This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Workflow / If/Else block condition for account and entitlement

ankitalande
New Contributor
New Contributor

‎08/25/2023 08:47 AM

Hi,

We have a requirement to design a two level work flow, once user requests for account and entitlement access to an application both the request (account and entitlement) should go to manager and once approved both the entitlement (account and access) request should go to the base on the entitlement category define usergroup. if (entitlement related hr team then both the request (account and entitlement) request goes to user1 and user2 and if entitlement related finance team then both the request (account and entitlement) goes to user3 and user4.

I created a parellel workflow but facing issue with account request approval for account approval request stuck with manager only not goint to forward. entitlement request are working fine.


I tried the following syntax for if else condition.

((ars_requests.requesttype==3) or (entitlement.customproperty1.contains('HR_Team')))

for this if part working fine but in else part only entitlement request go forward and account request stuck with manager approval.

I also try with this condition.

((ars_requests.requesttype==3) and (entitlement.customproperty1.contains('HR_Team'))) or (entitlement.customproperty1.contains('Finance_Team'))

Kindly provide me the solution for this. How we achieve this.

Labels:
0 Kudos
13 REPLIES 13

rushikeshvartak
All-Star
All-Star

‎08/26/2023 11:30 AM

Entitlement is related to HR is decided how ?

You don’t need to add if else use custom assignment block and create group with same naming conventions which will solve your problem


Regards,
Rushikesh Vartak
0 Kudos

ankitalande
New Contributor
New Contributor

‎08/27/2023 03:43 AM

In Entitlement custom property 1 I set the HR_Team.

I already set the custom assignment and create user group. After manager approval request goes to the HR_Team or Finance Team base on incoming entitlement type.

If use not use If/Else block then, how we identify that (account  and entitlement) request goes further which user group?

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to ankitalande

‎08/27/2023 07:48 AM

Share wf wiring and request form screenshot 


Regards,
Rushikesh Vartak
0 Kudos

ankitalande
New Contributor
New Contributor
In response to rushikeshvartak

‎08/27/2023 10:47 PM

wf_SS.png

This is workflow, After manager approval it goes to If/Else block.

re_ss.png

For Add Account Request goes to Manager after manager request again goes to manger and for Add access task request goes to further user group.

For Add (Account and Entitlement) Both request go user group1.

0 Kudos

adriencosson
Regular Contributor III
Regular Contributor III

‎08/29/2023 08:20 AM

Hi @ankitalande,

An easy workaround for this use case is to set the Security System's attribute called "Create Task Action" to "EntitlementsOnly".

This will provide the below scenario :

  • Manager will still be able to approve the account request along with the access.
  • Once approved, the designed User Group will perform approval of the access
  • Account will only be provisioned if one of the access has been approved by the second-level approvers.

This also eases the user experience of second-level approvers that can focus on approving access.

Hope this helps !

Regards,
Adrien COSSON
0 Kudos

ankitalande
New Contributor
New Contributor

‎08/31/2023 04:34 AM

We must create the add account and add access task both as well. Our if part is working fine only issue with else part.

0 Kudos

adriencosson
Regular Contributor III
Regular Contributor III

‎08/31/2023 10:48 AM

Hi @ankitalande ,

Why is the Add Account task required ?

Note that even if you see only "Add Access" tasks in the Pending Tasks list, Saviynt will provision a new account if it does not exist yet, and add the access accordingly to the created account.

Regards,
Adrien COSSON
0 Kudos

ankitalande
New Contributor
New Contributor

‎09/06/2023 11:51 PM

I need both the task created. 

Please provide the solution, If you have any idea.

0 Kudos

adriencosson
Regular Contributor III
Regular Contributor III

‎09/07/2023 12:19 AM

Hi @ankitalande,

Could you please develop on why the New account task is necessary since the above option will still create the account whenever there will at least an access provided ?

By any chance, does your application requires to enable end users to request for an account only ?

If so, EntitlementsOnly on "Create Task Action" is not an option for you to go with.

Regards,
Adrien COSSON
0 Kudos

ankitalande
New Contributor
New Contributor
In response to adriencosson

‎09/07/2023 03:32 AM

I try this solution but still facing same issue..

 

0 Kudos

ankitalande
New Contributor
New Contributor

‎09/11/2023 11:03 AM

Can we achieve this using Entitlement owner rank 1 and rank2 using custom Query?

Please suggest the way how to achieve this?

 

0 Kudos

adriencosson
Regular Contributor III
Regular Contributor III

‎09/11/2023 12:23 PM

Hi @ankitalande ,

Yes using Custom Assignment you can get owners based on rank following below query :

select u.userkey from users u left join entitlement_owners eo on eo.userkey=u.userkey left join entitlement_values ev on ev.ENTITLEMENT_VALUEKEY=eo.ENTITLEMENT_VALUEKEY where ev.ENTITLEMENT_VALUEKEY=${REQUESTACCESSOBJ.id} and eo.rank=1
Regards,
Adrien COSSON
0 Kudos

ankitalande
New Contributor
New Contributor

‎09/11/2023 09:46 PM

For add account and add access request goes to entitlement rank1 and rank2 owner. 

Can we achieve this in custom query?     If yes then suggest the solution..

0 Kudos
Copyright © 2023 Khoros, LLC