Tags that are used in incidents are currently inconsistent for Access Management & Provisioning.

This makes it hard to automate, because of a lack of standardisation.

Mainly:

Tags consist of a type, and a list Components. If you look at the tags for SA, the json looks like this:

"tags":[{"type":"Domain","value":"SA"},{"type":"Component","value":"Tasks"},{"type":"Component","value":"Delegated Form"}]}

This works the same for everything, except certificates. Those tags dont have a domain:

"tags":[{"type":"AM","value":"Certificate"}]

This is wrong, it SHOULD be: "tags":[{"type":"Domain","value":"AM"},{"type":"Component","value":"Certificate"]

The other thing that should be fixed is that the provisioning tags are too generic. Based on the tags I can't see what part of provisioning has an error. SA has this granularity, because there are multiple Component tags so you can see the difference between a Delegated Form task, or a DataSource task.

With provisionining there are only the components: 'Source' & 'Target'

It SHOULD also have the components (for example):

'Aggregation', 'Threshold', 'Failed'

If those are added you can see based on the tags what kind of incident there is.

Failed Import, Import Blocked, Target theshold, Target failed, Aggregation Suggestion