Forum Discussion

siri123135's avatar
siri123135
Copper Contributor
Feb 02, 2023

Issues with Lifecycle workflows

We are currently creating an offboarding process with the preview feature “Lifecycle workflows” in Identity Governance panel. We currently have these as tasks when the flow triggers at the attribute employeeleavedate:

Task 1: Disable user

Task2: Remove from all Teams

Task3: Remove from all groups

Task4: Email Manager

 

The lifecycle workflow runs as it should on the trigger date if the user is not assigned to any groups with roles. For instance, the user can have eligible PIM roles direct and the flow runs successfully, If the user has assigned roles from a group the flow fails with the error “Insufficient privileges to complete the operation.”.

Is this a bug in the workflow?

 

70% of our users have roles via groups and this means we wont be able to use the life cycle workflow.

    • siri123135's avatar
      siri123135
      Copper Contributor
      "Disable user" All other works but the groups wont be removed even though is said "completed"
      I tested multiple times and it works as long as the user is not assigned to any groups.

Resources