When an identity refresh is run as part of a sequential task, it hangs and does not complete as expected.
Most users should find a sequential task as described above completes successfully. A small subset of users may find the task hangs or fails to complete when these tasks are schedule sequentially. Within the subset of failure cases, most errors are reported when the identity refresh takes places immediately after an account aggregation. Since account aggregations may prompt their own refresh activities which can lock the identity during processing, there is potential for a sequentially scheduled refresh to encounter errors during the task.
A user encountering errors in this situation should try separating the aggregation and refresh tasks into discrete tasks, scheduled at different times. This has proven to resolve many instances where a sequentially scheduled identity refresh failed to complete.
How does the sequential task work? Let's say the sequential task is configured with account aggregation and Identity refresh. When an account aggregation completes the last account scan and the Identity update in SailPoint then does the sequential task trigger the Identity Refresh task ? Can you please provide more context in how the Identity Refresh hang can happen due to sequential task?
We have configured our HR authoritative account aggregation and Identity Refresh in sequential task. We didn't see Identity Refresh hang situation. To add, the solution says we need to create a different sequential task for hang issue? This means, create one sequential for HR authoritative account aggregation and another one for Identity Refresh and put them in another sequential task?
That makes no sense to me. We always run aggregations followed by Identity refresh in our sequential tasks. I'm also interested in hearing how running the ID refresh in the sequential task will cause it to hang. How in the world else are you supposed to run it?
how to create a sequential task ?
Hi @v764681 Goto Setup ->Tasks on righttop click NewTask-> Sequential Task Launcher.
This will create new Sequential Task and you can configure the list of tasks to be executed.
Few more:
1) How to add a custom java class to sailpoint (like our custom executor)?
2) how to fetch the fullurl/baseurl/contexturl from applicaiton object in case of web service connector and how to modify them in our beanshell code?
Hello @michael_slavin ,
Thanks for your post. However, we had this topic discussed internally, this does not make sense to us.
As to our understanding the sequential task is the recommended way to execute the tasks with clear dependencies. (e.g. HR source aggregation > Identity Refresh)
And we can not find any official best practice or guideline regarding this topic (or if there were, please let me know).
May you express more details on this, and what should be the best design in this case.
Thanks and Regards,
Mike
@mike818148, (and others) thanks for raising your concerns, and I apologize if this article has created unnecessary issues in your development.
You're correct that for the vast majority of cases, especially when dealing with dependent tasks as you point out, a Sequential Task is the expected process. As a design pattern, it should complete successfully, and in a generally performant way.
This article is intended to address a possible workaround for the small subset of users who experience stalled or failed Sequential Tasks, based on the diagnostic steps frequently used by Support Engineers when assisting users in these situations. The article was worded in an overly broad way (as a "best practice" or categorical recommendation) when that shouldn't be the case. I'll work on updating this to more accurately reflect the limited scope of this recommendation.
For the small number of users where the expected design pattern fails to complete successfully, the root cause of such failures can be difficult to determine, often the result of factors in other design or configuration choices that only manifest in this situation. After reviewing the process our Support Engineers used to remedy the cases where such Sequential Tasks fail with no ready explanation, we drafted this article. It should only be necessary when the expected design fails to function.