Issues with Lifecycle workflows

Copper Contributor

We are currently creating an offboarding process with the preview feature “Lifecycle workflows” in Identity Governance panel. We currently have these as tasks when the flow triggers at the attribute employeeleavedate:

Task 1: Disable user

Task2: Remove from all Teams

Task3: Remove from all groups

Task4: Email Manager

 

The lifecycle workflow runs as it should on the trigger date if the user is not assigned to any groups with roles. For instance, the user can have eligible PIM roles direct and the flow runs successfully, If the user has assigned roles from a group the flow fails with the error “Insufficient privileges to complete the operation.”.

Is this a bug in the workflow?

 

70% of our users have roles via groups and this means we wont be able to use the life cycle workflow.

2 Replies
Hi, is there any indication of at which task the flow is failing?
"Disable user" All other works but the groups wont be removed even though is said "completed"
I tested multiple times and it works as long as the user is not assigned to any groups.