PingOne Advanced Identity Cloud

User create event workflow - catalog lookup

In this example, an administrator creates a workflow that:

  • Submits a request to add the Data Analyst and Security roles to a newly created user when a user create event occurs.

  • Looks up the two roles in the catalog.

Assumptions

  • Roles exist in the catalog.

  • Make sure to catch any error/failure conditions.

Example

An example of user create event workflow to request two roles when a user is created.
  • 1 The Script node looks up two roles in the catalog. If the roles are present in the catalog, the script generates a request for roles.

    Click to display Submit Request for Roles script
    logger.info("Running user create event role workflow");
    
    var content = execution.getVariables();
    var requestId = content.get('id');
    var failureReason = null;
    var userObj = null;
    var userId = null;
    
    // Read event user information from request object
    try {
      var requestObj = openidm.action('iga/governance/requests/' + requestId, 'GET', {}, {});
      userObj = requestObj.request.common.blob.after;
      userId = userObj.userId;
    }
    catch (e) {
      failureReason = "Validation failed: Error reading request with id " + requestId;
    }
    
    // Define roles to request
    var roleNames = [ "Data Analyst", "Security" ];
    
    // Look up roles in catalog
    var operand = [];
    for (var index in roleNames) {
      operand.push({operator: "EQUALS", operand: { targetName: "role.name", targetValue: roleNames[index] }})
    }
    var body = { targetFilter: {operator: "OR", operand: operand}};
    var catalog = openidm.action("iga/governance/catalog/search", "POST", body);
    var catalogResults = catalog.result;
    
    // Define request catalogs key
    var catalogBody = [];
    for (var idx in catalogResults) {
      var catalog = catalogResults[idx];
      catalogBody.push({type: "role", id: catalog.id})
    }
    
    // Define request payload
    var requestBody = {
      priority: "low",
      accessModifier: "add",
      justification: "Request submitted on user creation.",
      users: [ userId ],
      catalogs: catalogBody
    };
    
    // Create requests
    try {
      openidm.action("iga/governance/requests", "POST", requestBody, {_action: "create"})
    }
    catch (e) {
      failureReason = "Unable to generate requests for roles";
    }
    
    // Update event request as final
    var decision = failureReason ?
      {'status': 'complete', 'outcome': 'cancelled', 'decision': 'rejected', 'comment': failureReason, 'failure': true} :
      {'status': 'complete', 'outcome': 'fulfilled', 'decision': 'approved'};
    var queryParams = { '_action': 'update'};
    openidm.action('iga/governance/requests/' + requestId, 'POST', decision, queryParams);
    logger.info("Request " + requestId + " completed.");

Download the JSON file for this workflow here.

Learn more about how to import or export workflows in workflow editor canvas.