name": "", 44 | "type": "" 45 | }, 46 | "secret": "{{$.trigger._metadata.secret}}" 47 | }, 48 | "method": "post", 49 | "oAuthClientId": "", 50 | "oAuthCredentialLocation": "oAuthInBody", 51 | "oAuthTokenUrl": "https://yourTenantHere.api.identitynow.com/oauth/token", 52 | "requestContentType": "json", 53 | "url.$": "$.trigger._metadata.callbackURL" 54 | }, 55 | "description": "Responds to the ETS Dynamic Approval callback url informing there is no new approval step. If there was a detected violation, the callback was already responded and this API call will be ignored.", 56 | "nextStep": "End Step — Success 1", 57 | "type": "action", 58 | "versionNumber": 2 59 | }, 60 | "HTTP Request 1": { 61 | "actionId": "sp:http", 62 | "attributes": { 63 | "authenticationType": "OAuth", 64 | "method": "get", 65 | "oAuthClientId": "", 66 | "oAuthCredentialLocation": "oAuthInBody", 67 | "oAuthTokenUrl": "https://yourTenantHere.api.identitynow.com/oauth/token", 68 | "url": "https://yourTenantHere.api.identitynow.com/v3/account-activities/{{$.trigger.accessRequestId}}" 69 | }, 70 | "description": "Get Account Activities based on Access Request ID (present in the ETS Access Request Dynamic Approver)", 71 | "nextStep": "HTTP Request 2", 72 | "type": "action", 73 | "versionNumber": 2 74 | }, 75 | "HTTP Request 2": { 76 | "actionId": "sp:http", 77 | "attributes": { 78 | "authenticationType": "OAuth", 79 | "method": "get", 80 | "oAuthClientId": "", 81 | "oAuthCredentialLocation": "oAuthInBody", 82 | "oAuthTokenUrl": "https://yourTenantHere.api.identitynow.com/oauth/token", 83 | "url": "https://yourTenantHere.api.identitynow.com/v3/access-request-status?filters=accountActivityItemId+eq+%22{{$.hTTPRequest1.body.items[0].id}}%22" 84 | }, 85 | "description": "Get the Access Request Status based on accountActivityItemId. The Access Request Status has the SoD Violation information.", 86 | "nextStep": "Compare Numbers", 87 | "type": "action", 88 | "versionNumber": 2 89 | }, 90 | "HTTP Request 3": { 91 | "actionId": "sp:http", 92 | "attributes": { 93 | "authenticationType": "OAuth", 94 | "jsonRequestBody": { 95 | "output": { 96 | "id": "{{$.hTTPRequest4.body.violationOwnerAssignmentConfig.ownerRef.id}}", 97 | "name": "{{$.hTTPRequest4.body.violationOwnerAssignmentConfig.ownerRef.name}}", 98 | "type": "{{$.hTTPRequest4.body.violationOwnerAssignmentConfig.ownerRef.type}}" 99 | }, 100 | "secret": "{{$.trigger._metadata.secret}}" 101 | }, 102 | "method": "post", 103 | "oAuthClientId": "", 104 | "oAuthCredentialLocation": "oAuthInBody", 105 | "oAuthTokenUrl": "https://yourTenantHere.api.identitynow.com/oauth/token", 106 | "requestContentType": "json", 107 | "url.$": "$.trigger._metadata.callbackURL" 108 | }, 109 | "description": "If at least one policy is being violated, it's enough to add a new approval step, in this case the SoD Violation Owner", 110 | "nextStep": "End Step — Success", 111 | "type": "action", 112 | "versionNumber": 2 113 | }, 114 | "HTTP Request 4": { 115 | "actionId": "sp:http", 116 | "attributes": { 117 | "authenticationType": "OAuth", 118 | "method": "get", 119 | "oAuthClientId": "", 120 | "oAuthCredentialLocation": "oAuthInBody", 121 | "oAuthTokenUrl": "https://yourTenantHere.api.identitynow.com/oauth/token", 122 | "requestContentType": "json", 123 | "url": "https://yourTenantHere.api.identitynow.com/v3/sod-policies/{{$.hTTPRequest2.body[0].sodViolationContext.violationCheckResult.violatedPolicies[0].id}}" 124 | }, 125 | "description": "Search for info about the SoD Policy violated", 126 | "nextStep": "HTTP Request 3", 127 | "type": "action", 128 | "versionNumber": 2 129 | } 130 | } 131 | }, 132 | "trigger": { 133 | "type": "EXTERNAL", 134 | "attributes": { 135 | "description": "Configure your ETS \"Access Request Dynamic Approver\" here to call this workflow", 136 | "url": "https://yourTenantHere.api.identitynow.com" 137 | } 138 | } 139 | } 140 | -------------------------------------------------------------------------------- /workflows/fasttrack-identity-onboarding/FastTrackUserOnboarding.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Fast Track User Onboarding", 3 | "description": "Fast Track User Onboarding Workflow", 4 | "definition": { 5 | "start": "Wait", 6 | "steps": { 7 | "Define Variable": { 8 | "attributes": { 9 | "id": "sp:define-variable", 10 | "variables": [ 11 | { 12 | "description": "Start Date", 13 | "name": "Start Date", 14 | "transforms": [ 15 | { 16 | "id": "sp:transform:substring:string", 17 | "input": { 18 | "length": 10, 19 | "start": 0 20 | } 21 | } 22 | ], 23 | "variableA.$": "$.form.formData.startDate" 24 | } 25 | ] 26 | }, 27 | "nextStep": "Send Email", 28 | "type": "Mutation" 29 | }, 30 | "End Step — Success": { 31 | "type": "success" 32 | }, 33 | "Form": { 34 | "actionId": "sp:forms", 35 | "attributes": { 36 | "deadline": "7d", 37 | "formDefinitionId": "5e1810c7-cf38-4d1a-bedf-e6326248840f", 38 | "inputForForm_email.$": "$.trigger.attributes.email", 39 | "inputForForm_employeeName.$": "$.trigger.attributes.displayName", 40 | "inputForForm_employeeNumber.$": "$.trigger.attributes.employeeNumber", 41 | "inputForForm_phone.$": "$.trigger.attributes.phone", 42 | "inputForForm_startDate.$": "$.trigger.attributes.startDate", 43 | "inputForForm_userType": "true", 44 | "notificationBody": "Hello,
Please fill out the form below for {{$.trigger.identity.name}}. It includes the additional information required by IT for hardware procurement.

Regards,
IT Team", 45 | "notificationSubject": "ATTN : Please fill in onboarding information for - {{$.$.trigger.attributes.displayName}}", 46 | "recipient.$": "$.trigger.attributes.manager.id", 47 | "reminder": "2d", 48 | "reminderBody": "Hello,
Please fill out the form below for {{$.trigger.identity.name}}. It includes the additional information required by IT for hardware procurement.

Regards,
IT Team" 49 | }, 50 | "description": "User Onboarding form", 51 | "nextStep": "Get Identity", 52 | "type": "action", 53 | "versionNumber": 1 54 | }, 55 | "Get Identity": { 56 | "actionId": "sp:get-identity", 57 | "attributes": { 58 | "id.$": "$.trigger.attributes.manager.id" 59 | }, 60 | "description": "Get Identity Manager", 61 | "nextStep": "Define Variable", 62 | "type": "action", 63 | "versionNumber": 2 64 | }, 65 | "Send Email": { 66 | "actionId": "sp:send-email", 67 | "attributes": { 68 | "body": "Hi,

\nThank you for filing out the Additional Information for user ${employeeName}.

\nPersonal Details
\nEmployee Name - ${employeeName}
\nEmployee Number - ${employeeNumber}
\nUser Type - #if( ${userType} == 'true')Full Time#{else}Part Time#end
\nPhone - ${phone}
\nEmail - ${email}
\nStart Date - ${startDate}

\nLocation
\nLocation - ${location}
\n#if(${city})
City - ${city}
#end\n
IT Requests
\nPreferred Laptop - ${preferredLaptop}
\n#if($preferredLaptop == 'Windows')Windows OS - ${windowsOsVersion}
#end\n#if($preferredLaptop == 'Linux')Linux OS - ${linuxOs}
#end
\nRequire Access to Applications :
\nSiebel Client - #if( ${siebel} == 'true')Yes#{else}No#end
\nOracle - #if( ${oracle} == 'true')Yes#{else}No#end
\nEclipse IDE - #if( ${eclipse} == 'true')Yes#{else}No#end
\nAdobe Acrobat - #if( ${acrobat} == 'true')Yes#{else}No#end
\nAdobe Photoshop - #if( ${photoshop} == 'true')Yes#{else}No#end
\nMicrosoft Powerpoint - #if( ${powerpoint} == 'true')Yes#{else}No#end
\nAdditional Requests - #if($additionalRequests)${additionalRequests}#{else}None#end

\nAdditional Roles Requested: \n#if($roles)Yes#{else}No#end

\nThank you,
\nIAM Team
", 69 | "context": { 70 | "acrobat.$": "$.form.formData.acrobat", 71 | "additionalRequests.$": "$.form.formData.additionalRequests", 72 | "city.$": "$.form.formData.city", 73 | "eclipse.$": "$.form.formData.eclipse", 74 | "email.$": "$.form.formData.email", 75 | "employeeName.$": "$.form.formData.employeeName", 76 | "employeeNumber.$": "$.form.formData.employeeNumber", 77 | "linuxOs.$": "$.form.formData.linuxOs", 78 | "location.$": "$.form.formData.location", 79 | "oracle.$": "$.form.formData.oracle", 80 | "phone.$": "$.form.formData.phone", 81 | "photoshop.$": "$.form.formData.photoshop", 82 | "powerpoint.$": "$.form.formData.powerpoint", 83 | "preferredLaptop.$": "$.form.formData.preferredLaptop", 84 | "roles.$": "$.form.formData.roles", 85 | "siebel.$": "$.form.formData.siebel", 86 | "startDate.$": "$.defineVariable.startDate", 87 | "userType.$": "$.form.formData.userType", 88 | "windowsOsVersion.$": "$.form.formData.windowsOsVersion" 89 | }, 90 | "from": null, 91 | "recipientEmailList.$": "$.getIdentity.attributes.email", 92 | "replyTo.$": "", 93 | "subject": "User Onboarding Form Submission Complete" 94 | }, 95 | "description": "Send Email Notification To Manager", 96 | "nextStep": "End Step — Success", 97 | "type": "action", 98 | "versionNumber": 2 99 | }, 100 | "Wait": { 101 | "actionId": "sp:sleep", 102 | "attributes": { 103 | "duration": "1m", 104 | "type": "waitFor" 105 | }, 106 | "displayName": "", 107 | "nextStep": "Form", 108 | "type": "action", 109 | "versionNumber": 1 110 | } 111 | } 112 | }, 113 | "trigger": { 114 | "type": "EVENT", 115 | "attributes": { 116 | "description": "Identity Created", 117 | "id": "idn:identity-created" 118 | } 119 | } 120 | } 121 | -------------------------------------------------------------------------------- /workflows/assign-roles-using-forms/Assign Roles via Form.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "57e25357-e5d5-4ba0-a6ac-d3bb6520731d", 3 | "name": "Assign Roles", 4 | "description": "Assign Roles", 5 | "owner": { 6 | "type": "IDENTITY", 7 | "id": "bcae0dce3d7f4dac827e7853835882d1" 8 | }, 9 | "usedBy": [], 10 | "formInput": [ 11 | { 12 | "id": "employeeNumber", 13 | "type": "STRING", 14 | "label": "Employee Number", 15 | "description": "Employee Number" 16 | }, 17 | { 18 | "id": "employeeName", 19 | "type": "STRING", 20 | "label": "Employee Name", 21 | "description": "Employee Name" 22 | } 23 | ], 24 | "formElements": [ 25 | { 26 | "id": "910277720848", 27 | "elementType": "SECTION", 28 | "config": { 29 | "alignment": "LEFT", 30 | "description": "", 31 | "formElements": [ 32 | { 33 | "config": { 34 | "default": "", 35 | "description": "", 36 | "helpText": "", 37 | "label": "Employee Number", 38 | "placeholder": "", 39 | "required": false 40 | }, 41 | "elementType": "TEXT", 42 | "id": "1545094594991", 43 | "key": "employeeNumber", 44 | "validations": [] 45 | }, 46 | { 47 | "config": { 48 | "default": "", 49 | "description": "", 50 | "helpText": "", 51 | "label": "Employee Name", 52 | "placeholder": "", 53 | "required": false 54 | }, 55 | "elementType": "TEXT", 56 | "id": "521341509460", 57 | "key": "employeeName", 58 | "validations": [] 59 | }, 60 | { 61 | "config": { 62 | "dataSource": { 63 | "config": { 64 | "objectType": "ROLE" 65 | }, 66 | "dataSourceType": "INTERNAL" 67 | }, 68 | "forceSelect": true, 69 | "helpText": "Select the roles you wish to assign from the list below", 70 | "label": "Select Roles", 71 | "maximum": 3, 72 | "placeholder": "Role Name", 73 | "required": true 74 | }, 75 | "elementType": "SELECT", 76 | "id": "517197279797", 77 | "key": "selectRoles", 78 | "validations": [ 79 | { 80 | "validationType": "REQUIRED" 81 | } 82 | ] 83 | } 84 | ], 85 | "label": "Role Assignment", 86 | "labelStyle": "h2", 87 | "showLabel": true 88 | }, 89 | "validations": [] 90 | } 91 | ], 92 | "formConditions": [ 93 | { 94 | "ruleOperator": "AND", 95 | "rules": [ 96 | { 97 | "sourceType": "INPUT", 98 | "source": "Employee Number", 99 | "operator": "EM", 100 | "valueType": "STRING", 101 | "value": "" 102 | } 103 | ], 104 | "effects": [ 105 | { 106 | "effectType": "DISABLE", 107 | "config": { 108 | "element": "521341509460" 109 | } 110 | }, 111 | { 112 | "effectType": "DISABLE", 113 | "config": { 114 | "element": "517197279797" 115 | } 116 | } 117 | ] 118 | }, 119 | { 120 | "ruleOperator": "AND", 121 | "rules": [ 122 | { 123 | "sourceType": "INPUT", 124 | "source": "Employee Number", 125 | "operator": "NOT_EM", 126 | "valueType": "STRING", 127 | "value": "" 128 | } 129 | ], 130 | "effects": [ 131 | { 132 | "effectType": "SET_DEFAULT_VALUE", 133 | "config": { 134 | "defaultValueLabel": "Employee Number", 135 | "element": "1545094594991" 136 | } 137 | }, 138 | { 139 | "effectType": "DISABLE", 140 | "config": { 141 | "element": "1545094594991" 142 | } 143 | } 144 | ] 145 | }, 146 | { 147 | "ruleOperator": "AND", 148 | "rules": [ 149 | { 150 | "sourceType": "INPUT", 151 | "source": "Employee Name", 152 | "operator": "NOT_EM", 153 | "valueType": "STRING", 154 | "value": "" 155 | } 156 | ], 157 | "effects": [ 158 | { 159 | "effectType": "SET_DEFAULT_VALUE", 160 | "config": { 161 | "defaultValueLabel": "Employee Name", 162 | "element": "521341509460" 163 | } 164 | }, 165 | { 166 | "effectType": "DISABLE", 167 | "config": { 168 | "element": "521341509460" 169 | } 170 | } 171 | ] 172 | } 173 | ], 174 | "created": "2023-11-06T10:47:24.875353142Z", 175 | "modified": "2024-01-10T03:14:32.648826623Z" 176 | } -------------------------------------------------------------------------------- /workflows/access-request-for-account-management/RequestHandler-ManageAccounts.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Request Handler - Manage Accounts", 3 | "description": "This workflow helps in enabling users request for disablement/enablement of an account which has appropriate IdentitySecurity Cloud role created. \n\nISC Role Format is expected as \"-Enable Account\" for enable operation and \"-Disable Account\" for disable operation \n\nOnce the account is enabled/disabled, the respective ISC role is also revoked which can make users request the same role again in future when needed.", 4 | "definition": { 5 | "start": "Define Variable", 6 | "steps": { 7 | "Define Variable": { 8 | "attributes": { 9 | "id": "sp:define-variable", 10 | "variables": [ 11 | { 12 | "description": "Name of the requested role", 13 | "name": "roleName", 14 | "transforms": [], 15 | "variableA.$": "$.trigger.requestedItemsStatus[0].name" 16 | } 17 | ] 18 | }, 19 | "displayName": "Get Role Name", 20 | "nextStep": "Define Variable 1", 21 | "type": "Mutation" 22 | }, 23 | "Define Variable 1": { 24 | "attributes": { 25 | "id": "sp:define-variable", 26 | "variables": [ 27 | { 28 | "description": "", 29 | "name": "indexOfSeparation", 30 | "transforms": [ 31 | { 32 | "id": "sp:transform:getIndex:int", 33 | "input": { 34 | "pattern": "-" 35 | } 36 | } 37 | ], 38 | "variableA.$": "$.defineVariable.roleName" 39 | } 40 | ] 41 | }, 42 | "displayName": "Get Index", 43 | "nextStep": "Define Variable 2", 44 | "type": "Mutation" 45 | }, 46 | "Define Variable 2": { 47 | "attributes": { 48 | "id": "sp:define-variable", 49 | "variables": [ 50 | { 51 | "description": "", 52 | "name": "sourceName", 53 | "transforms": [ 54 | { 55 | "id": "sp:transform:substring:string", 56 | "input": { 57 | "length.$": "$.defineVariable1.indexOfSeparation", 58 | "start": 0 59 | } 60 | } 61 | ], 62 | "variableA.$": "$.defineVariable.roleName" 63 | } 64 | ] 65 | }, 66 | "displayName": "Get Source Name", 67 | "nextStep": "Get Accounts", 68 | "type": "Mutation" 69 | }, 70 | "End Step - Success": { 71 | "displayName": "", 72 | "type": "success" 73 | }, 74 | "Get Accounts": { 75 | "actionId": "sp:get-accounts", 76 | "attributes": { 77 | "getAccountsBy": "specificIdentity", 78 | "identity.$": "$.trigger.requestedFor.id" 79 | }, 80 | "displayName": "", 81 | "nextStep": "Loop", 82 | "type": "action", 83 | "versionNumber": 1 84 | }, 85 | "Loop": { 86 | "actionId": "sp:loop:iterator", 87 | "attributes": { 88 | "context.$": "$", 89 | "input.$": "$.getAccounts.accounts[?(@.sourceName == \"{{$.defineVariable2.sourceName}}\")]", 90 | "start": "Compare Strings", 91 | "steps": { 92 | "Compare Strings": { 93 | "choiceList": [ 94 | { 95 | "comparator": "StringEndsWith", 96 | "nextStep": "Manage Accounts", 97 | "variableA.$": "$.loop.context.defineVariable.roleName", 98 | "variableB": "Enable Account" 99 | } 100 | ], 101 | "defaultStep": "Compare Strings 1", 102 | "displayName": "Verify Operation Type", 103 | "type": "choice" 104 | }, 105 | "Compare Strings 1": { 106 | "choiceList": [ 107 | { 108 | "comparator": "StringEndsWith", 109 | "nextStep": "Manage Accounts 1", 110 | "variableA.$": "$.loop.context.defineVariable.roleName", 111 | "variableB": "Disable Account" 112 | } 113 | ], 114 | "defaultStep": "End Step - Failure", 115 | "displayName": "Verify Operation Type", 116 | "type": "choice" 117 | }, 118 | "End Step - Failure": { 119 | "displayName": "", 120 | "failureName": "No operation matched", 121 | "type": "failure" 122 | }, 123 | "End Step - Success 1": { 124 | "displayName": "", 125 | "type": "success" 126 | }, 127 | "Get Access": { 128 | "actionId": "sp:access:get", 129 | "attributes": { 130 | "accessprofiles": false, 131 | "entitlements": false, 132 | "getAccessBy": "searchQuery", 133 | "identityToReturn.$": "$.trigger.requestedFor.id", 134 | "query": "name.exact:\"{{$.loop.context.defineVariable.roleName}}\"", 135 | "roles": true 136 | }, 137 | "description": "Get user Access", 138 | "displayName": "Get Role Object", 139 | "nextStep": "Manage Access", 140 | "type": "action", 141 | "versionNumber": 1 142 | }, 143 | "Manage Access": { 144 | "actionId": "sp:access:manage", 145 | "attributes": { 146 | "comments": "Removal of the temporary role after disabling the account", 147 | "removeIdentity.$": "$.loop.context.trigger.requestedFor.id", 148 | "requestType": "REVOKE_ACCESS", 149 | "requestedItems.$": "$.getAccess.accessItems[0]" 150 | }, 151 | "description": "", 152 | "displayName": "Revoke Temporary Role", 153 | "nextStep": "End Step - Success 1", 154 | "type": "action", 155 | "versionNumber": 1 156 | }, 157 | "Manage Accounts": { 158 | "actionId": "sp:manage-account", 159 | "attributes": { 160 | "accountIds.$": "$.loop.loopInput.id", 161 | "operation": "enable" 162 | }, 163 | "description": "Enabling application account as per IDN role requested", 164 | "displayName": "Enable Account", 165 | "nextStep": "Get Access", 166 | "type": "action", 167 | "versionNumber": 1 168 | }, 169 | "Manage Accounts 1": { 170 | "actionId": "sp:manage-account", 171 | "attributes": { 172 | "accountIds.$": "$.loop.loopInput.id", 173 | "operation": "disable" 174 | }, 175 | "description": "Disabling application account as per IDN role requested", 176 | "displayName": "Disable Account", 177 | "nextStep": "Get Access", 178 | "type": "action", 179 | "versionNumber": 1 180 | } 181 | } 182 | }, 183 | "description": "To loop around the relevant accounts for disable/enable action", 184 | "displayName": "", 185 | "nextStep": "End Step - Success", 186 | "type": "action", 187 | "versionNumber": 1 188 | } 189 | } 190 | }, 191 | "trigger": { 192 | "type": "EVENT", 193 | "attributes": { 194 | "filter.$": "$.requestedItemsStatus[?(@.type == \"ROLE\" && @.operation == \"Add\" && (@.name =~ /.*-Disable Account/ || @.name =~ /.*-Enable Account/) && (@.approvalInfo.length() == 0 || (@.approvalInfo[0].approvalDecision == \"APPROVED\" && @.approvalInfo[-1].approvalDecision == \"APPROVED\")))].name", 195 | "id": "idn:access-request-post-approval" 196 | } 197 | } 198 | } 199 | -------------------------------------------------------------------------------- /workflows/reassign-object-owners/ObjectOwnerReassignment.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Object Owner Reassignment", 3 | "description": "The main entry point for reassigning object ownership.", 4 | "definition": { 5 | "start": "Get Identity", 6 | "steps": { 7 | "End Step — Success": { 8 | "type": "success" 9 | }, 10 | "Form": { 11 | "actionId": "sp:forms", 12 | "attributes": { 13 | "deadline": "7d", 14 | "formDefinitionId": "d4614696-3306-4ff6-b161-26431a083fd1", 15 | "inputForForm_previousowner.$": "$.trigger.identity.name", 16 | "notificationBody": "One of your direct reports, {{$.trigger.identity.name}}, has the left the company. Please open this form to reassign this person's items to a new owner.", 17 | "notificationSubject": "A direct report has left the company.", 18 | "recipient.$": "$.getIdentity.managerRef.id", 19 | "reminder": "4d", 20 | "reminderBody": "One of your direct reports, {{$.trigger.identity.name}}, has the left the company. Please open this form to reassign this person's items to a new owner." 21 | }, 22 | "description": "Send a reassignment form to the identity's manager. This will tell the workflow which identity to reassign the objects to.", 23 | "nextStep": "HTTP Request", 24 | "type": "action", 25 | "versionNumber": 1 26 | }, 27 | "Get Identity": { 28 | "actionId": "sp:get-identity", 29 | "attributes": { 30 | "id.$": "$.trigger.identity.id" 31 | }, 32 | "description": "Get the identity details of the terminated identity.", 33 | "nextStep": "Form", 34 | "type": "action", 35 | "versionNumber": 2 36 | }, 37 | "HTTP Request": { 38 | "actionId": "sp:http", 39 | "attributes": { 40 | "authenticationType": "OAuth", 41 | "jsonRequestBody": { 42 | "newOwnerId": "{{$.form.formData.newOwner}}", 43 | "previousOwnerId": "{{$.trigger.identity.id}}" 44 | }, 45 | "method": "post", 46 | "oAuthClientId": "", 47 | "oAuthClientSecret": "", 48 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 49 | "requestContentType": "json", 50 | "url": "https://{tenant}.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d" 51 | }, 52 | "description": "Reassign Sources", 53 | "nextStep": "HTTP Request 1", 54 | "type": "action", 55 | "versionNumber": 2 56 | }, 57 | "HTTP Request 1": { 58 | "actionId": "sp:http", 59 | "attributes": { 60 | "authenticationType": "OAuth", 61 | "jsonRequestBody": { 62 | "newOwnerId": "{{$.form.formData.newOwner}}", 63 | "previousOwnerId": "{{$.trigger.identity.id}}" 64 | }, 65 | "method": "post", 66 | "oAuthClientId": "", 67 | "oAuthClientSecret": "", 68 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 69 | "requestContentType": "json", 70 | "url": "https://{tenant}.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d" 71 | }, 72 | "description": "Reassign roles", 73 | "nextStep": "HTTP Request 2", 74 | "type": "action", 75 | "versionNumber": 2 76 | }, 77 | "HTTP Request 2": { 78 | "actionId": "sp:http", 79 | "attributes": { 80 | "authenticationType": "OAuth", 81 | "jsonRequestBody": { 82 | "newOwnerId": "{{$.form.formData.newOwner}}", 83 | "previousOwnerId": "{{$.trigger.identity.id}}" 84 | }, 85 | "method": "post", 86 | "oAuthClientId": "", 87 | "oAuthClientSecret": "", 88 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 89 | "requestContentType": "json", 90 | "url": "https://{tenant}.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d" 91 | }, 92 | "description": "Reassign access profiles", 93 | "nextStep": "HTTP Request 3", 94 | "type": "action", 95 | "versionNumber": 2 96 | }, 97 | "HTTP Request 3": { 98 | "actionId": "sp:http", 99 | "attributes": { 100 | "authenticationType": "OAuth", 101 | "jsonRequestBody": { 102 | "newOwnerId": "{{$.form.formData.newOwner}}", 103 | "previousOwnerId": "{{$.trigger.identity.id}}" 104 | }, 105 | "method": "post", 106 | "oAuthClientId": "", 107 | "oAuthClientSecret": "", 108 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 109 | "requestContentType": "json", 110 | "url": "" 111 | }, 112 | "description": "Reassign entitlements", 113 | "nextStep": "HTTP Request 4", 114 | "type": "action", 115 | "versionNumber": 2 116 | }, 117 | "HTTP Request 4": { 118 | "actionId": "sp:http", 119 | "attributes": { 120 | "authenticationType": "OAuth", 121 | "jsonRequestBody": { 122 | "newOwnerId": "{{$.form.formData.newOwner}}", 123 | "offset": 0, 124 | "previousOwnerId": "{{$.trigger.identity.id}}" 125 | }, 126 | "method": "post", 127 | "oAuthClientId": "", 128 | "oAuthClientSecret": "", 129 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 130 | "requestContentType": "json", 131 | "url": "" 132 | }, 133 | "description": "Reassign identity profiles.\n\nThis is for the first 100 identity profiles. If you need to process more than 100 identity profiles, copy this action and increment the offset by 100.", 134 | "nextStep": "HTTP Request 5", 135 | "type": "action", 136 | "versionNumber": 2 137 | }, 138 | "HTTP Request 5": { 139 | "actionId": "sp:http", 140 | "attributes": { 141 | "authenticationType": "OAuth", 142 | "jsonRequestBody": { 143 | "newOwnerId": "{{$.form.formData.newOwner}}", 144 | "offset": 0, 145 | "previousOwnerId": "{{$.trigger.identity.id}}" 146 | }, 147 | "method": "post", 148 | "oAuthClientId": "", 149 | "oAuthClientSecret": "", 150 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 151 | "requestContentType": "json", 152 | "url": "" 153 | }, 154 | "description": "Reassign governance groups.\n\nThis is for the first 100 governance groups. If you need to process more than 100 governance groups, copy this action and increment the offset by 100.", 155 | "nextStep": "HTTP Request 6", 156 | "type": "action", 157 | "versionNumber": 2 158 | }, 159 | "HTTP Request 6": { 160 | "actionId": "sp:http", 161 | "attributes": { 162 | "authenticationType": "OAuth", 163 | "jsonRequestBody": { 164 | "newOwnerId": "{{$.form.formData.newOwner}}", 165 | "previousOwnerId": "{{$.trigger.identity.id}}" 166 | }, 167 | "method": "post", 168 | "oAuthClientId": "", 169 | "oAuthClientSecret": "", 170 | "oAuthTokenUrl": "https://{tenant}.api.identitynow.com/oauth/token", 171 | "requestContentType": "json", 172 | "url": "" 173 | }, 174 | "description": "Reassign workflows", 175 | "nextStep": "End Step — Success", 176 | "type": "action", 177 | "versionNumber": 2 178 | } 179 | } 180 | }, 181 | "trigger": { 182 | "type": "EVENT", 183 | "attributes": { 184 | "filter.$": "$.changes[?(@.attribute == \"cloudLifecycleState\" && @.newValue == \"terminated\")]", 185 | "id": "idn:identity-attributes-changed" 186 | } 187 | } 188 | } -------------------------------------------------------------------------------- /workflows/retry-failed-workflows/RetryFailedWorkflowsForm.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Retry Failed Workflows", 3 | "description": "Submitting this form will invoke a workflow that retries all failed executions of a workflow between the given start and end dates.", 4 | "owner": { 5 | "type": "IDENTITY", 6 | "id": "2c9180867624cbd7017642d8c8c81f67" 7 | }, 8 | "usedBy": [ 9 | { 10 | "type": "MySailPoint", 11 | "id": "MySailPoint" 12 | } 13 | ], 14 | "formInput": [], 15 | "formElements": [ 16 | { 17 | "id": "782165236468", 18 | "elementType": "SECTION", 19 | "config": { 20 | "alignment": "LEFT", 21 | "description": "Use this form to start a workflow that will retry failed workflows on or after the specified date.", 22 | "formElements": [ 23 | { 24 | "config": { 25 | "default": "", 26 | "description": "", 27 | "helpText": "The GUID of the Workflow that you want to retry failed executions for. You can find the GUID of the workflow by editing the workflow and copying the GUID from the URL.", 28 | "label": "Workflow ID", 29 | "placeholder": "5a6fc60d-dc1d-4dc5-867a-e2b6fc48fe75", 30 | "required": true 31 | }, 32 | "elementType": "TEXT", 33 | "id": "435495107140", 34 | "key": "workflowId", 35 | "validations": [ 36 | { 37 | "validationType": "REQUIRED" 38 | }, 39 | { 40 | "config": { 41 | "message": "The provided GUID does not match the correct format.", 42 | "regex": "^[{]?[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[}]?$" 43 | }, 44 | "validationType": "REGEX" 45 | } 46 | ] 47 | }, 48 | { 49 | "config": { 50 | "default": "", 51 | "description": "", 52 | "helpText": "Retry all Workflow executions that have a start date on or after this date and have a \"Failed\" status.", 53 | "label": "Start Date", 54 | "placeholder": "", 55 | "required": true 56 | }, 57 | "elementType": "DATE", 58 | "id": "1548789542068", 59 | "key": "startDate", 60 | "validations": [ 61 | { 62 | "validationType": "DATE" 63 | }, 64 | { 65 | "validationType": "REQUIRED" 66 | } 67 | ] 68 | }, 69 | { 70 | "config": { 71 | "default": "", 72 | "description": "", 73 | "helpText": "Retry all Workflow executions that have a start time on or after this time and have a \"Failed\" status. You must use the following format: hh:mm:ss.", 74 | "label": "Start Time", 75 | "placeholder": "13:16:24", 76 | "required": true 77 | }, 78 | "elementType": "TEXT", 79 | "id": "1632388912248", 80 | "key": "startTime", 81 | "validations": [ 82 | { 83 | "config": { 84 | "message": "The time must be in the format hh:mm:ss (ex. 14:21:12)", 85 | "regex": "^[0-9]{2}:[0-9]{2}:[0-9]{2}$" 86 | }, 87 | "validationType": "REGEX" 88 | }, 89 | { 90 | "validationType": "REQUIRED" 91 | } 92 | ] 93 | }, 94 | { 95 | "config": { 96 | "default": "", 97 | "description": "", 98 | "helpText": "Retry all Workflow executions that have a start date on or before this date and have a \"Failed\" status.", 99 | "label": "End Date", 100 | "placeholder": "", 101 | "required": true 102 | }, 103 | "elementType": "DATE", 104 | "id": "553201486640", 105 | "key": "endDate", 106 | "validations": [ 107 | { 108 | "validationType": "DATE" 109 | }, 110 | { 111 | "validationType": "REQUIRED" 112 | } 113 | ] 114 | }, 115 | { 116 | "config": { 117 | "default": "", 118 | "description": "", 119 | "helpText": "Retry all Workflow executions that have a start time on or before this time and have a \"Failed\" status. You must use the following format: hh:mm:ss.", 120 | "label": "End Time", 121 | "placeholder": "13:16:24", 122 | "required": true 123 | }, 124 | "elementType": "TEXT", 125 | "id": "98892330667", 126 | "key": "endTime", 127 | "validations": [ 128 | { 129 | "config": { 130 | "message": "The time must be in the format hh:mm:ss (ex. 14:21:12)", 131 | "regex": "^[0-9]{2}:[0-9]{2}:[0-9]{2}$" 132 | }, 133 | "validationType": "REGEX" 134 | }, 135 | { 136 | "validationType": "REQUIRED" 137 | } 138 | ] 139 | } 140 | ], 141 | "label": "Retry Failed Workflows", 142 | "labelStyle": "h2", 143 | "showLabel": true 144 | }, 145 | "validations": [] 146 | } 147 | ], 148 | "formConditions": [] 149 | } -------------------------------------------------------------------------------- /workflows/retry-failed-workflows/RetryFailedWorkflowsRecursiveProcessor.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Retry Failed Workflows: Recursive Processor", 3 | "description": "Retry all failed workflow executions for the given workflowId and start/end date. This workflow uses recursion to ensure that all failed executions will be retried.", 4 | "definition": { 5 | "start": "HTTP Request", 6 | "steps": { 7 | "Compare Numbers": { 8 | "choiceList": [ 9 | { 10 | "comparator": "NumericGreaterThan", 11 | "nextStep": "Compare Timestamps 1", 12 | "variableA.$": "$.hTTPRequest.body.length()", 13 | "variableB": 100 14 | } 15 | ], 16 | "defaultStep": "Send Email", 17 | "description": "If there are more than 100 executions, then we need to invoke this workflow again to process the next batch of executions.", 18 | "displayName": "More than 100 executions?", 19 | "type": "choice" 20 | }, 21 | "Compare Timestamps 1": { 22 | "choiceList": [ 23 | { 24 | "comparator": "TimestampGreaterThanEquals", 25 | "nextStep": "HTTP Request 4", 26 | "variableA.$": "$.hTTPRequest.body[100].startTime", 27 | "variableB.$": "$.trigger.start" 28 | } 29 | ], 30 | "defaultStep": "Send Email", 31 | "description": "This is a safety check to make sure the next execution that needs to be executed is within the start/end time provided in the trigger input.", 32 | "displayName": "Execution 101 after start date?", 33 | "type": "choice" 34 | }, 35 | "End Step - Success 2": { 36 | "displayName": "", 37 | "type": "success" 38 | }, 39 | "HTTP Request": { 40 | "actionId": "sp:http", 41 | "attributes": { 42 | "authenticationType": "OAuth", 43 | "method": "get", 44 | "oAuthClientId": "", 45 | "oAuthClientSecret": "", 46 | "oAuthTokenUrl": "https://tenant.api.identitynow.com/oauth/token", 47 | "url": "https://tenant.api.identitynow.com/v3/workflows/{{$.trigger.workflowId}}/executions?filters=status%20eq%20\"Failed\"%20and%20start_time%20le%20\"{{$.trigger.end}}\"" 48 | }, 49 | "description": "Get all failed executions with a start time that is less than the end date.", 50 | "displayName": "Get Failed Executions", 51 | "nextStep": "Loop", 52 | "type": "action", 53 | "versionNumber": 2 54 | }, 55 | "HTTP Request 4": { 56 | "actionId": "sp:http", 57 | "attributes": { 58 | "authenticationType": "OAuth", 59 | "jsonRequestBody": { 60 | "email": "{{$.trigger.email}}", 61 | "end": "{{$.hTTPRequest.body[99].startTime}}", 62 | "start": "{{$.trigger.start}}", 63 | "workflowId": "{{$.trigger.workflowId}}" 64 | }, 65 | "method": "post", 66 | "oAuthClientId": "", 67 | "oAuthClientSecret": "", 68 | "oAuthTokenUrl": "https://tenant.api.identitynow.com/oauth/token", 69 | "requestContentType": "json", 70 | "url": "https://tenant.api.identitynow.com/beta/workflows/execute/external/ba067050-3a26-4bda-995d-55717da4ebeb" 71 | }, 72 | "description": "Invoke this workflow again with a modified end date that the same date as the last item processed in this invocation. This ensures the next iteration of this workflow will not process the same items again.", 73 | "displayName": "Process next 100", 74 | "nextStep": "End Step - Success 2", 75 | "type": "action", 76 | "versionNumber": 2 77 | }, 78 | "Loop": { 79 | "actionId": "sp:loop:iterator", 80 | "attributes": { 81 | "context.$": "$.trigger", 82 | "input.$": "$.hTTPRequest.body[:100]", 83 | "start": "Compare Timestamps", 84 | "steps": { 85 | "Compare Timestamps": { 86 | "choiceList": [ 87 | { 88 | "comparator": "TimestampGreaterThanEquals", 89 | "nextStep": "HTTP Request 2", 90 | "variableA.$": "$.loop.loopInput.startTime", 91 | "variableB.$": "$.loop.context.start" 92 | } 93 | ], 94 | "defaultStep": "End Step - Success", 95 | "description": "Make sure the execution's start date is on or after the start time provided in the trigger input. We don't want to retry failed workflows that are outside of the start/end time provided.", 96 | "displayName": "Is execution after start date", 97 | "type": "choice" 98 | }, 99 | "End Step - Success": { 100 | "displayName": "", 101 | "type": "success" 102 | }, 103 | "End Step - Success 1": { 104 | "displayName": "", 105 | "type": "success" 106 | }, 107 | "HTTP Request 1": { 108 | "actionId": "sp:http", 109 | "attributes": { 110 | "authenticationType": "OAuth", 111 | "jsonRequestBody.$": "$.hTTPRequest2.body[?(@.type == \"WorkflowExecutionStarted\")].attributes", 112 | "method": "post", 113 | "oAuthClientId": "", 114 | "oAuthClientSecret": "", 115 | "oAuthTokenUrl": "https://tenant.api.identitynow.com/oauth/token", 116 | "requestContentType": "json", 117 | "url": "https://tenant.api.identitynow.com/v3/workflows/{{$.loop.context.workflowId}}/test" 118 | }, 119 | "description": "Retry the failed workflow execution by executing the workflow test endpoint and providing the original input to the trigger.", 120 | "displayName": "Retry Failed Workflow", 121 | "nextStep": "End Step - Success 1", 122 | "type": "action", 123 | "versionNumber": 2 124 | }, 125 | "HTTP Request 2": { 126 | "actionId": "sp:http", 127 | "attributes": { 128 | "authenticationType": "OAuth", 129 | "method": "get", 130 | "oAuthClientId": "", 131 | "oAuthClientSecret": "", 132 | "oAuthTokenUrl": "https://tenant.api.identitynow.com/oauth/token", 133 | "url": "https://tenant.api.identitynow.com/v3/workflow-executions/{{$.loop.loopInput.id}}/history" 134 | }, 135 | "description": "Get the details of the individual execution, which will include the original input provided to the failed execution's trigger.", 136 | "displayName": "Get Execution Details", 137 | "nextStep": "HTTP Request 1", 138 | "type": "action", 139 | "versionNumber": 2 140 | } 141 | } 142 | }, 143 | "description": null, 144 | "displayName": "", 145 | "nextStep": "Compare Numbers", 146 | "type": "action", 147 | "versionNumber": 1 148 | }, 149 | "Send Email": { 150 | "actionId": "sp:send-email", 151 | "attributes": { 152 | "body": "Your request to retry failed workflows for workflow {{$.trigger.workflowId}} between the dates {{$.trigger.start}} and {{$.trigger.end}} has finished.", 153 | "context": {}, 154 | "recipientEmailList.$": "$.trigger.email", 155 | "subject": "Finished retrying failed workflows" 156 | }, 157 | "description": "If there are no more failed executions to process, notify the email address provided in the trigger input that the retry is complete.", 158 | "displayName": "Notify Form Submitter", 159 | "nextStep": "End Step - Success 2", 160 | "type": "action", 161 | "versionNumber": 2 162 | } 163 | } 164 | }, 165 | "trigger": { 166 | "type": "EXTERNAL", 167 | "attributes": { 168 | "clientId": "128f6d07-8b68-468c-be14-876648c2c12d", 169 | "description": "This trigger requires a workflowId, start, end, and email.", 170 | "url": "https://tenant.api.identitynow.com/beta/workflows/execute/external/ba067050-3a26-4bda-995d-55717da4ebeb" 171 | } 172 | } 173 | } -------------------------------------------------------------------------------- /workflows/temporary-admin-access/TemporaryAdminAccess20240305.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Temporary Admin Access", 3 | "description": "A workflow that will automatically handle the granting and revoking of admin privilege.", 4 | "definition": { 5 | "start": "Get Identity", 6 | "steps": { 7 | "Compare Strings": { 8 | "choiceList": [ 9 | { 10 | "comparator": "StringEquals", 11 | "nextStep": "HTTP Request", 12 | "variableA.$": "$.form1.formData.decision", 13 | "variableB": "Approve" 14 | } 15 | ], 16 | "defaultStep": "Send Email", 17 | "displayName": "Handle Approver's Decision", 18 | "type": "choice" 19 | }, 20 | "Compare Strings 1": { 21 | "choiceList": [ 22 | { 23 | "comparator": "StringEquals", 24 | "nextStep": "HTTP Request 1", 25 | "variableA.$": "$.hTTPRequest2.body.capabilities[0]", 26 | "variableB": "ORG_ADMIN" 27 | } 28 | ], 29 | "defaultStep": "Send Email 1", 30 | "displayName": "Check if ORG_ADMIN is first item", 31 | "type": "choice" 32 | }, 33 | "End Step - Success": { 34 | "displayName": "", 35 | "type": "success" 36 | }, 37 | "End Step - Success 1": { 38 | "displayName": "", 39 | "type": "success" 40 | }, 41 | "End Step - Success 2": { 42 | "displayName": "", 43 | "type": "success" 44 | }, 45 | "Form": { 46 | "actionId": "sp:forms", 47 | "attributes": { 48 | "deadline": "3d", 49 | "formDefinitionId": "", 50 | "notificationBody": "You have requested temporary admin privilege. Please complete this form to continue with the request.", 51 | "notificationSubject": "Additional information for Temporary Admin Access needed", 52 | "recipient.$": "$.trigger.requestedFor.id", 53 | "reminder": "2d" 54 | }, 55 | "displayName": "Send Form to Requester", 56 | "nextStep": "Form 1", 57 | "type": "action", 58 | "versionNumber": 1 59 | }, 60 | "Form 1": { 61 | "actionId": "sp:forms", 62 | "attributes": { 63 | "deadline": "3d", 64 | "formDefinitionId": "", 65 | "inputForForm_desiredExpirationDate.$": "$.form.formData.removeDate", 66 | "inputForForm_reasonForAccess.$": "$.form.formData.reasonForAccess", 67 | "inputForForm_requesterName.$": "$.trigger.requestedFor.name", 68 | "inputForForm_userLevel": "ORG_ADMIN", 69 | "notificationBody": "A user has requested elevated admin permissions. Please approve or deny by submitting this form.", 70 | "notificationSubject": "Request for admin permissions", 71 | "recipient": "", 72 | "reminder": "2d" 73 | }, 74 | "displayName": "Send Form to Approver", 75 | "nextStep": "Compare Strings", 76 | "type": "action", 77 | "versionNumber": 1 78 | }, 79 | "Get Identity": { 80 | "actionId": "sp:get-identity", 81 | "attributes": { 82 | "id.$": "$.trigger.requestedFor.id" 83 | }, 84 | "description": "", 85 | "displayName": "Get Requester's Email", 86 | "nextStep": "Form", 87 | "type": "action", 88 | "versionNumber": 2 89 | }, 90 | "HTTP Request": { 91 | "actionId": "sp:http", 92 | "attributes": { 93 | "authenticationType": "OAuth", 94 | "jsonPatchRequestBody": [ 95 | { 96 | "op": "add", 97 | "path": "/capabilities/0", 98 | "value": "ORG_ADMIN" 99 | } 100 | ], 101 | "method": "patch", 102 | "oAuthClientId": "", 103 | "oAuthClientSecret": "", 104 | "oAuthCredentialLocation": "oAuthInHeader", 105 | "oAuthTokenUrl": "https://tenant.api.identitynow.com/oauth/token", 106 | "requestContentType": "json-patch+json", 107 | "url": "https://tenant.api.identitynow.com/v3/auth-users/{{$.trigger.requestedFor.id}}" 108 | }, 109 | "displayName": "Grant Access", 110 | "nextStep": "Wait", 111 | "type": "action", 112 | "versionNumber": 2 113 | }, 114 | "HTTP Request 1": { 115 | "actionId": "sp:http", 116 | "attributes": { 117 | "authenticationType": "OAuth", 118 | "jsonPatchRequestBody": [ 119 | { 120 | "op": "remove", 121 | "path": "/capabilities/0" 122 | } 123 | ], 124 | "method": "patch", 125 | "oAuthClientId": "", 126 | "oAuthClientSecret": "", 127 | "oAuthCredentialLocation": "oAuthInHeader", 128 | "oAuthTokenUrl": "https://tenant.api.identitynow.com/oauth/token", 129 | "requestContentType": "json-patch+json", 130 | "url": "https://tenant.api.identitynow.com/v3/auth-users/{{$.trigger.requestedFor.id}}" 131 | }, 132 | "displayName": "Remove Access", 133 | "nextStep": "Send Email 2", 134 | "type": "action", 135 | "versionNumber": 2 136 | }, 137 | "HTTP Request 2": { 138 | "actionId": "sp:http", 139 | "attributes": { 140 | "authenticationType": "OAuth", 141 | "method": "get", 142 | "oAuthClientId": "", 143 | "oAuthClientSecret": "", 144 | "oAuthCredentialLocation": "oAuthInHeader", 145 | "oAuthTokenUrl": "https://tenant.api.identitynow.com/oauth/token", 146 | "url": "https://tenant.api.identitynow.com/v3/auth-users/{{$.trigger.requestedFor.id}}" 147 | }, 148 | "displayName": "Get Current Access", 149 | "nextStep": "Compare Strings 1", 150 | "type": "action", 151 | "versionNumber": 2 152 | }, 153 | "Send Email": { 154 | "actionId": "sp:send-email", 155 | "attributes": { 156 | "body": "John Doe denied your request for temporary admin permissions with the following comments.

\n\n{{$.form1.formData.comments}}", 157 | "context": {}, 158 | "recipientEmailList.$": "$.getIdentity.attributes.email", 159 | "subject": "Your temporary admin access was denied" 160 | }, 161 | "displayName": "", 162 | "nextStep": "End Step - Success 2", 163 | "type": "action", 164 | "versionNumber": 2 165 | }, 166 | "Send Email 1": { 167 | "actionId": "sp:send-email", 168 | "attributes": { 169 | "body": "The user {{$.trigger.requestedFor.name}} no longer needs \"ORG_ADMIN\" access, but the automation was unable to remove it automatically. Please manually remove their admin permissions.", 170 | "context": {}, 171 | "recipientEmailList": [], 172 | "subject": "Manually revoke temporary admin permissions" 173 | }, 174 | "description": "As an admin to manually remove the admin permissions for the user.", 175 | "displayName": "", 176 | "nextStep": "End Step - Success", 177 | "type": "action", 178 | "versionNumber": 2 179 | }, 180 | "Send Email 2": { 181 | "actionId": "sp:send-email", 182 | "attributes": { 183 | "body": "Your temporary admin permissions have expired and been revoked.", 184 | "context": {}, 185 | "recipientEmailList.$": "$.getIdentity.attributes.email", 186 | "subject": "Your Admin access has expired" 187 | }, 188 | "description": "Inform the user that their access has expired.", 189 | "displayName": "", 190 | "nextStep": "End Step - Success 1", 191 | "type": "action", 192 | "versionNumber": 2 193 | }, 194 | "Wait": { 195 | "actionId": "sp:sleep", 196 | "attributes": { 197 | "date.$": "$.form.formData.removeDate", 198 | "time": "1969-12-31T05:00:00.000Z", 199 | "type": "waitUntil" 200 | }, 201 | "displayName": "Wait for remove date", 202 | "nextStep": "HTTP Request 2", 203 | "type": "action", 204 | "versionNumber": 1 205 | } 206 | } 207 | }, 208 | "trigger": { 209 | "type": "EVENT", 210 | "attributes": { 211 | "filter.$": "$.requestedItemsStatus[?(@.name == \"Temporary Admin Access\")]", 212 | "id": "idn:access-request-post-approval" 213 | } 214 | } 215 | } -------------------------------------------------------------------------------- /workflows/manage-service-now-ticket/ManageServiceNowTicketwithHTTPRequestinWorkflows.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Manage Service Now Ticket with HTTP Request in Workflows", 3 | "description": "Manage Service Now Ticket with HTTP Request in Workflows", 4 | "definition": { 5 | "start": "Get Identity", 6 | "steps": { 7 | "Compare Numbers": { 8 | "choiceList": [ 9 | { 10 | "comparator": "NumericEquals", 11 | "nextStep": "Send Email", 12 | "variableA.$": "$.hTTPRequest1.statusCode", 13 | "variableB": 201 14 | } 15 | ], 16 | "defaultStep": "End Step — Failure", 17 | "description": "Check if Status Code of HTTP Response is 201", 18 | "type": "choice" 19 | }, 20 | "Compare Strings": { 21 | "choiceList": [ 22 | { 23 | "comparator": "StringEquals", 24 | "nextStep": "Send Email 1", 25 | "variableA.$": "$.hTTPRequest3.body.result[0].state", 26 | "variableB": "7" 27 | } 28 | ], 29 | "defaultStep": "End Step — Failure 1", 30 | "description": "Check Incident State = 7 (Closed)", 31 | "type": "choice" 32 | }, 33 | "Define Variable": { 34 | "attributes": { 35 | "variables": [ 36 | { 37 | "name": "dueDate", 38 | "transforms": [ 39 | { 40 | "id": "sp:transform:addTime:time", 41 | "input": { 42 | "length": 7, 43 | "type": [ 44 | "string" 45 | ], 46 | "unit": "days" 47 | } 48 | } 49 | ], 50 | "variableA.$": "$.now()" 51 | } 52 | ] 53 | }, 54 | "description": "Due Date variable = 7 days from today", 55 | "nextStep": "HTTP Request", 56 | "type": "Mutation" 57 | }, 58 | "End Step — Failure": { 59 | "description": "HTTP Request for Incident Creation in Service Now failed", 60 | "failureName": "HTTP Request Failed", 61 | "type": "failure" 62 | }, 63 | "End Step — Failure 1": { 64 | "description": "Unable to get Service Now Incident Status", 65 | "failureName": "HTTP Request for Service Now Incident Status Failed", 66 | "type": "failure" 67 | }, 68 | "End Step — Success": { 69 | "description": "Request Success", 70 | "type": "success" 71 | }, 72 | "Get Identity": { 73 | "actionId": "sp:get-identity", 74 | "attributes": { 75 | "id.$": "$.trigger.attributes.manager.id" 76 | }, 77 | "description": "Get User's Manager", 78 | "nextStep": "Define Variable", 79 | "type": "action", 80 | "versionNumber": 2 81 | }, 82 | "HTTP Request": { 83 | "actionId": "sp:http", 84 | "attributes": { 85 | "authenticationType": null, 86 | "formRequestBody": { 87 | "client_id": "413cf312d5732110af9dcae24a373414", 88 | "client_secret": "xxx", 89 | "grant_type": "password", 90 | "password": "xxx", 91 | "username": "admin" 92 | }, 93 | "method": "post", 94 | "requestContentType": "form", 95 | "requestHeaders": null, 96 | "url": "https://tenant.service-now.com/oauth_token.do" 97 | }, 98 | "description": "Get Service Now Access Token", 99 | "nextStep": "HTTP Request 1", 100 | "type": "action", 101 | "versionNumber": 2 102 | }, 103 | "HTTP Request 1": { 104 | "actionId": "sp:http", 105 | "attributes": { 106 | "jsonRequestBody": { 107 | "caller_id": "admin", 108 | "comments": "This incident was created from Sailpoint IDN Custom Workflow for user {{$.trigger.identity.name}}. Please provision this user to XYZ systems. Thank you.", 109 | "description": "Please Create Accounts for the new user provisioned in XYZ system", 110 | "due_date": "{{$.defineVariable.dueDate}}", 111 | "short_description": "New User {{$.trigger.identity.name}} created in Sailpoint IDN", 112 | "urgency": "3" 113 | }, 114 | "method": "post", 115 | "requestContentType": "json", 116 | "requestHeaders": { 117 | "Authorization": "Bearer {{$.hTTPRequest.body.access_token}}" 118 | }, 119 | "url": "https://tenant.service-now.com/api/now/v1/table/incident" 120 | }, 121 | "description": "Create a Service Now Incident using access token obtained in previous request", 122 | "nextStep": "Wait", 123 | "type": "action", 124 | "versionNumber": 2 125 | }, 126 | "HTTP Request 2": { 127 | "actionId": "sp:http", 128 | "attributes": { 129 | "authenticationType": null, 130 | "formRequestBody": { 131 | "client_id": "413cf312d5732110af9dcae24a373414", 132 | "client_secret": "xxx", 133 | "grant_type": "password", 134 | "password": "xxx", 135 | "username": "admin" 136 | }, 137 | "method": "post", 138 | "requestContentType": "form", 139 | "requestHeaders": null, 140 | "url": "https://tenant.service-now.com/oauth_token.do" 141 | }, 142 | "description": "Connect to Service Now and get Access Token", 143 | "nextStep": "HTTP Request 3", 144 | "type": "action", 145 | "versionNumber": 2 146 | }, 147 | "HTTP Request 3": { 148 | "actionId": "sp:http", 149 | "attributes": { 150 | "authenticationType": null, 151 | "jsonRequestBody": null, 152 | "method": "get", 153 | "requestContentType": "json", 154 | "requestHeaders": { 155 | "Authorization": "Bearer {{$.hTTPRequest2.body.access_token}}" 156 | }, 157 | "url": "https://tenant.service-now.com/api/now/v1/table/incident", 158 | "urlParams": { 159 | "number": "{{$.hTTPRequest1.body.result.task_effective_number}}" 160 | } 161 | }, 162 | "description": "Check Service Now Incident Status", 163 | "nextStep": "Compare Strings", 164 | "type": "action", 165 | "versionNumber": 2 166 | }, 167 | "Send Email": { 168 | "actionId": "sp:send-email", 169 | "attributes": { 170 | "body": "Hi,

\nService Now Incident for identity ${displayName} has been created successfully. \n

\nThe Incident Number is ${incNumber}.\n

\nThanks,
\nYour IAM Team", 171 | "context": { 172 | "displayName.$": "$.trigger.identity.name", 173 | "incNumber.$": "$.hTTPRequest1.body.result.task_effective_number" 174 | }, 175 | "recipientEmailList.$": "$.getIdentity.attributes.email", 176 | "subject": "Service Now Incident {{$.hTTPRequest1.body.result.task_effective_number}} Created" 177 | }, 178 | "description": "Notify Manager about the Service Now Incident Creation", 179 | "nextStep": "Wait 1", 180 | "type": "action", 181 | "versionNumber": 2 182 | }, 183 | "Send Email 1": { 184 | "actionId": "sp:send-email", 185 | "attributes": { 186 | "body": "Service Now Incident ${incNumber} for user ${displayName} is now Closed.\n

\nPlease note that XYZ system provisioning for new user is now complete.\n

\nThanks,
\nIAM Team", 187 | "context": { 188 | "displayName.$": "$.trigger.identity.name", 189 | "incNumber.$": "$.hTTPRequest1.body.result.number" 190 | }, 191 | "recipientEmailList.$": "$.getIdentity.attributes.email", 192 | "subject": "Service Now Ticket Closed" 193 | }, 194 | "description": "Notify Manager of Service Now Incident Completion", 195 | "nextStep": "End Step — Success", 196 | "type": "action", 197 | "versionNumber": 2 198 | }, 199 | "Wait": { 200 | "actionId": "sp:sleep", 201 | "attributes": { 202 | "duration": "10m", 203 | "type": "waitFor" 204 | }, 205 | "description": "Wait for Incident to be created in Service Now", 206 | "nextStep": "Compare Numbers", 207 | "type": "action", 208 | "versionNumber": 1 209 | }, 210 | "Wait 1": { 211 | "actionId": "sp:sleep", 212 | "attributes": { 213 | "duration": "7d", 214 | "type": "waitFor" 215 | }, 216 | "description": "Wait for few days to check Ticket Status", 217 | "nextStep": "HTTP Request 2", 218 | "type": "action", 219 | "versionNumber": 1 220 | } 221 | } 222 | }, 223 | "trigger": { 224 | "type": "EVENT", 225 | "attributes": { 226 | "description": "New Identity Created in IDN", 227 | "id": "idn:identity-created" 228 | } 229 | } 230 | } -------------------------------------------------------------------------------- /workflows/manage-service-now-ticket/ManageServiceNowTicketwithWorkflows.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Manage Service Now Ticket with Workflows", 3 | "description": "Manage Service Now Ticket with Workflows", 4 | "definition": { 5 | "start": "Get Identity", 6 | "steps": { 7 | "Compare Numbers": { 8 | "choiceList": [ 9 | { 10 | "comparator": "NumericEquals", 11 | "nextStep": "Send Email", 12 | "variableA.$": "$.manageServiceNowTicket.statusCode", 13 | "variableB": 201 14 | } 15 | ], 16 | "defaultStep": "Send Email 3", 17 | "description": "Check Manage Service Now Ticket action completed successfully", 18 | "type": "choice" 19 | }, 20 | "Compare Strings": { 21 | "choiceList": [ 22 | { 23 | "comparator": "StringEquals", 24 | "nextStep": "Send Email 1", 25 | "variableA.$": "$.manageServiceNowTicket1.body.result[?(@.task_effective_number=='{{$.manageServiceNowTicket.body.result.task_effective_number}}')].request_state", 26 | "variableB": "closed_complete" 27 | } 28 | ], 29 | "defaultStep": "Send Email 2", 30 | "description": null, 31 | "type": "choice" 32 | }, 33 | "Define Variable": { 34 | "attributes": { 35 | "variables": [ 36 | { 37 | "name": "ticketDueDate", 38 | "transforms": [ 39 | { 40 | "id": "sp:transform:addTime:time", 41 | "input": { 42 | "length": 7, 43 | "type": [ 44 | "string" 45 | ], 46 | "unit": "days" 47 | } 48 | } 49 | ], 50 | "variableA.$": "$.now()" 51 | } 52 | ] 53 | }, 54 | "description": "Due Date variable = 7 days from today", 55 | "nextStep": "Define Variable 1", 56 | "type": "Mutation" 57 | }, 58 | "Define Variable 1": { 59 | "attributes": { 60 | "variables": [ 61 | { 62 | "name": "dueDate", 63 | "transforms": [ 64 | { 65 | "id": "sp:transform:substring:string", 66 | "input": { 67 | "length": 10, 68 | "start": null, 69 | "type": [ 70 | "string" 71 | ] 72 | } 73 | } 74 | ], 75 | "variableA.$": "$.defineVariable.ticketDueDate" 76 | } 77 | ] 78 | }, 79 | "description": "Due Date variable = 7 days from today", 80 | "nextStep": "Manage ServiceNow Ticket", 81 | "type": "Mutation" 82 | }, 83 | "End Step — Success": { 84 | "description": "Request Success", 85 | "type": "success" 86 | }, 87 | "End Step — Success 1": { 88 | "type": "success" 89 | }, 90 | "End Step — Success 2": { 91 | "type": "success" 92 | }, 93 | "Get Identity": { 94 | "actionId": "sp:get-identity", 95 | "attributes": { 96 | "id.$": "$.trigger.attributes.manager.id" 97 | }, 98 | "description": "Get User's Manager", 99 | "nextStep": "Define Variable", 100 | "type": "action", 101 | "versionNumber": 2 102 | }, 103 | "Manage ServiceNow Ticket": { 104 | "actionId": "sp:snow", 105 | "attributes": { 106 | "action": "create", 107 | "authenticationType": "basic", 108 | "basicAuthPassword": "", 109 | "basicAuthUserName": "admin", 110 | "caller": "admin", 111 | "customFields": "assignment_group:Hardware\ndue_date:{{$.defineVariable1.dueDate}}\ncomments:New Ticket for provisioning user Hardware", 112 | "description": "Please provision Hardware for the user with Employee Number - {{$.trigger.attributes.identificationNumber}}", 113 | "shortDescription": "New User {{$.trigger.identity.name}} created in Sailpoint IDN", 114 | "urgency": "2", 115 | "url": "https://tenant.service-now.com/api/now/v1/table/sc_request", 116 | "watchlist": "admin" 117 | }, 118 | "description": "Create Service Now Ticket", 119 | "nextStep": "Wait", 120 | "type": "action", 121 | "versionNumber": 1 122 | }, 123 | "Manage ServiceNow Ticket 1": { 124 | "actionId": "sp:snow", 125 | "attributes": { 126 | "action": "get", 127 | "authenticationType": "basic", 128 | "basicAuthPassword": "", 129 | "basicAuthUserName": "admin", 130 | "ticket": "{{$.manageServiceNowTicket.body.result.task_effective_number}}", 131 | "url": "https://tenant.service-now.com/api/now/v1/table/sc_request?sysparm_query=" 132 | }, 133 | "description": "Check Ticket Status", 134 | "nextStep": "Compare Strings", 135 | "type": "action", 136 | "versionNumber": 1 137 | }, 138 | "Send Email": { 139 | "actionId": "sp:send-email", 140 | "attributes": { 141 | "body": "Hi,

\nService Now Ticket for user ${displayName} has been created successfully. \n

\nThe Ticket Number is ${ticketNumber}.\n

\nThanks,
\nYour IAM Team", 142 | "context": { 143 | "displayName.$": "$.trigger.identity.name", 144 | "ticketNumber.$": "$.manageServiceNowTicket.body.result.task_effective_number" 145 | }, 146 | "recipientEmailList.$": "$.getIdentity.attributes.email", 147 | "subject": "Service Now Ticket {{$.manageServiceNowTicket.body.result.task_effective_number}} Created" 148 | }, 149 | "description": "Notify Manager about Service Now Ticket Creation", 150 | "nextStep": "Wait 1", 151 | "type": "action", 152 | "versionNumber": 2 153 | }, 154 | "Send Email 1": { 155 | "actionId": "sp:send-email", 156 | "attributes": { 157 | "body": "Service Now Ticket ${ticketNumber} for user ${displayName} is now Closed.\n

\nPlease note that Hardware provisioning for new user is now complete.\n

\nThanks,
\nIAM Team", 158 | "context": { 159 | "displayName.$": "$.trigger.identity.name", 160 | "ticketNumber.$": "$.manageServiceNowTicket.body.result.task_effective_number" 161 | }, 162 | "recipientEmailList.$": "$.getIdentity.attributes.email", 163 | "subject": "Service Now Ticket {{$.manageServiceNowTicket.body.result.task_effective_number}} Closed" 164 | }, 165 | "description": "Notify Manager of Service Now Ticket Completetion", 166 | "nextStep": "End Step — Success", 167 | "type": "action", 168 | "versionNumber": 2 169 | }, 170 | "Send Email 2": { 171 | "actionId": "sp:send-email", 172 | "attributes": { 173 | "body": "Hi,

\nService Now Ticket ${ticketNumber} for user ${displayName} is ${status}.\n

\nPlease check with Hardware Team if provisioning is completed.

\nThanks,
\nYour IAM Team", 174 | "context": { 175 | "displayName.$": "$.trigger.identity.name", 176 | "status.$": "$.manageServiceNowTicket1.body.result[?(@.task_effective_number=='{{$.manageServiceNowTicket.body.result.task_effective_number}}')].request_state", 177 | "ticketNumber.$": "$.manageServiceNowTicket.body.result.task_effective_number" 178 | }, 179 | "recipientEmailList.$": "$.getIdentity.attributes.email", 180 | "subject": "Service Now Ticket {{$.manageServiceNowTicket.body.result.task_effective_number}} Status" 181 | }, 182 | "description": "Notify Manager about Service Now Ticket Status", 183 | "nextStep": "End Step — Success 2", 184 | "type": "action", 185 | "versionNumber": 2 186 | }, 187 | "Send Email 3": { 188 | "actionId": "sp:send-email", 189 | "attributes": { 190 | "body": "Hi,

\nService Now Ticket creation for user ${displayName} has failed. \n

\nPlease create provisioning request with Hardware Team from Service Now.\n

\nThanks,
\nYour IAM Team", 191 | "context": { 192 | "displayName.$": "$.trigger.identity.name" 193 | }, 194 | "recipientEmailList.$": "$.getIdentity.attributes.email", 195 | "subject": "Service Now Ticket Creation Failure" 196 | }, 197 | "description": "Notify Manager about Service Now Ticket Creation Failure", 198 | "nextStep": "End Step — Success 1", 199 | "type": "action", 200 | "versionNumber": 2 201 | }, 202 | "Wait": { 203 | "actionId": "sp:sleep", 204 | "attributes": { 205 | "duration": "10m", 206 | "type": "waitFor" 207 | }, 208 | "description": "Wait for Service Now Ticket Creation", 209 | "nextStep": "Compare Numbers", 210 | "type": "action", 211 | "versionNumber": 1 212 | }, 213 | "Wait 1": { 214 | "actionId": "sp:sleep", 215 | "attributes": { 216 | "duration": "7d", 217 | "type": "waitFor" 218 | }, 219 | "description": "Wait for a few days to check Ticket Status", 220 | "nextStep": "Manage ServiceNow Ticket 1", 221 | "type": "action", 222 | "versionNumber": 1 223 | } 224 | } 225 | }, 226 | "trigger": { 227 | "type": "EVENT", 228 | "attributes": { 229 | "description": "New Identity Created in IDN", 230 | "id": "idn:identity-created" 231 | } 232 | } 233 | } -------------------------------------------------------------------------------- /workflows/delayed-deprovisioning-of-birthright-role-on-mover/Workflow-Delayed Birthright Role DeProvisioning on Transfer.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "aa11bff0-a1fa-4a65-a48d-5cd061898945", 3 | "name": "Delayed Birthright Role DeProvisioning on Transfer ", 4 | "description": "", 5 | "definition": { 6 | "start": "Get Identity History Snapshots", 7 | "steps": { 8 | "Any Removed Roles?": { 9 | "choiceList": [ 10 | { 11 | "comparator": "IsPresent", 12 | "nextStep": "Get Identity", 13 | "variableA.$": "$.getRemovedRoles.body[0].id" 14 | } 15 | ], 16 | "defaultStep": "End Step - No Extenstions Success", 17 | "type": "choice" 18 | }, 19 | "End Step - No Extenstions Success": { 20 | "displayName": "", 21 | "type": "success" 22 | }, 23 | "End Step - Success": { 24 | "displayName": "", 25 | "type": "success" 26 | }, 27 | "Extended Roles?": { 28 | "choiceList": [ 29 | { 30 | "comparator": "IsPresent", 31 | "nextStep": "Get Access", 32 | "variableA.$": "$.form.formData.numberOfDays" 33 | } 34 | ], 35 | "defaultStep": "End Step - No Extenstions Success", 36 | "type": "choice" 37 | }, 38 | "Form": { 39 | "actionId": "sp:forms", 40 | "attributes": { 41 | "deadline": "2d", 42 | "formDefinitionId": "3fcea1cb-fcfb-4e64-910f-16d365b26e84", 43 | "inputForForm_array_lostRoles.$": "$.getRemovedRoles.body", 44 | "inputForForm_array_lostRoles_label": "$.displayName", 45 | "inputForForm_array_lostRoles_value": "$.id", 46 | "inputForForm_currentTitle.$": "$.trigger.changes[?(@.attribute==\"jobTitle\")].newValue", 47 | "inputForForm_idenitityname.$": "$.trigger.identity.name", 48 | "inputForForm_identityId.$": "$.getIdentity.id", 49 | "inputForForm_previousTitle.$": "$.trigger.changes[?(@.attribute==\"jobTitle\")].oldValue", 50 | "notificationBody": "

{{$.getIdentity.managerRef.name}},

\n\n

Your direct report, {{$.getIdentity.name}} has had a job title or department change.

\n\n

Old Value(s):
{{$.trigger.changes[?(@.attribute == \"jobTitle\" || @.attribute == \"department\")].oldValue}}

\n\n

New Value(s):
{{$.trigger.changes[?(@.attribute == \"jobTitle\" || @.attribute == \"department\")].newValue}}

\n\nPlease use the form linked below to optionally extend their previous role access.", 51 | "notificationSubject": "Job Change Staggered De-provisioning Option", 52 | "recipient.$": "$.getIdentity.managerRef.id", 53 | "reminder": "1d" 54 | }, 55 | "nextStep": "Extended Roles?", 56 | "type": "action", 57 | "versionNumber": 1 58 | }, 59 | "Get Access": { 60 | "actionId": "sp:access:get", 61 | "attributes": { 62 | "accessprofiles": false, 63 | "entitlements": false, 64 | "getAccessBy": "searchQuery", 65 | "query": "id: (\"{{$.form.formData.extendRoles[0]}}\", \"{{$.form.formData.extendRoles[1]}}\", \"{{$.form.formData.extendRoles[2]}}\", \"{{$.form.formData.extendRoles[3]}}\", \"{{$.form.formData.extendRoles[4]}}\", \"{{$.form.formData.extendRoles[5]}}\",\"{{$.form.formData.extendRoles[6]}}\",\"{{$.form.formData.extendRoles[7]}}\",\"{{$.form.formData.extendRoles[8]}}\",\"{{$.form.formData.extendRoles[9]}}\")", 66 | "roles": true 67 | }, 68 | "displayName": "", 69 | "nextStep": "Send Email 1", 70 | "type": "action", 71 | "versionNumber": 1 72 | }, 73 | "Get Identity": { 74 | "actionId": "sp:get-identity", 75 | "attributes": { 76 | "id.$": "$.trigger.identity.id" 77 | }, 78 | "nextStep": "Form", 79 | "type": "action", 80 | "versionNumber": 2 81 | }, 82 | "Get Identity History Snapshots": { 83 | "actionId": "sp:http", 84 | "attributes": { 85 | "authenticationType": "OAuth", 86 | "method": "get", 87 | "oAuthClientId": "%%OAUTH_CLIENT_ID%%", 88 | "oAuthClientSecret": null, 89 | "oAuthCredentialLocation": "oAuthInHeader", 90 | "oAuthTokenUrl": "%%API_URL%%/oauth/token", 91 | "url": "%%API_URL%%/beta/historical-identities/{{$.trigger.identity.id}}/snapshots", 92 | "urlParams": { 93 | "limit": "2" 94 | } 95 | }, 96 | "nextStep": "Get Removed Roles", 97 | "type": "action", 98 | "versionNumber": 2 99 | }, 100 | "Get Removed Roles": { 101 | "actionId": "sp:http", 102 | "attributes": { 103 | "authenticationType": "OAuth", 104 | "method": "get", 105 | "oAuthClientId": "%%OAUTH_CLIENT_ID%%", 106 | "oAuthClientSecret": null, 107 | "oAuthCredentialLocation": "oAuthInHeader", 108 | "oAuthTokenUrl": "%%API_URL%%/oauth/token", 109 | "url": "%%API_URL%%/beta/historical-identities/{{$.trigger.identity.id}}/compare/role?access-associated=false&snapshot1={{$.getIdentityHistorySnapshots.body[1].snapshot}}&snapshot2={{$.getIdentityHistorySnapshots.body[0].snapshot}}", 110 | "urlParams": null 111 | }, 112 | "nextStep": "Any Removed Roles?", 113 | "type": "action", 114 | "versionNumber": 2 115 | }, 116 | "Loop": { 117 | "actionId": "sp:loop:iterator", 118 | "attributes": { 119 | "context.$": "$.form.formData", 120 | "input.$": "$.getAccess.accessItems", 121 | "start": "Make Role Requestable", 122 | "steps": { 123 | "Define Days Variable": { 124 | "attributes": { 125 | "id": "sp:define-variable", 126 | "variables": [ 127 | { 128 | "description": "", 129 | "name": "Number of Days", 130 | "transforms": [ 131 | { 132 | "id": "sp:transform:concatenate:string", 133 | "input": { 134 | "variableB": "d" 135 | } 136 | } 137 | ], 138 | "variableA.$": "$.loop.context.numberOfDays" 139 | } 140 | ] 141 | }, 142 | "nextStep": "Get Access to Extend", 143 | "type": "Mutation" 144 | }, 145 | "End Step — Loop Success": { 146 | "description": "No Failed Access Requests Present in the response.", 147 | "type": "success" 148 | }, 149 | "Extend Access": { 150 | "actionId": "sp:access:manage", 151 | "attributes": { 152 | "addIdentities.$": "$.loop.context.identityId", 153 | "comments": "Access To Old Role Is being Extended for {{$.loop.context.numberOfDays}} Days", 154 | "removeDuration.$": "$.defineDaysVariable.numberOfDays", 155 | "removeIdentity.$": "$.trigger.identity.id", 156 | "requestType": "GRANT_ACCESS", 157 | "requestedItems.$": "$.getAccessToExtend.accessItems[*]" 158 | }, 159 | "displayName": "", 160 | "nextStep": "Make Role Unrequestable", 161 | "type": "action", 162 | "versionNumber": 1 163 | }, 164 | "Get Access to Extend": { 165 | "actionId": "sp:access:get", 166 | "attributes": { 167 | "accessprofiles": false, 168 | "entitlements": false, 169 | "getAccessBy": "searchQuery", 170 | "query": "id: {{$.loop.loopInput.id}}", 171 | "roles": true 172 | }, 173 | "nextStep": "Extend Access", 174 | "type": "action", 175 | "versionNumber": 1 176 | }, 177 | "Make Role Requestable": { 178 | "actionId": "sp:http", 179 | "attributes": { 180 | "authenticationType": "OAuth", 181 | "jsonPatchRequestBody": [ 182 | { 183 | "op": "replace", 184 | "path": "/requestable", 185 | "value": true 186 | } 187 | ], 188 | "method": "patch", 189 | "oAuthClientId": "%%OAUTH_CLIENT_ID%%", 190 | "oAuthClientSecret": null, 191 | "oAuthCredentialLocation": "oAuthInHeader", 192 | "oAuthTokenUrl": "%%API_URL%%/oauth/token", 193 | "requestContentType": "json-patch+json", 194 | "url": "%%API_URL%%/beta/roles/{{$.loop.loopInput.id}}", 195 | "urlParams": null 196 | }, 197 | "displayName": "", 198 | "nextStep": "Define Days Variable", 199 | "type": "action", 200 | "versionNumber": 2 201 | }, 202 | "Make Role Unrequestable": { 203 | "actionId": "sp:http", 204 | "attributes": { 205 | "authenticationType": "OAuth", 206 | "jsonPatchRequestBody": [ 207 | { 208 | "op": "replace", 209 | "path": "/requestable", 210 | "value": false 211 | } 212 | ], 213 | "method": "patch", 214 | "oAuthClientId": "%%OAUTH_CLIENT_ID%%", 215 | "oAuthClientSecret": null, 216 | "oAuthCredentialLocation": "oAuthInHeader", 217 | "oAuthTokenUrl": "%%API_URL%%/oauth/token", 218 | "requestContentType": "json-patch+json", 219 | "url": "%%API_URL%%/beta/roles/{{$.loop.loopInput.id}}", 220 | "urlParams": null 221 | }, 222 | "displayName": "", 223 | "nextStep": "Verify Data Type", 224 | "type": "action", 225 | "versionNumber": 2 226 | }, 227 | "Send Email": { 228 | "actionId": "sp:send-email", 229 | "attributes": { 230 | "body": "$.extendAccess.failedAccessRequests", 231 | "context": {}, 232 | "recipientEmailList": [ 233 | "%%ADMIN_EMAIL%%" 234 | ], 235 | "subject": "Failed Role Extension" 236 | }, 237 | "displayName": "", 238 | "nextStep": "End Step — Loop Success", 239 | "type": "action", 240 | "versionNumber": 2 241 | }, 242 | "Verify Data Type": { 243 | "choiceList": [ 244 | { 245 | "comparator": "IsPresent", 246 | "nextStep": "Send Email", 247 | "variableA.$": "$.extendAccess.failedAccessRequests" 248 | } 249 | ], 250 | "defaultStep": "End Step — Loop Success", 251 | "description": null, 252 | "type": "choice" 253 | } 254 | } 255 | }, 256 | "description": null, 257 | "displayName": "", 258 | "nextStep": "End Step - Success", 259 | "type": "action", 260 | "versionNumber": 1 261 | }, 262 | "Send Email 1": { 263 | "actionId": "sp:send-email", 264 | "attributes": { 265 | "body": "

Hello {{$.getIdentity.attributes.firstname}},

\n\n

Your manager, {{$.getIdentity.managerRef.name}}, has approved an extension of the access roles listed below for a period of {{$.form.formData.numberOfDays}} days, to allow you to complete any lingering deliverables.

The following roles have been extended:

{{$.getAccess.accessItems[*].name}}.

", 266 | "context": {}, 267 | "from": "IdentitySecurityCloudAdministration@sailpoint.com", 268 | "recipientEmailList.$": "$.getIdentity.emailAddress", 269 | "replyTo.$": "", 270 | "subject": "Extended Role(s) have been approved." 271 | }, 272 | "displayName": "", 273 | "nextStep": "Loop", 274 | "type": "action", 275 | "versionNumber": 2 276 | } 277 | } 278 | }, 279 | "enabled": true, 280 | "executionCount": 6, 281 | "failureCount": 1, 282 | "trigger": { 283 | "type": "EVENT", 284 | "attributes": { 285 | "filter.$": "$.changes[?(@.attribute == \"jobTitle\" || @.attribute == \"department\")]", 286 | "id": "idn:identity-attributes-changed" 287 | } 288 | } 289 | } -------------------------------------------------------------------------------- /workflows/delayed-deprovisioning-of-birthright-role-on-mover/Form - Delayed Birthright Role DeProvisioning.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "version": 1, 4 | "self": { 5 | "type": "FORM_DEFINITION", 6 | "id": "3fcea1cb-fcfb-4e64-910f-16d365b26e84", 7 | "name": "Delayed Birthright Role Deprovisioning" 8 | }, 9 | "object": { 10 | "id": "3fcea1cb-fcfb-4e64-910f-16d365b26e84", 11 | "name": "Delayed Birthright Role Deprovisioning", 12 | "description": "", 13 | "owner": { 14 | "type": "IDENTITY", 15 | "id": "28d0d82df7514dcf874030ce084a3668", 16 | "name": "" 17 | }, 18 | "usedBy": [], 19 | "formInput": [ 20 | { 21 | "id": "currentTitle", 22 | "type": "STRING", 23 | "label": "Current Title", 24 | "description": "" 25 | }, 26 | { 27 | "id": "idenitityname", 28 | "type": "STRING", 29 | "label": "IdenitityName", 30 | "description": "" 31 | }, 32 | { 33 | "id": "previousTitle", 34 | "type": "STRING", 35 | "label": "Previous Title", 36 | "description": "" 37 | }, 38 | { 39 | "id": "lostRoles", 40 | "type": "ARRAY", 41 | "label": "Lost Roles", 42 | "description": "" 43 | }, 44 | { 45 | "id": "identityId", 46 | "type": "STRING", 47 | "label": "IdentityID", 48 | "description": "" 49 | } 50 | ], 51 | "formElements": [ 52 | { 53 | "id": "1167750864903", 54 | "elementType": "SECTION", 55 | "config": { 56 | "alignment": "LEFT", 57 | "description": "", 58 | "formElements": [ 59 | { 60 | "config": { 61 | "description": "

Your direct report has changed job titles and as a result they have lost access they previously held.

\n

If they need some time to complete their tasks and projects, use this form to temporarily extend their current access. 

\n

Please fill out the fields below.  Any extended access will be automatically removed after the selected time. 

", 62 | "label": "Description Field", 63 | "showLabel": false 64 | }, 65 | "elementType": "DESCRIPTION", 66 | "id": "1371770739071", 67 | "key": "", 68 | "validations": [] 69 | }, 70 | { 71 | "config": { 72 | "default": "", 73 | "description": "", 74 | "helpText": "", 75 | "label": "Identity Name", 76 | "placeholder": "", 77 | "required": false 78 | }, 79 | "elementType": "TEXT", 80 | "id": "801911992153", 81 | "key": "identityName", 82 | "validations": [] 83 | }, 84 | { 85 | "config": { 86 | "default": "", 87 | "description": "", 88 | "helpText": "", 89 | "label": "IdentityID", 90 | "placeholder": "", 91 | "required": false 92 | }, 93 | "elementType": "TEXT", 94 | "id": "1686878986398", 95 | "key": "identityId", 96 | "validations": [] 97 | }, 98 | { 99 | "config": { 100 | "columnCount": 2, 101 | "columns": [ 102 | [ 103 | { 104 | "config": { 105 | "default": "", 106 | "description": "", 107 | "helpText": "", 108 | "label": "Current Job Title", 109 | "placeholder": "", 110 | "required": false 111 | }, 112 | "elementType": "TEXT", 113 | "id": "958707300322", 114 | "key": "currentJobTitle", 115 | "validations": [] 116 | } 117 | ], 118 | [ 119 | { 120 | "config": { 121 | "default": "", 122 | "description": "", 123 | "helpText": "", 124 | "label": "Previous Job Title", 125 | "placeholder": "", 126 | "required": false 127 | }, 128 | "elementType": "TEXT", 129 | "id": "850566345112", 130 | "key": "previousJobTitle", 131 | "validations": [] 132 | } 133 | ] 134 | ], 135 | "description": "", 136 | "label": "Column Set", 137 | "labelStyle": "h5", 138 | "showLabel": false 139 | }, 140 | "elementType": "COLUMN_SET", 141 | "id": "228451340682", 142 | "key": "", 143 | "validations": [] 144 | } 145 | ], 146 | "label": "Staggerd De-provisioning Form", 147 | "labelStyle": "h2", 148 | "showLabel": true 149 | }, 150 | "validations": [] 151 | }, 152 | { 153 | "id": "1577680332106", 154 | "elementType": "SECTION", 155 | "config": { 156 | "alignment": "LEFT", 157 | "description": "Select from this dropdown list of Roles that this user lost from their most recent identity processing (limit 30)\n\nChoose how long to extend their access for.", 158 | "formElements": [ 159 | { 160 | "config": { 161 | "columnCount": 2, 162 | "columns": [ 163 | [ 164 | { 165 | "config": { 166 | "dataSource": { 167 | "config": { 168 | "formInputId": "lostRoles", 169 | "sortBy": "ASC" 170 | }, 171 | "dataSourceType": "FORM_INPUT" 172 | }, 173 | "forceSelect": true, 174 | "helpText": "", 175 | "label": "Removed Roles List", 176 | "maximum": 30, 177 | "placeholder": "", 178 | "required": false 179 | }, 180 | "elementType": "SELECT", 181 | "id": "1569615994781", 182 | "key": "extendRoles", 183 | "validations": [ 184 | { 185 | "validationType": "DATA_SOURCE" 186 | } 187 | ] 188 | } 189 | ], 190 | [ 191 | { 192 | "config": { 193 | "default": "", 194 | "description": "", 195 | "helpText": "", 196 | "label": "Number of Days", 197 | "placeholder": "", 198 | "required": true 199 | }, 200 | "elementType": "TEXT", 201 | "id": "688569054245", 202 | "key": "numberOfDays", 203 | "validations": [ 204 | { 205 | "config": { 206 | "message": "Please enter a valid number.", 207 | "regex": "\\d+" 208 | }, 209 | "validationType": "REGEX" 210 | }, 211 | { 212 | "validationType": "REQUIRED" 213 | } 214 | ] 215 | } 216 | ] 217 | ], 218 | "description": "", 219 | "label": "heading 5", 220 | "labelStyle": "h5", 221 | "showLabel": false 222 | }, 223 | "elementType": "COLUMN_SET", 224 | "id": "1418085224388", 225 | "key": "", 226 | "validations": [] 227 | }, 228 | { 229 | "config": { 230 | "description": "

To process the Identity without role extension, submit this form without any input.

", 231 | "label": "Description Field", 232 | "showLabel": false 233 | }, 234 | "elementType": "DESCRIPTION", 235 | "id": "782695504085", 236 | "key": "", 237 | "validations": [] 238 | } 239 | ], 240 | "label": "Role Extension Management", 241 | "labelStyle": "h5", 242 | "showLabel": true 243 | }, 244 | "validations": [] 245 | } 246 | ], 247 | "formConditions": [ 248 | { 249 | "ruleOperator": "AND", 250 | "rules": [ 251 | { 252 | "sourceType": "INPUT", 253 | "source": "Current Title", 254 | "operator": "NOT_EM", 255 | "valueType": "STRING", 256 | "value": "" 257 | } 258 | ], 259 | "effects": [ 260 | { 261 | "effectType": "SET_DEFAULT_VALUE", 262 | "config": { 263 | "defaultValueLabel": "Current Title", 264 | "element": "958707300322" 265 | } 266 | }, 267 | { 268 | "effectType": "DISABLE", 269 | "config": { 270 | "element": "958707300322" 271 | } 272 | } 273 | ] 274 | }, 275 | { 276 | "ruleOperator": "AND", 277 | "rules": [ 278 | { 279 | "sourceType": "INPUT", 280 | "source": "Previous Title", 281 | "operator": "NOT_EM", 282 | "valueType": "STRING", 283 | "value": "" 284 | } 285 | ], 286 | "effects": [ 287 | { 288 | "effectType": "SET_DEFAULT_VALUE", 289 | "config": { 290 | "defaultValueLabel": "Previous Title", 291 | "element": "850566345112" 292 | } 293 | }, 294 | { 295 | "effectType": "DISABLE", 296 | "config": { 297 | "element": "850566345112" 298 | } 299 | } 300 | ] 301 | }, 302 | { 303 | "ruleOperator": "AND", 304 | "rules": [ 305 | { 306 | "sourceType": "INPUT", 307 | "source": "IdenitityName", 308 | "operator": "NOT_EM", 309 | "valueType": "STRING", 310 | "value": "" 311 | } 312 | ], 313 | "effects": [ 314 | { 315 | "effectType": "SET_DEFAULT_VALUE", 316 | "config": { 317 | "defaultValueLabel": "IdenitityName", 318 | "element": "801911992153" 319 | } 320 | }, 321 | { 322 | "effectType": "DISABLE", 323 | "config": { 324 | "element": "801911992153" 325 | } 326 | } 327 | ] 328 | }, 329 | { 330 | "ruleOperator": "AND", 331 | "rules": [ 332 | { 333 | "sourceType": "ELEMENT", 334 | "source": "extendRoles", 335 | "operator": "NOT_EM", 336 | "valueType": "STRING_LIST", 337 | "value": [] 338 | } 339 | ], 340 | "effects": [ 341 | { 342 | "effectType": "SHOW", 343 | "config": { 344 | "element": "688569054245" 345 | } 346 | } 347 | ] 348 | }, 349 | { 350 | "ruleOperator": "AND", 351 | "rules": [ 352 | { 353 | "sourceType": "INPUT", 354 | "source": "identityId", 355 | "operator": "NOT_EM", 356 | "valueType": "STRING", 357 | "value": "" 358 | } 359 | ], 360 | "effects": [ 361 | { 362 | "effectType": "SET_DEFAULT_VALUE", 363 | "config": { 364 | "defaultValueLabel": "identityId", 365 | "element": "1686878986398" 366 | } 367 | }, 368 | { 369 | "effectType": "DISABLE", 370 | "config": { 371 | "element": "1686878986398" 372 | } 373 | } 374 | ] 375 | } 376 | ], 377 | "created": "2024-01-18T21:58:02.006242119Z", 378 | "modified": "2024-04-15T17:42:26.729650854Z" 379 | } 380 | } 381 | ] -------------------------------------------------------------------------------- /workflows/fasttrack-identity-onboarding/UserOnboardingServiceNowRequests.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "User Onboarding Service Now Requests", 3 | "description": "User Onboarding Service Now Requests", 4 | "definition": { 5 | "start": "Get Identity", 6 | "steps": { 7 | "Compare Numbers": { 8 | "choiceList": [ 9 | { 10 | "comparator": "NumericEquals", 11 | "nextStep": "Send Email", 12 | "variableA.$": "$.manageServiceNowTicket.statusCode", 13 | "variableB": 201 14 | } 15 | ], 16 | "defaultStep": "Send Email 3", 17 | "description": "Check Manage Service Now Ticket action completed successfully", 18 | "type": "choice" 19 | }, 20 | "Compare Strings": { 21 | "choiceList": [ 22 | { 23 | "comparator": "StringEquals", 24 | "nextStep": "Send Email 1", 25 | "variableA.$": "$.manageServiceNowTicket1.body.result[?(@.task_effective_number=='{{$.manageServiceNowTicket.body.result.task_effective_number}}')].request_state", 26 | "variableB": "closed_complete" 27 | } 28 | ], 29 | "defaultStep": "Send Email 2", 30 | "description": null, 31 | "type": "choice" 32 | }, 33 | "Compare Strings 1": { 34 | "choiceList": [ 35 | { 36 | "comparator": "StringEquals", 37 | "nextStep": "Manage ServiceNow Ticket 2", 38 | "variableA.$": "$.trigger.formData.preferredLaptop", 39 | "variableB": "Windows" 40 | } 41 | ], 42 | "defaultStep": "Compare Strings 2", 43 | "description": "Windows Laptop", 44 | "displayName": "", 45 | "type": "choice" 46 | }, 47 | "Compare Strings 2": { 48 | "choiceList": [ 49 | { 50 | "comparator": "StringEquals", 51 | "nextStep": "Manage ServiceNow Ticket 3", 52 | "variableA.$": "$.trigger.formData.preferredLaptop", 53 | "variableB": "Linux" 54 | } 55 | ], 56 | "defaultStep": "Manage ServiceNow Ticket", 57 | "description": "Linux Laptop", 58 | "displayName": "", 59 | "type": "choice" 60 | }, 61 | "Define Variable": { 62 | "attributes": { 63 | "id": "sp:define-variable", 64 | "variables": [ 65 | { 66 | "description": "Calculate Ticket Due Date", 67 | "name": "ticketDueDate", 68 | "transforms": [ 69 | { 70 | "id": "sp:transform:substring:string", 71 | "input": { 72 | "length": 10, 73 | "start": 0 74 | } 75 | } 76 | ], 77 | "variableA.$": "$.now()" 78 | } 79 | ] 80 | }, 81 | "displayName": "", 82 | "nextStep": "Get Accounts", 83 | "type": "Mutation" 84 | }, 85 | "Define Variable 1": { 86 | "attributes": { 87 | "id": "sp:define-variable", 88 | "variables": [ 89 | { 90 | "description": "Account ID", 91 | "name": "accountID", 92 | "transforms": [ 93 | { 94 | "id": "sp:transform:substring:string", 95 | "input": { 96 | "length": 32, 97 | "start": 0 98 | } 99 | } 100 | ], 101 | "variableA.$": "$.getAccounts.accounts[?(@.attributes.name=='{{$.trigger.formData.employeeName}}')].nativeIdentity" 102 | } 103 | ] 104 | }, 105 | "displayName": "", 106 | "nextStep": "Define Variable 2", 107 | "type": "Mutation" 108 | }, 109 | "Define Variable 2": { 110 | "attributes": { 111 | "id": "sp:define-variable", 112 | "variables": [ 113 | { 114 | "description": "Adobe Acrobat", 115 | "name": "acrobatFlag", 116 | "transforms": [ 117 | { 118 | "id": "sp:transform:replace:string", 119 | "input": { 120 | "pattern": "true", 121 | "replacement": "Yes" 122 | } 123 | }, 124 | { 125 | "id": "sp:transform:replace:string", 126 | "input": { 127 | "pattern": "false", 128 | "replacement": "No" 129 | } 130 | } 131 | ], 132 | "variableA": "{{$.trigger.formData.acrobat}}" 133 | }, 134 | { 135 | "description": "Eclipse Flag", 136 | "name": "eclipseFlag", 137 | "transforms": [ 138 | { 139 | "id": "sp:transform:replace:string", 140 | "input": { 141 | "pattern": "true", 142 | "replacement": "Yes" 143 | } 144 | }, 145 | { 146 | "id": "sp:transform:replace:string", 147 | "input": { 148 | "pattern": "false", 149 | "replacement": "No" 150 | } 151 | } 152 | ], 153 | "variableA": "{{$.trigger.formData.eclipse}}" 154 | }, 155 | { 156 | "description": "Oracle Flag", 157 | "name": "oracleFlag", 158 | "transforms": [ 159 | { 160 | "id": "sp:transform:replace:string", 161 | "input": { 162 | "pattern": "true", 163 | "replacement": "Yes" 164 | } 165 | }, 166 | { 167 | "id": "sp:transform:replace:string", 168 | "input": { 169 | "pattern": "false", 170 | "replacement": "No" 171 | } 172 | } 173 | ], 174 | "variableA": "{{$.trigger.formData.oracle}}" 175 | }, 176 | { 177 | "description": "Adobe Photoshop Flag", 178 | "name": "photoshopFlag", 179 | "transforms": [ 180 | { 181 | "id": "sp:transform:replace:string", 182 | "input": { 183 | "pattern": "true", 184 | "replacement": "Yes" 185 | } 186 | }, 187 | { 188 | "id": "sp:transform:replace:string", 189 | "input": { 190 | "pattern": "false", 191 | "replacement": "No" 192 | } 193 | } 194 | ], 195 | "variableA": "{{$.trigger.formData.photoshop}}" 196 | }, 197 | { 198 | "description": "MS Powerpoint Flag", 199 | "name": "powerpointFlag", 200 | "transforms": [ 201 | { 202 | "id": "sp:transform:replace:string", 203 | "input": { 204 | "pattern": "true", 205 | "replacement": "Yes" 206 | } 207 | }, 208 | { 209 | "id": "sp:transform:replace:string", 210 | "input": { 211 | "pattern": "false", 212 | "replacement": "No" 213 | } 214 | } 215 | ], 216 | "variableA": "{{$.trigger.formData.powerpoint}}" 217 | }, 218 | { 219 | "description": "Siebel Flag", 220 | "name": "siebelFlag", 221 | "transforms": [ 222 | { 223 | "id": "sp:transform:replace:string", 224 | "input": { 225 | "pattern": "true", 226 | "replacement": "Yes" 227 | } 228 | }, 229 | { 230 | "id": "sp:transform:replace:string", 231 | "input": { 232 | "pattern": "false", 233 | "replacement": "No" 234 | } 235 | } 236 | ], 237 | "variableA": "{{$.trigger.formData.siebel}}" 238 | }, 239 | { 240 | "description": "Laptop Price", 241 | "name": "laptopPrice", 242 | "transforms": [ 243 | { 244 | "id": "sp:transform:replace:string", 245 | "input": { 246 | "pattern": "Windows", 247 | "replacement": "950" 248 | } 249 | }, 250 | { 251 | "id": "sp:transform:replace:string", 252 | "input": { 253 | "pattern": "Linux", 254 | "replacement": "800" 255 | } 256 | }, 257 | { 258 | "id": "sp:transform:replace:string", 259 | "input": { 260 | "pattern": "Mac", 261 | "replacement": "1800" 262 | } 263 | }, 264 | { 265 | "id": "sp:transform:replace:string", 266 | "input": { 267 | "pattern": "Chromebook", 268 | "replacement": "500" 269 | } 270 | } 271 | ], 272 | "variableA": "{{$.trigger.formData.preferredLaptop}}" 273 | } 274 | ] 275 | }, 276 | "displayName": "", 277 | "nextStep": "Compare Strings 1", 278 | "type": "Mutation" 279 | }, 280 | "End Step — Success": { 281 | "description": "Request Success", 282 | "type": "success" 283 | }, 284 | "End Step — Success 1": { 285 | "type": "success" 286 | }, 287 | "End Step — Success 2": { 288 | "type": "success" 289 | }, 290 | "Get Accounts": { 291 | "actionId": "sp:get-accounts", 292 | "attributes": { 293 | "filterCriteria": "sourceId", 294 | "getAccountsBy": "filters", 295 | "identity": "308c97e4c41c47fd9ab23fa879fa14ab", 296 | "operator": "eq", 297 | "value": "4bce9ea74776402aa3e2dd42d3160d31" 298 | }, 299 | "description": "Get Service Now Accounts", 300 | "displayName": "", 301 | "nextStep": "Define Variable 1", 302 | "type": "action", 303 | "versionNumber": 1 304 | }, 305 | "Get Identity": { 306 | "actionId": "sp:get-identity", 307 | "attributes": { 308 | "id.$": "$.trigger.submittedBy.id" 309 | }, 310 | "description": "Get User's Manager", 311 | "nextStep": "Define Variable", 312 | "type": "action", 313 | "versionNumber": 2 314 | }, 315 | "Manage ServiceNow Ticket": { 316 | "actionId": "sp:snow", 317 | "attributes": { 318 | "action": "create", 319 | "authenticationType": "basic", 320 | "basicAuthPassword": "", 321 | "basicAuthUserName": "admin", 322 | "caller": "admin", 323 | "customFields": "requested_for:{{$.defineVariable1.accountID}}\nassignment_group:Hardware\ndue_date:{{$.defineVariable.ticketDueDate}}\ncomments:New Ticket for provisioning user Hardware\nspecial_instructions:Preferred Laptop - {{$.trigger.formData.preferredLaptop}}, {{$.trigger.formData.additionalRequests}}, Adobe Acrobat - {{$.defineVariable2.acrobatFlag}}, Adobe Photoshop - {{$.defineVariable2.photoshopFlag}}, Siebel Client - {{$.defineVariable2.siebelFlag}}, Oracle - {{$.defineVariable2.oracleFlag}}, Eclipse IDE - {{$.defineVariable2.eclipseFlag}}, Microsoft Powerpoint - {{$.defineVariable2.powerpointFlag}}\nprice:{{$.defineVariable2.laptopPrice}}\nlocation:1e3c49b037d0200044e0bfc8bcbe5dd7", 324 | "description": "Please provision Hardware for the user with Employee Number - {{$.trigger.formData.employeeNumber}}", 325 | "shortDescription": "New User {{$.trigger.formData.employeeName}} created in Sailpoint IDN", 326 | "subCategory": "", 327 | "urgency": "2", 328 | "url": "https://tenant.service-now.com/api/now/v1/table/sc_request", 329 | "watchlist": "admin" 330 | }, 331 | "description": "Create a Service Now Request for Hardware", 332 | "nextStep": "Wait", 333 | "type": "action", 334 | "versionNumber": 1 335 | }, 336 | "Manage ServiceNow Ticket 1": { 337 | "actionId": "sp:snow", 338 | "attributes": { 339 | "action": "get", 340 | "authenticationType": "basic", 341 | "basicAuthPassword": "", 342 | "basicAuthUserName": "admin", 343 | "ticket": "{{$.manageServiceNowTicket.body.result.task_effective_number}}", 344 | "url": "https://tenant.service-now.com/api/now/v1/table/sc_request?sysparm_query=" 345 | }, 346 | "description": "Check Ticket Status", 347 | "nextStep": "Compare Strings", 348 | "type": "action", 349 | "versionNumber": 1 350 | }, 351 | "Manage ServiceNow Ticket 2": { 352 | "actionId": "sp:snow", 353 | "attributes": { 354 | "action": "create", 355 | "authenticationType": "basic", 356 | "basicAuthPassword": "", 357 | "basicAuthUserName": "admin", 358 | "caller": "admin", 359 | "customFields": "requested_for:{{$.defineVariable1.accountID}}\nassignment_group:Windows Hardware Support\ndue_date:{{$.defineVariable.ticketDueDate}}\ncomments:New Ticket for provisioning user Hardware\nspecial_instructions:Preferred Laptop - {{$.trigger.formData.preferredLaptop}}, OS - {{$.trigger.formData.windowsOsVersion}}, {{$.trigger.formData.additionalRequests}}, Adobe Acrobat - {{$.defineVariable2.acrobatFlag}}, Adobe Photoshop - {{$.defineVariable2.photoshopFlag}}, Siebel Client - {{$.defineVariable2.siebelFlag}}, Oracle - {{$.defineVariable2.oracleFlag}}, Eclipse IDE - {{$.defineVariable2.eclipseFlag}}, Microsoft Powerpoint - {{$.defineVariable2.powerpointFlag}}\nprice:{{$.defineVariable2.laptopPrice}}\nlocation:1e3c49b037d0200044e0bfc8bcbe5dd7", 360 | "description": "Please provision Hardware for the user with Employee Number - {{$.trigger.formData.employeeNumber}}", 361 | "shortDescription": "New User {{$.trigger.formData.employeeName}} created in Sailpoint IDN", 362 | "subCategory": null, 363 | "urgency": "2", 364 | "url": "https://tenant.service-now.com/api/now/v1/table/sc_request", 365 | "watchlist": "admin" 366 | }, 367 | "description": "Create a Service Now Request for Hardware", 368 | "displayName": "", 369 | "nextStep": "Wait", 370 | "type": "action", 371 | "versionNumber": 1 372 | }, 373 | "Manage ServiceNow Ticket 3": { 374 | "actionId": "sp:snow", 375 | "attributes": { 376 | "action": "create", 377 | "authenticationType": "basic", 378 | "basicAuthPassword": "", 379 | "basicAuthUserName": "admin", 380 | "caller": "admin", 381 | "customFields": "requested_for:{{$.defineVariable1.accountID}}\nassignment_group:Hardware\ndue_date:{{$.defineVariable.ticketDueDate}}\ncomments:New Ticket for provisioning user Hardware\nspecial_instructions:Preferred Laptop - {{$.trigger.formData.preferredLaptop}}, OS - {{$.trigger.formData.linuxOs}}, {{$.trigger.formData.additionalRequests}}, Adobe Acrobat - {{$.defineVariable2.acrobatFlag}}, Adobe Photoshop - {{$.defineVariable2.photoshopFlag}}, Siebel Client - {{$.defineVariable2.siebelFlag}}, Oracle - {{$.defineVariable2.oracleFlag}}, Eclipse IDE - {{$.defineVariable2.eclipseFlag}}, Microsoft Powerpoint - {{$.defineVariable2.powerpointFlag}}\nprice:{{$.defineVariable2.laptopPrice}}\nlocation:1e3c49b037d0200044e0bfc8bcbe5dd7", 382 | "description": "Please provision Hardware for the user with Employee Number - {{$.trigger.formData.employeeNumber}}", 383 | "shortDescription": "New User {{$.trigger.formData.employeeName}} created in Sailpoint IDN", 384 | "subCategory": "", 385 | "urgency": "2", 386 | "url": "https://tenant.service-now.com/api/now/v1/table/sc_request", 387 | "watchlist": "admin" 388 | }, 389 | "description": "Create a Service Now Request for Hardware", 390 | "displayName": "", 391 | "nextStep": "Wait", 392 | "type": "action", 393 | "versionNumber": 1 394 | }, 395 | "Send Email": { 396 | "actionId": "sp:send-email", 397 | "attributes": { 398 | "body": "Hi,

\nService Now Ticket for user ${displayName} has been created successfully. \n

\nThe Ticket Number is ${ticketNumber}.\n

\nThanks,
\nYour IAM Team", 399 | "context": { 400 | "displayName.$": "$.trigger.formData.employeeName", 401 | "ticketNumber.$": "$.manageServiceNowTicket.body.result.task_effective_number" 402 | }, 403 | "recipientEmailList.$": "$.getIdentity.attributes.email", 404 | "subject": "Service Now Ticket {{$.manageServiceNowTicket.body.result.task_effective_number}} Created" 405 | }, 406 | "description": "Notify Manager about Service Now Ticket Creation", 407 | "nextStep": "Wait 1", 408 | "type": "action", 409 | "versionNumber": 2 410 | }, 411 | "Send Email 1": { 412 | "actionId": "sp:send-email", 413 | "attributes": { 414 | "body": "Service Now Ticket ${ticketNumber} for user ${displayName} is now Closed.\n

\nPlease note that Hardware provisioning for new user is now complete.\n

\nThanks,
\nIAM Team", 415 | "context": { 416 | "displayName.$": "$.trigger.formData.employeeName", 417 | "ticketNumber.$": "$.manageServiceNowTicket.body.result.task_effective_number" 418 | }, 419 | "recipientEmailList.$": "$.getIdentity.attributes.email", 420 | "subject": "Service Now Ticket {{$.manageServiceNowTicket.body.result.task_effective_number}} Closed" 421 | }, 422 | "description": "Notify Manager of Service Now Ticket Completetion", 423 | "nextStep": "End Step — Success", 424 | "type": "action", 425 | "versionNumber": 2 426 | }, 427 | "Send Email 2": { 428 | "actionId": "sp:send-email", 429 | "attributes": { 430 | "body": "Hi,

\nService Now Ticket ${ticketNumber} for user ${displayName} is ${status}.\n

\nPlease check with Hardware Team if provisioning is completed.

\nThanks,
\nYour IAM Team", 431 | "context": { 432 | "displayName.$": "$.trigger.formData.employeeName", 433 | "status.$": "$.manageServiceNowTicket1.body.result[?(@.task_effective_number=='{{$.manageServiceNowTicket.body.result.task_effective_number}}')].request_state", 434 | "ticketNumber.$": "$.manageServiceNowTicket.body.result.task_effective_number" 435 | }, 436 | "recipientEmailList.$": "$.getIdentity.attributes.email", 437 | "subject": "Service Now Ticket {{$.manageServiceNowTicket.body.result.task_effective_number}} Status" 438 | }, 439 | "description": "Notify Manager about Service Now Ticket Status", 440 | "nextStep": "End Step — Success 2", 441 | "type": "action", 442 | "versionNumber": 2 443 | }, 444 | "Send Email 3": { 445 | "actionId": "sp:send-email", 446 | "attributes": { 447 | "body": "Hi,

\nService Now Ticket creation for user ${displayName} has failed. \n

\nPlease create provisioning request with Hardware Team from Service Now.\n

\nThanks,
\nYour IAM Team", 448 | "context": { 449 | "displayName.$": "$.trigger.formData.employeeName" 450 | }, 451 | "recipientEmailList.$": "$.getIdentity.attributes.email", 452 | "subject": "Service Now Ticket Creation Failure" 453 | }, 454 | "description": "Notify Manager about Service Now Ticket Creation Failure", 455 | "nextStep": "End Step — Success 1", 456 | "type": "action", 457 | "versionNumber": 2 458 | }, 459 | "Wait": { 460 | "actionId": "sp:sleep", 461 | "attributes": { 462 | "duration": "1m", 463 | "type": "waitFor" 464 | }, 465 | "description": "Wait for Service Now Ticket Creation", 466 | "nextStep": "Compare Numbers", 467 | "type": "action", 468 | "versionNumber": 1 469 | }, 470 | "Wait 1": { 471 | "actionId": "sp:sleep", 472 | "attributes": { 473 | "duration": "1m", 474 | "type": "waitFor" 475 | }, 476 | "description": "Wait for a few days to check Ticket Status", 477 | "nextStep": "Manage ServiceNow Ticket 1", 478 | "type": "action", 479 | "versionNumber": 1 480 | } 481 | } 482 | }, 483 | "trigger": { 484 | "type": "EVENT", 485 | "attributes": { 486 | "description": "User Onboarding Form Submitted", 487 | "id": "sp:form-submitted" 488 | } 489 | } 490 | } 491 | -------------------------------------------------------------------------------- /workflows/new-hire-additional-info/User Onboarding Form.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "0f116186-9b9c-47ff-ada8-054866c34ef5", 3 | "name": "User Onboarding", 4 | "description": "New User Onboarding Form to gather additional information", 5 | "owner": { 6 | "type": "IDENTITY", 7 | "id": "bcae0dce3d7f4dac827e7853835882d1" 8 | }, 9 | "usedBy": [ 10 | { 11 | "type": "WORKFLOW", 12 | "id": "fd2780a2-7ce2-45e3-93ff-2732de71c696" 13 | } 14 | ], 15 | "formInput": [ 16 | { 17 | "id": "employeeName", 18 | "type": "STRING", 19 | "label": "Employee Name", 20 | "description": "Employee Name" 21 | }, 22 | { 23 | "id": "employeeNumber", 24 | "type": "STRING", 25 | "label": "Employee Number", 26 | "description": "Employee Number" 27 | } 28 | ], 29 | "formElements": [ 30 | { 31 | "id": "224499714467", 32 | "elementType": "SECTION", 33 | "config": { 34 | "alignment": "CENTER", 35 | "description": "", 36 | "formElements": [ 37 | { 38 | "config": { 39 | "alignment": "CENTER", 40 | "altText": "Logo", 41 | "fileId": "01HKSSY7B77TEF3N4ZYBWF9JEB.jpg", 42 | "label": "Logo", 43 | "mimeType": "image/jpeg", 44 | "originalFilename": "logo.jpg", 45 | "showLabel": false 46 | }, 47 | "elementType": "IMAGE", 48 | "id": "450002799871", 49 | "key": "", 50 | "validations": [] 51 | }, 52 | { 53 | "config": { 54 | "description": "

Please enter the information below

", 55 | "label": "Description Field", 56 | "showLabel": false 57 | }, 58 | "elementType": "DESCRIPTION", 59 | "id": "236874197365", 60 | "key": "", 61 | "validations": [] 62 | } 63 | ], 64 | "label": "User Onboarding Form", 65 | "labelStyle": "h2", 66 | "showLabel": true 67 | }, 68 | "validations": [] 69 | }, 70 | { 71 | "id": "1684040207998", 72 | "elementType": "SECTION", 73 | "config": { 74 | "alignment": "LEFT", 75 | "description": "Personal Information", 76 | "formElements": [ 77 | { 78 | "config": { 79 | "default": "", 80 | "description": "", 81 | "helpText": "", 82 | "label": "Employee Name", 83 | "placeholder": "John Doe", 84 | "required": true 85 | }, 86 | "elementType": "TEXT", 87 | "id": "1429005651615", 88 | "key": "employeeName", 89 | "validations": [ 90 | { 91 | "validationType": "REQUIRED" 92 | } 93 | ] 94 | }, 95 | { 96 | "config": { 97 | "default": "", 98 | "description": "", 99 | "helpText": "", 100 | "label": "Employee Number", 101 | "placeholder": "12345678", 102 | "required": true 103 | }, 104 | "elementType": "TEXT", 105 | "id": "1671045461835", 106 | "key": "employeeNumber", 107 | "validations": [ 108 | { 109 | "validationType": "REQUIRED" 110 | }, 111 | { 112 | "config": { 113 | "min": 5 114 | }, 115 | "validationType": "MIN_LENGTH" 116 | }, 117 | { 118 | "config": { 119 | "max": 10 120 | }, 121 | "validationType": "MAX_LENGTH" 122 | } 123 | ] 124 | }, 125 | { 126 | "config": { 127 | "default": true, 128 | "falseLabel": "Part Time", 129 | "helpText": "Are you a Full Time employee or a Part Time employee?", 130 | "label": "User Type", 131 | "trueLabel": "Full Time" 132 | }, 133 | "elementType": "TOGGLE", 134 | "id": "1609723929797", 135 | "key": "userType", 136 | "validations": [] 137 | }, 138 | { 139 | "config": { 140 | "description": "", 141 | "formatAsYouType": true, 142 | "helpText": "", 143 | "internationalized": true, 144 | "label": "Personal Phone", 145 | "placeholder": "", 146 | "required": false 147 | }, 148 | "elementType": "PHONE", 149 | "id": "1515015928726", 150 | "key": "personalPhone", 151 | "validations": [ 152 | { 153 | "validationType": "PHONE" 154 | } 155 | ] 156 | }, 157 | { 158 | "config": { 159 | "default": "", 160 | "description": "", 161 | "helpText": "", 162 | "label": "Personal Email", 163 | "placeholder": "john.doe@gmail.com", 164 | "required": false 165 | }, 166 | "elementType": "EMAIL", 167 | "id": "701850857199", 168 | "key": "personalEmail", 169 | "validations": [ 170 | { 171 | "validationType": "EMAIL" 172 | } 173 | ] 174 | }, 175 | { 176 | "config": { 177 | "default": null, 178 | "description": "", 179 | "helpText": "", 180 | "label": "Date Of Birth", 181 | "placeholder": "01/01/1900", 182 | "required": false 183 | }, 184 | "elementType": "DATE", 185 | "id": "53881113108", 186 | "key": "dateOfBirth", 187 | "validations": [ 188 | { 189 | "validationType": "DATE" 190 | } 191 | ] 192 | }, 193 | { 194 | "config": { 195 | "dataSource": { 196 | "config": { 197 | "objectType": "IDENTITY" 198 | }, 199 | "dataSourceType": "INTERNAL" 200 | }, 201 | "forceSelect": true, 202 | "helpText": "Please select the contact the within company who referred you.", 203 | "label": "Referred By", 204 | "maximum": 1, 205 | "placeholder": "", 206 | "required": false 207 | }, 208 | "elementType": "SELECT", 209 | "id": "267723420812", 210 | "key": "referredBy", 211 | "validations": [] 212 | }, 213 | { 214 | "config": { 215 | "dataSource": { 216 | "config": { 217 | "options": [ 218 | { 219 | "label": "Reading", 220 | "subLabel": "", 221 | "value": "Reading" 222 | }, 223 | { 224 | "label": "Cycling", 225 | "subLabel": "", 226 | "value": "Cycling" 227 | }, 228 | { 229 | "label": "Tennis", 230 | "subLabel": "", 231 | "value": "Tennis" 232 | }, 233 | { 234 | "label": "Walking", 235 | "subLabel": "", 236 | "value": "Walking" 237 | }, 238 | { 239 | "label": "Travelling", 240 | "subLabel": "", 241 | "value": "Travelling" 242 | } 243 | ] 244 | }, 245 | "dataSourceType": "STATIC" 246 | }, 247 | "forceSelect": true, 248 | "helpText": "", 249 | "label": "Hobbies", 250 | "maximum": 3, 251 | "placeholder": "", 252 | "required": false 253 | }, 254 | "elementType": "SELECT", 255 | "id": "734025725321", 256 | "key": "hobbies", 257 | "validations": [] 258 | } 259 | ], 260 | "label": "Personal Information", 261 | "labelStyle": "h2", 262 | "showLabel": true 263 | }, 264 | "validations": [] 265 | }, 266 | { 267 | "id": "1030151693562", 268 | "elementType": "SECTION", 269 | "config": { 270 | "alignment": "LEFT", 271 | "description": "Address Infomation", 272 | "formElements": [ 273 | { 274 | "config": { 275 | "default": "", 276 | "description": "", 277 | "helpText": "Address Line 1", 278 | "label": "Address Line 1", 279 | "placeholder": "Aptartment and Steet name", 280 | "required": false 281 | }, 282 | "elementType": "TEXT", 283 | "id": "1603331229619", 284 | "key": "addressLine1", 285 | "validations": [] 286 | }, 287 | { 288 | "config": { 289 | "dataSource": { 290 | "config": { 291 | "aggregationBucketField": "attributes.city.exact", 292 | "indices": [ 293 | "identities" 294 | ], 295 | "query": "attributes.cloudLifecycleState:active" 296 | }, 297 | "dataSourceType": "SEARCH" 298 | }, 299 | "forceSelect": true, 300 | "helpText": "", 301 | "label": "City", 302 | "maximum": 1, 303 | "placeholder": "", 304 | "required": false 305 | }, 306 | "elementType": "SELECT", 307 | "id": "1664914974591", 308 | "key": "city", 309 | "validations": [] 310 | } 311 | ], 312 | "label": "Address Information", 313 | "labelStyle": "h2", 314 | "showLabel": true 315 | }, 316 | "validations": [] 317 | }, 318 | { 319 | "id": "1337327807775", 320 | "elementType": "SECTION", 321 | "config": { 322 | "alignment": "LEFT", 323 | "description": "", 324 | "formElements": [ 325 | { 326 | "config": { 327 | "dataSource": { 328 | "config": { 329 | "options": [ 330 | { 331 | "label": "Windows", 332 | "subLabel": "", 333 | "value": "Windows" 334 | }, 335 | { 336 | "label": "Mac", 337 | "subLabel": "", 338 | "value": "Mac" 339 | }, 340 | { 341 | "label": "Linux", 342 | "subLabel": "", 343 | "value": "Linux" 344 | }, 345 | { 346 | "label": "Chromebook", 347 | "subLabel": "", 348 | "value": "Chromebook" 349 | } 350 | ] 351 | }, 352 | "dataSourceType": "STATIC" 353 | }, 354 | "forceSelect": true, 355 | "helpText": "Choose a preferred Laptop Type", 356 | "label": "Preferred Laptop", 357 | "maximum": 1, 358 | "placeholder": "Laptop", 359 | "required": false 360 | }, 361 | "elementType": "SELECT", 362 | "id": "373090611599", 363 | "key": "preferredLaptop", 364 | "validations": [] 365 | }, 366 | { 367 | "config": { 368 | "dataSource": { 369 | "config": { 370 | "options": [ 371 | { 372 | "label": "Windows 10", 373 | "subLabel": "", 374 | "value": "Windows 10" 375 | }, 376 | { 377 | "label": "Windows 11", 378 | "subLabel": "", 379 | "value": "Windows 11" 380 | } 381 | ] 382 | }, 383 | "dataSourceType": "STATIC" 384 | }, 385 | "forceSelect": true, 386 | "helpText": "Please select the Windows OS Version", 387 | "label": "Windows OS Version", 388 | "maximum": 1, 389 | "placeholder": "Windows 10", 390 | "required": false 391 | }, 392 | "elementType": "SELECT", 393 | "id": "384477034392", 394 | "key": "windowsOsVersion", 395 | "validations": [] 396 | }, 397 | { 398 | "config": { 399 | "dataSource": { 400 | "config": { 401 | "options": [ 402 | { 403 | "label": "Ubuntu", 404 | "subLabel": "", 405 | "value": "Ubuntu" 406 | }, 407 | { 408 | "label": "Fedora", 409 | "subLabel": "", 410 | "value": "Fedora" 411 | }, 412 | { 413 | "label": "RHEL", 414 | "subLabel": "", 415 | "value": "RHEL" 416 | } 417 | ] 418 | }, 419 | "dataSourceType": "STATIC" 420 | }, 421 | "forceSelect": true, 422 | "helpText": "Please select the Linux OS", 423 | "label": "Linux OS", 424 | "maximum": 1, 425 | "placeholder": "RHEL", 426 | "required": false 427 | }, 428 | "elementType": "SELECT", 429 | "id": "189407976938", 430 | "key": "linuxOs", 431 | "validations": [] 432 | }, 433 | { 434 | "config": { 435 | "columnCount": 2, 436 | "columns": [ 437 | [ 438 | { 439 | "config": { 440 | "default": false, 441 | "falseLabel": "No", 442 | "helpText": "", 443 | "label": "Oracle", 444 | "trueLabel": "Yes" 445 | }, 446 | "elementType": "TOGGLE", 447 | "id": "96112758113", 448 | "key": "oracle", 449 | "validations": [] 450 | }, 451 | { 452 | "config": { 453 | "default": false, 454 | "falseLabel": "No", 455 | "helpText": "Use this field to capture yes/no responses", 456 | "label": "Microsoft", 457 | "trueLabel": "Yes" 458 | }, 459 | "elementType": "TOGGLE", 460 | "id": "631636696630", 461 | "key": "microsoft", 462 | "validations": [] 463 | } 464 | ], 465 | [ 466 | { 467 | "config": { 468 | "default": false, 469 | "falseLabel": "No", 470 | "helpText": "", 471 | "label": "Eclipse", 472 | "trueLabel": "Yes" 473 | }, 474 | "elementType": "TOGGLE", 475 | "id": "224544041115", 476 | "key": "eclipse", 477 | "validations": [] 478 | }, 479 | { 480 | "config": { 481 | "default": false, 482 | "falseLabel": "No", 483 | "helpText": "Use this field to capture yes/no responses", 484 | "label": "Postman", 485 | "trueLabel": "Yes" 486 | }, 487 | "elementType": "TOGGLE", 488 | "id": "1564902885354", 489 | "key": "postman", 490 | "validations": [] 491 | } 492 | ] 493 | ], 494 | "description": "", 495 | "label": "Require Access to Applications", 496 | "labelStyle": "h5", 497 | "showLabel": true 498 | }, 499 | "elementType": "COLUMN_SET", 500 | "id": "96610211858", 501 | "key": "", 502 | "validations": [] 503 | }, 504 | { 505 | "config": { 506 | "default": "", 507 | "description": "", 508 | "helpText": "", 509 | "label": "Additional Requests", 510 | "placeholder": "Please provide information about any additional requests", 511 | "required": false, 512 | "resize": false, 513 | "rows": 2 514 | }, 515 | "elementType": "TEXTAREA", 516 | "id": "1422617803725", 517 | "key": "additionalRequests", 518 | "validations": [] 519 | } 520 | ], 521 | "label": "IT Resources", 522 | "labelStyle": "h2", 523 | "showLabel": true 524 | }, 525 | "validations": [] 526 | } 527 | ], 528 | "formConditions": [ 529 | { 530 | "ruleOperator": "AND", 531 | "rules": [ 532 | { 533 | "sourceType": "INPUT", 534 | "source": "Employee Number", 535 | "operator": "NOT_EM", 536 | "valueType": "STRING", 537 | "value": "" 538 | } 539 | ], 540 | "effects": [ 541 | { 542 | "effectType": "SET_DEFAULT_VALUE", 543 | "config": { 544 | "defaultValueLabel": "Employee Number", 545 | "element": "1671045461835" 546 | } 547 | }, 548 | { 549 | "effectType": "DISABLE", 550 | "config": { 551 | "element": "1671045461835" 552 | } 553 | } 554 | ] 555 | }, 556 | { 557 | "ruleOperator": "AND", 558 | "rules": [ 559 | { 560 | "sourceType": "INPUT", 561 | "source": "Employee Name", 562 | "operator": "NOT_EM", 563 | "valueType": "STRING", 564 | "value": "" 565 | } 566 | ], 567 | "effects": [ 568 | { 569 | "effectType": "SET_DEFAULT_VALUE", 570 | "config": { 571 | "defaultValueLabel": "Employee Name", 572 | "element": "1429005651615" 573 | } 574 | }, 575 | { 576 | "effectType": "DISABLE", 577 | "config": { 578 | "element": "1429005651615" 579 | } 580 | } 581 | ] 582 | }, 583 | { 584 | "ruleOperator": "AND", 585 | "rules": [ 586 | { 587 | "sourceType": "ELEMENT", 588 | "source": "userType", 589 | "operator": "EQ", 590 | "valueType": "BOOLEAN", 591 | "value": "false" 592 | } 593 | ], 594 | "effects": [ 595 | { 596 | "effectType": "HIDE", 597 | "config": { 598 | "element": "1337327807775" 599 | } 600 | } 601 | ] 602 | }, 603 | { 604 | "ruleOperator": "AND", 605 | "rules": [ 606 | { 607 | "sourceType": "ELEMENT", 608 | "source": "addressLine1", 609 | "operator": "EM", 610 | "valueType": "STRING", 611 | "value": "" 612 | } 613 | ], 614 | "effects": [ 615 | { 616 | "effectType": "DISABLE", 617 | "config": { 618 | "element": "1664914974591" 619 | } 620 | } 621 | ] 622 | }, 623 | { 624 | "ruleOperator": "AND", 625 | "rules": [ 626 | { 627 | "sourceType": "ELEMENT", 628 | "source": "preferredLaptop", 629 | "operator": "EM", 630 | "valueType": "STRING", 631 | "value": "" 632 | } 633 | ], 634 | "effects": [ 635 | { 636 | "effectType": "HIDE", 637 | "config": { 638 | "element": "96610211858" 639 | } 640 | }, 641 | { 642 | "effectType": "HIDE", 643 | "config": { 644 | "element": "1422617803725" 645 | } 646 | } 647 | ] 648 | }, 649 | { 650 | "ruleOperator": "OR", 651 | "rules": [ 652 | { 653 | "sourceType": "ELEMENT", 654 | "source": "preferredLaptop", 655 | "operator": "EQ", 656 | "valueType": "STRING", 657 | "value": "Linux" 658 | }, 659 | { 660 | "sourceType": "ELEMENT", 661 | "source": "preferredLaptop", 662 | "operator": "EQ", 663 | "valueType": "STRING", 664 | "value": "Mac" 665 | }, 666 | { 667 | "sourceType": "ELEMENT", 668 | "source": "preferredLaptop", 669 | "operator": "EQ", 670 | "valueType": "STRING", 671 | "value": "Chromebook" 672 | }, 673 | { 674 | "sourceType": "ELEMENT", 675 | "source": "preferredLaptop", 676 | "operator": "EM", 677 | "valueType": "STRING", 678 | "value": "" 679 | } 680 | ], 681 | "effects": [ 682 | { 683 | "effectType": "HIDE", 684 | "config": { 685 | "element": "384477034392" 686 | } 687 | } 688 | ] 689 | }, 690 | { 691 | "ruleOperator": "OR", 692 | "rules": [ 693 | { 694 | "sourceType": "ELEMENT", 695 | "source": "preferredLaptop", 696 | "operator": "EQ", 697 | "valueType": "STRING", 698 | "value": "Windows" 699 | }, 700 | { 701 | "sourceType": "ELEMENT", 702 | "source": "preferredLaptop", 703 | "operator": "EQ", 704 | "valueType": "STRING", 705 | "value": "Mac" 706 | }, 707 | { 708 | "sourceType": "ELEMENT", 709 | "source": "preferredLaptop", 710 | "operator": "EQ", 711 | "valueType": "STRING", 712 | "value": "Chromebook" 713 | }, 714 | { 715 | "sourceType": "ELEMENT", 716 | "source": "preferredLaptop", 717 | "operator": "EM", 718 | "valueType": "STRING", 719 | "value": "" 720 | } 721 | ], 722 | "effects": [ 723 | { 724 | "effectType": "HIDE", 725 | "config": { 726 | "element": "189407976938" 727 | } 728 | } 729 | ] 730 | } 731 | ], 732 | "created": "2023-11-06T06:52:30.861508639Z", 733 | "modified": "2024-01-11T06:33:27.489476588Z" 734 | } --------------------------------------------------------------------------------