We have a task (CreateUser) that creates a user. We have a PX Policy (AssignDefProvRole) that assigns a default provisioning role on user creation. This policy is configured to fire after "CreateUserEvent". We have another PX Policy (SendSMS) that is supposed to fire when the AssignDefProvRole policy fires and successfully assigns the default provisioning role to the newly created user.
Currently we have configured the SendSMS policy to fire when the original task, CreateUser, completes (Task completed).
However, this setup fails to comply with the intended purpose, which is to fire SendSMS policy on successful assignment of the default provisioning role. Even if the AssignDefProvRole fails (account creation on endpoint fails) to successfully assign the default poovisioning role, the SendSMS policy fires.
It would be great if someone can work out how to achieve the intended goal.
Why not use the completion of the AssignProvisioningRole event to trigger the PX policy?
You can try this way...
1st PX Trigger when (Policy Type=Submitted task) - Task Submission of CreateUser task
Action: Add user with default provisioning role.
2nd PX Trigger when(Policy Type=Submitted Task) - Task Completed of CreateUser task
Action: Trigger SendSMS
There is no "completion" or "success" status for events, but only "Failed" status. So we decided to fire another policy on "Failed" status of AssignProvisioningRoleEvent event to set a flag for policies to follow. However, this policy was also not being triggered. Working with CA support, we found the reason for this was that our main task was set for Account Synchronization "On task completion".
With AccountSync=OnEveryEvent,during the AssignProvisioningRoleEvent the IM Server will send a request to the Provisioning Server that includes both the Provisioning Role and the eTSyncUsers flag which causes the account creation attempt to occur and causes the failure which leads to the PX being triggered.
But with AccountSync=OnTaskCompletion during the AssignProvisioningRoleEvent the IM Server will send a request to the Provisioning Server that only includes the Provisioning Role and not the eTSyncUsers flag which does not cause a failure since no account creation is attempted. That does not occur until the SynchronizeAttributesWithAccountsEvent.