Hello
An account is required for a Role with Entitlements.
This means that a new account will be created when the "new employee" Role is run.
The current issue is:
When the Role runs, the appropriate workflow variables Add/Create are generated.
However, the Add generates a manual workflow because:
AFX reports this item failed with code [120] and message: 'Invalid "Add Account to AD Group" command Account parameter value for Active Directory connector'.
However, subsequent Rules ( missing entitlements) adds the account to the group without any problems.
Adding existing accounts to groups does not have any issues.
I know somethings change by us and RSA, but I can't figure out why it fails on the initial add/create.
Version: 7.1 P3.
If the user requesting access does not have an account, then you either Set the "Entitlements require accounts” to "Yes” for that application (by attaching an Account Template to it first). Or the CR will just fail at fulfilment phase since there is no account available to provision to.
Also the default AFX fulfilment workflow handles this in fulfilment phase to make sure that it first runs the Create Account, then any subsequent Add entitlement afterwards. If you create your own custom AFX workflow, then make sure it is based off the default AFX workflow without removing the Java Node and loop that exist there.