Skip to content

Workflow Steps and Definitions

All workflows are made of several parts:

  • The metadata, where you can define the workflow's name and description.
  • The trigger, which determines the event that causes the workflow to run.
  • The steps, called actions and operators, which define the actions and decisions a workflow makes as it runs.

To better understand how to use these parts to create a workflow, review the following definitions, JSON samples, and, when applicable, the required configuration fields.

Metadata

A workflow's metadata defines basic information about a workflow, such as its name and description.

The metadata about a workflow can be configured either in the UI or using JSON. You can find an example JSON file below, which can be edited to meet your needs.

Open Metadata File JSON Schema

{
  "name": "WORKFLOW NAME",
  "description": "WORKFLOW DESCRIPTION",
  "version": "1.0",
  "definition": {
    "trigger": {},
    "start":"",
    "steps": {}
  }
}
    

Triggers

A trigger is the event that tells the workflow to start. The workflow uses data provided by the input to calculate the results of each action and operator.

Each workflow can have exactly one trigger. The trigger provides the initial input to the workflow.

All available triggers are listed below, along with a sample input if applicable that can be used for testing a workflow.

You can also use the Filter field to limit when triggers fire.


Access Request Decision

An access request was approved or denied.

This trigger only fires if you have the Access Request service.

Open "Access Request Decision" JSON Sample

{
    "accessRequestId":"4b4d982dddff4267ab12f0f1e72b5a6d",
    "requestedBy":{
        "id":"2c91808b6ef1d43e016efba0ce470906",
        "name":"Adam Admin",
        "type":"IDENTITY"
    },
    "requestedFor":{
        "id":"2c91808b6ef1d43e016efba0ce470909",
        "name":"Ed Engineer",
        "type":"IDENTITY"
    },
    "requestedItemsStatus":[
        {
            "approvalInfo":[
                {
                    "approvalComment":" this is an approval comment",
                    "approvalDecision":"APPROVED",
                    "approver":{
                        "id":"2c91808b6ef1d43d016efba0cf470910",
                        "name":"Stephen Austin",
                        "type":"IDENTITY"
                    },
                    "approverName":"Stephen.Austin"
                }
            ],
            "clientMetadata":{
                "applicationName":"My application"
            },
            "comment":"requester comments",
            "description":"Engineering Access",
            "id":"2a91808b6cf1d43e016efba0cf470904",
            "name":"Engineering Access",
            "operation":"Add",
            "type":"ACCESS_PROFILE"
        }
    ]
}
    

Account Aggregation Completed

An aggregation completed.

Open "Account Aggregation Completed" JSON Sample

{
    "source":{
        "id":"4e4d982afddff4267ab12f0f1e72b5e6d",
        "name":"Corporate Active Directory",
        "type":"SOURCE"
    },
    "status":"Success",
    "started":"2020-06-29T22:01:50.474Z",
    "completed":"2020-06-29T22:02:04.090Z",
    "errors":[

    ],
    "warnings":[
        "Account skipped"
    ],
    "stats":{
        "scanned":200,
        "unchanged":190,
        "changed":6,
        "added":4,
        "removed":3
    }
}
    

Accounts Collected for Aggregation

An account aggregation completed, was terminated, or failed.

Open "Accounts Collected for Aggregation" JSON Sample

{
    "source":{
        "id":"4e4d982dbdff4267ab16f0f1e72b5c6d",
        "name":"Corporate Active Directory",
        "type":"SOURCE"
    },
    "status":"Success",
    "started":"2020-06-29T22:01:50.474Z",
    "completed":"2020-06-29T22:02:04.090Z",
    "errors":[
    ],
    "warnings":[
        "Account skipped"
    ],
    "stats":{
        "scanned":200,
        "unchanged":190,
        "changed":6,
        "added":4,
        "removed":3
    }
}
    

Campaign Activated

A certification campaign was activated.

This trigger only fires if you have the Certifications service.

Open "Campaign Activated" JSON Sample

{
    "campaign":{
        "id":"2c91848576f886190176e88cac6a0010",
        "name":"Manager Access Campaign",
        "description":"Audit access for all employees.",
        "created":"2021-02-16T03:04:45.815Z",
        "modified":null,
        "deadline":"2021-03-16T03:04:45.815Z",
        "type":"MANAGER",
        "campaignOwner":{
            "id":"37f081867702e1910177031820c40n27",
            "displayName":"John Snow",
            "email":"john.snow@example.com"
        },
        "status":"ACTIVE"
    }
}
    

Campaign Ended

A certification campaign ended.

This trigger only fires if you have the Certifications service.

Open "Campaign Ended" JSON Sample

{
    "campaign":{
        "id":"2c91808576f846190176f81cac5a0810",
        "name":"Manager Access Campaign",
        "description":"Audit access for all employees.",
        "created":"2021-02-16T03:04:45.815Z",
        "modified":null,
        "deadline":"2021-03-16T03:04:45.815Z",
        "type":"MANAGER",
        "campaignOwner":{
            "id":"37f080867705c1910177031220c40e27",
            "displayName":"John Snow",
            "email":"john.snow@example.com"
        },
        "status":"COMPLETED"
    }
}
    

Campaign Generated

A certification campaign finished generating.

This trigger only fires if you have the Certifications service.

Open "Campaign Generated" JSON Sample

{
    "campaign":{
        "id":"2c91834576f886190176f88efc5a0010",
        "name":"Manager Access Campaign",
        "description":"Audit access for all employees.",
        "created":"2021-02-16T03:04:45.815Z",
        "modified":null,
        "deadline":null,
        "type":"MANAGER",
        "campaignOwner":{
            "id":"37f082867702c1910177031320c60n27",
            "displayName":"John Snow",
            "email":"john.snow@example.com"
        },
        "status":"STAGED"
    }
}
    

Certification Signed Off

A certification reviewer signed off on their certifications.

This trigger only fires if you have the Certifications service.

Open "Certification Signed Off" JSON Sample

{
    "certification":{
        "id":"2c91208574f836190176b88caf0d0167",
        "name":"Manager Access Review for Alice Baker",
        "created":"2020-02-16T03:04:45.815Z",
        "modified":null,
        "campaignRef":{
            "campaignType":"MANAGER",
            "description":"Audit access for all employees.",
            "type":"CAMPAIGN",
            "id":"2c91808576f896190176f38cac5c0010",
            "name":"Manager Access Campaign"
        },
        "completed":true,
        "hasErrors":false,
        "errorMessage":null,
        "decisionsMade":50,
        "decisionsTotal":50,
        "due":"2020-03-16T03:04:45.815Z",
        "signed":"2020-03-04T03:04:45.815Z",
        "reviewer":{
            "name":"Reviewers group",
            "id":"6a80321c-8d11-40bc-a3c8-29e2660b85e8",
            "type":"GOVERNANCE_GROUP",
            "email":null
        },
        "campaignOwner":{
            "id":"37f081867702c1910179031320c40n27",
            "displayName":"John Snow",
            "email":"john.snow@example.com"
        },
        "reassignment":{
            "comment":"Changing reviewer.",
            "from":{
                "id":"8a89c6de77ef762f0177ef7f52f10004",
                "name":"Manger Access Review for Charlie Davis",
                "type":"CERTIFICATION",
                "reviewer":{
                    "id":"2c9180867702c1910177031320c4010c",
                    "name":"Charlie Davis",
                    "type":"IDENTITY",
                    "email":"charlie.davis@example.com"
                }
            }
        },
        "phase":"SIGNED",
        "entitiesCompleted":12,
        "entitiesTotal":12
    }
}
    

External Trigger

A third party system triggered a workflow based on configurations made on that system and within your SaaS platform. Because you configure the JSON input for this trigger on the third-party source, no sample input is provided.

To use an external trigger, you must generate an access token using the information provided in the trigger. You can find an overview of generating an access token below.

Generating an Access Token for an External Trigger

After adding an External Trigger to your workflow:

  1. Select New Access Token.

  2. Copy the Client ID, Client URL, and the Client Secret to a secure location and save them. The Client Secret can't be retrieved once this page is closed.

  3. Use the contents of the text field under Generate OAuth Token to create an OAuth 2.0 token so that your external system can authenticate into your SaaS platform and trigger your workflow.

  4. Use the contents of the text box under Provide Workflow Input to configure your external system to correctly trigger your workflow. Replace the {"sampleJSON":"sampleJSON"} object with the input you want to use in your workflow.

Once you've completed these steps or saved this information in a secure location, you can close the overlay and continue building your workflow.

If you lose the access token for this step and need to generate a new one, you can select this step and choose New Access Token. The previous token will be overwritten.


Identity Attributes Changed

One or more attributes was changed on an identity.

Open "Identity Attributes Changed" JSON Sample

{
    "identity":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    },
    "changes":[
        {
            "attribute":"department",
            "oldValue":"sales",
            "newValue":"marketing"
        },
        {
            "attribute":"manager",
            "oldValue":{
                "id":"ee769173319b41d19ccec6c235423237b",
                "name":"nice.guy",
                "type":"IDENTITY"
            },
            "newValue":{
                "id":"ee769173319b41d19ccec6c235423236c",
                "name":"mean.guy",
                "type":"IDENTITY"
            }
        },
        {
            "attribute":"email",
            "oldValue":"john.doe@hotmail.com",
            "newValue":"john.doe@gmail.com"
        }
    ]
}
    

Identity Created

A new identity was created.

Open "Identity Created" JSON Sample

{
    "identity":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    },
    "attributes":{
        "firstname":"John",
        "lastname":"Doe",
        "email":"john.doe@gmail.com",
        "department":"Sales",
        "displayName":"John Doe",
        "created":"2020-04-27T16:48:33.597Z",
        "employeeNumber":"E009",
        "uid":"E009",
        "inactive":"true",
        "phone":null,
        "identificationNumber":"E009",
        "isManager":false,
        "manager":{
            "id":"ee769173319b41d19ccec6c235423237b",
            "name":"nice.guy",
            "type":"IDENTITY"
        },
        "customAttribute1":"customValue",
        "customAttribute2":"customValue2"
    }
}
    

Identity Deleted

An identity was deleted from IdentityNow. Note that this does not mean that the user no longer has accounts on any sources, only that their accounts do not correlate to an identity.

Open "Identity Deleted" JSON Sample

{
    "identity":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    },
    "attributes":{
        "firstname":"John",
        "lastname":"Doe",
        "email":"john.doe@gmail.com",
        "department":"Sales",
        "displayName":"John Doe",
        "created":"2020-04-27T16:48:33.597Z",
        "employeeNumber":"E009",
        "uid":"E009",
        "inactive":"true",
        "phone":null,
        "identificationNumber":"E009",
        "isManager":false,
        "manager":{
            "id":"ee769173319b41d19ccec6c235423237b",
            "name":"nice.guy",
            "type":"IDENTITY"
        },
        "customAttribute1":"customValue",
        "customAttribute2":"customValue2"
    }
}
    

Provisioning Completed

A provisioning action completed on a source.

This trigger only fires if you have the Provisioning service.

Open "Provisioning Completed" JSON Sample

{
    "trackingNumber":"4b4d982dddff4267ab12f0f1e72b5a6d",
    "action":"IdentityRefresh",
    "requester":{
        "id":"2c91808b6ef1d43e016efba0ce470906",
        "name":"Adam Admin",
        "type":"IDENTITY"
    },
    "recipient":{
        "id":"2c91808b6ef1d43e016efba0ce470909",
        "name":"Ed Engineer",
        "type":"IDENTITY"
    },
    "errors":[
        "General Error",
        "Connector AD Failed"
    ],
    "warnings":[
        "Notification Skipped due to invalid email"
    ],
    "sources":"Corp AD, Corp LDAP, Corp Salesforce",
    "accountRequests":[
        {
            "source":{
                "id":"4e4d982dddff4267ab12f0f1e72b5a6d",
                "name":"Corporate Active Directory",
                "type":"SOURCE"
            },
            "accountId":"CN=example,ou=sample,ou=test,dc=ex,dc=com",
            "accountOperation":"Modify",
            "provisioningResult":"SUCCESS",
            "provisioningTarget":"Corp AD",
            "ticketId":"72619262",
            "attributeRequests":[
                {
                    "operation":"Add",
                    "attributeName":"memberOf",
                    "attributeValue":"CN=jedi,DC=starwars,DC=com"
                }
            ]
        }
    ]
}
    

Scheduled Search

A scheduled search completed and results are available.

Open "Scheduled Search" JSON Sample

{
    "fileName":"Modified.zip",
    "ownerEmail":"test@sailpoint.com",
    "ownerName":"Cloud Support",
    "query":"modified:[now-7y/d TO now]",
    "searchName":"Modified Activity",
    "searchResults":{
        "Identity":{
            "count":"2",
            "noun":"identities",
            "preview":[
                [
                    "Display Name",
                    "First Name",
                    "Last Name",
                    "Work Email",
                    "Created",
                    "Lifecycle State"
                ],
                [
                    "Carol Shelby",
                    "Carol",
                    "Shelby",
                    "carol.shelby@sailpoint.com",
                    "2019-11-14T15:56:00.862Z",
                    ""
                ],
                [
                    "Jack Roush",
                    "Jack",
                    "Roush",
                    "jack.rousha@sailpoint.com",
                    "2019-11-14T15:56:00.862Z",
                    ""
                ]
            ]
        },
        "Entitlement":{
            "count":"2",
            "noun":"entitlements",
            "preview":[
                [
                    "Display Name",
                    "Name",
                    "Description",
                    "Source ID",
                    "Source Name",
                    "Attribute",
                    "Value",
                    "Privileged",
                    "Tags"
                ],
                [
                    "Administrator",
                    "Administrator",
                    "Full administrative access to IdentityNow",
                    "2c91808a6e236e33016e6a91f61e3b32",
                    "IdentityNow",
                    "assignedGroups",
                    "ORG_ADMIN",
                    "false",
                    ""
                ],
                [
                    "Auditor",
                    "Auditor",
                    "Auditor access to IdentityNow",
                    "2c91808a6e236e33016e6a91f61e3b32",
                    "IdentityNow",
                    "assignedGroups",
                    "AUDITOR",
                    "false",
                    ""
                ]
            ]
        },
        "Account":{
            "count":"3",
            "noun":"accounts",
            "preview":[
                [
                    "Account Name",
                    "Native Account ID",
                    "Source Name",
                    "Identity Name",
                    "Extended Attributes",
                    "Tags"
                ],
                [
                    "Stacy.Warner",
                    "Stacy.Warner",
                    "House Staff",
                    "Stacy.Warner",
                    "mail=stacy@house.com,teletexTerminalIdentifier=teletexTerminalIdentifier,postalCode=78726,carLicense=[carLicense],telexNumber=telexNumber,employeeNumber=681497,postOfficeBox=postOfficeBox,registeredAddress=registeredAddress,pager=pager,msRTCSIP-UserEnabled=false,mailNickname=mailNickname,LyncPinSet=LyncPinSet,physicalDeliveryOfficeName=abc,sAMAccountName=Stacy.Warner,initials=HH,msNPAllowDialin=msNPAllowDialin,givenName=Stacy,homePhone=512-942-7578,objectClass=[objectClass],destinationIndicator=destinationIndicator,postalAddress=postalAddress,internationaliSDNNumber=internationaliSDNNumber,departmentNumber=Legal,objectSid=objectSid,LyncPinLockedOut=LyncPinLockedOut,pwdLastSet=pwdLastSet,msNPCallingStationID=[msNPCallingStationID],msRADIUSFramedIPAddress=msRADIUSFramedIPAddress,preferredLanguage=preferredLanguage,roomNumber=roomNumber,telephoneNumber=512-942-7578,displayName=Stacy Warner,distinguishedName=DN=Stacy Warner,title=title,seeAlso=seeAlso,uid=uid,secretary=secretary,street=street,objectguid=125,memberOf=[Diagnostics],msExchHideFromAddressLists=false,sn=Warner,department=department,userPrincipalName=userPrincipalName,idNowDescription=391ff9c367aa90a0e1a0c6c174aa1d3dec1d3071148e0e62827858a562397224,st=st,manager=CN=Lisa.Cuddy,ou=[ou],mobile=512-942-7578,primaryGroupDN=primaryGroupDN,cn=Stacy.Warner,facsimileTelephoneNumber=[512-942-7578],l=l,homeMDB=homeMDB,homePostalAddress=11305 Four Points Blvd,SipAddress=SipAddress,o=o,accountFlags=[accountFlags],employeeType=Full Time,preferredDeliveryMethod=preferredDeliveryMethod,primaryGroupID=primaryGroupID,businessCategory=Legal,RegistrarPool=RegistrarPool,msDS-PrincipalName=msDS-PrincipalName,msRADIUSFramedRoute=[msRADIUSFramedRoute],msRADIUSCallbackNumber=msRADIUSCallbackNumber",
                    ""
                ],
                [
                    "Lisa.Cuddy",
                    "Lisa.Cuddy",
                    "House Staff",
                    "Lisa.Cuddy",
                    "mail=james@house.com,teletexTerminalIdentifier=teletexTerminalIdentifier,postalCode=78726,carLicense=[carLicense],telexNumber=telexNumber,employeeNumber=681497,postOfficeBox=postOfficeBox,registeredAddress=registeredAddress,pager=pager,msRTCSIP-UserEnabled=false,mailNickname=mailNickname,LyncPinSet=LyncPinSet,physicalDeliveryOfficeName=abc,sAMAccountName=Lisa.Cuddy,initials=HH,msNPAllowDialin=msNPAllowDialin,givenName=Lisa,homePhone=512-942-7578,objectClass=[objectClass],destinationIndicator=destinationIndicator,postalAddress=postalAddress,internationaliSDNNumber=internationaliSDNNumber,departmentNumber=Administration,objectSid=objectSid,LyncPinLockedOut=LyncPinLockedOut,pwdLastSet=pwdLastSet,msNPCallingStationID=[msNPCallingStationID],msRADIUSFramedIPAddress=msRADIUSFramedIPAddress,preferredLanguage=preferredLanguage,roomNumber=roomNumber,telephoneNumber=512-942-7578,displayName=Lisa Cuddy,distinguishedName=DN=Lisa Cuddy,title=title,seeAlso=seeAlso,uid=uid,secretary=secretary,street=street,objectguid=125,memberOf=[Administration],msExchHideFromAddressLists=false,sn=Cuddy,department=department,userPrincipalName=userPrincipalName,idNowDescription=0fb7bb4cb6c086640ef098f5dd36c5c42500e3a60a116ea936f284a4f70cf45b,st=st,manager=CN=Lisa.Cuddy,ou=[ou],mobile=512-942-7578,primaryGroupDN=primaryGroupDN,cn=Lisa.Cuddy,facsimileTelephoneNumber=[512-942-7578],l=l,homeMDB=homeMDB,homePostalAddress=11305 Four Points Blvd,SipAddress=SipAddress,o=o,accountFlags=[accountFlags],employeeType=Full Time,preferredDeliveryMethod=preferredDeliveryMethod,primaryGroupID=primaryGroupID,businessCategory=Administration,RegistrarPool=RegistrarPool,msDS-PrincipalName=msDS-PrincipalName,msRADIUSFramedRoute=[msRADIUSFramedRoute],msRADIUSCallbackNumber=msRADIUSCallbackNumber",
                    ""
                ],
                [
                    "Robert.Chase",
                    "Robert.Chase",
                    "House Staff",
                    "Robert.Chase",
                    "mail=robert@house.com,teletexTerminalIdentifier=teletexTerminalIdentifier,postalCode=78726,carLicense=[carLicense],telexNumber=telexNumber,employeeNumber=681497,postOfficeBox=postOfficeBox,registeredAddress=registeredAddress,pager=pager,msRTCSIP-UserEnabled=false,mailNickname=mailNickname,LyncPinSet=LyncPinSet,physicalDeliveryOfficeName=abc,sAMAccountName=Robert.Chase,initials=HH,msNPAllowDialin=msNPAllowDialin,givenName=Robert,homePhone=512-942-7578,objectClass=[objectClass],destinationIndicator=destinationIndicator,postalAddress=postalAddress,internationaliSDNNumber=internationaliSDNNumber,departmentNumber=Diagnostics,objectSid=objectSid,LyncPinLockedOut=LyncPinLockedOut,pwdLastSet=pwdLastSet,msNPCallingStationID=[msNPCallingStationID],msRADIUSFramedIPAddress=msRADIUSFramedIPAddress,preferredLanguage=preferredLanguage,roomNumber=roomNumber,telephoneNumber=512-942-7578,displayName=Robert Chase,distinguishedName=DN=Robert Chase,title=title,seeAlso=seeAlso,uid=uid,secretary=secretary,street=street,objectguid=125,memberOf=[Diagnostics],msExchHideFromAddressLists=false,sn=Chase,department=department,userPrincipalName=userPrincipalName,idNowDescription=820ff29573b916d9630205e4cae9a21061284a2866981433c9ef012f644ea326,st=st,manager=CN=Greg.House,ou=[ou],mobile=512-942-7578,primaryGroupDN=primaryGroupDN,cn=Robert.Chase,facsimileTelephoneNumber=[512-942-7578],l=l,homeMDB=homeMDB,homePostalAddress=11305 Four Points Blvd,SipAddress=SipAddress,o=o,accountFlags=[accountFlags],employeeType=Full Time,preferredDeliveryMethod=preferredDeliveryMethod,primaryGroupID=primaryGroupID,businessCategory=Diagnostics,RegistrarPool=RegistrarPool,msDS-PrincipalName=msDS-PrincipalName,msRADIUSFramedRoute=[msRADIUSFramedRoute],msRADIUSCallbackNumber=msRADIUSCallbackNumber",
                    ""
                ]
            ]
        }
    },
    "signedS3Url":"https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Raws4_request&X-Amz-Signature=2e753bb97a12a1fd8a215613e3b82fcdae8ba1fb6a25916843ab5m51d2ddefbc"
}
    

Scheduled Trigger

A scheduled trigger was initiated based on the configured CRON schedule.

To use a scheduled trigger, complete the following fields:

Field Required? Description
CRON Interval Yes The CRON expression to represent the time between runs.

The input for the scheduled trigger is a CRON expression and isn't represented in JSON.


Source Created

A new source was successfully created.

Open "Source Created" JSON Sample

{
    "id":"2c9180866166b5b0016167c32ef31a66",
    "name":"Test source",
    "type":"DIRECT_CONNECT",
    "created":"2021-03-29T22:01:50.474Z",
    "connector":"active-directory",
    "actor":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    }
}
    

Source Deleted

A source was successfully deleted.

Open "Source Deleted" JSON Sample

{
    "id":"2c9180866166b5b0016167c32ef31a66",
    "name":"Test source",
    "type":"DIRECT_CONNECT",
    "deleted":"2021-03-29T22:01:50.474Z",
    "connector":"active-directory",
    "actor":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    }
}
    

Source Updated

Configuration changes were successfully made to a source.

Open "Source Updated" JSON Sample

{
    "id":"2c9180866166b5b0016167c32ef31a66",
    "name":"Test source",
    "type":"DIRECT_CONNECT",
    "modified":"2021-03-29T22:01:50.474Z",
    "connector":"active-directory",
    "actor":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    }
}
    

VA Cluster Status Change Event

A virtual appliance cluster changed status.

Open "VA Cluster Status Change Event" JSON Sample

{
    "created":"2020-06-29T22:01:50.474Z",
    "type":"Source",
    "application":{
        "id":"2c9180866166b5b0016167c32ef31a66",
        "name":"Production VA Cluster",
        "attributes":{
            "clusterId":"2c9180866166b5b0016167c32ef31a66"
        }
    },
    "healthCheckResult":{
        "status":"Failed",
        "resultType":"SOURCE_STATE_FAILURE_SOURCE",
        "message":" Test Connection failed with exception.  Error message - java.lang.Exception"
    },
    "previousHealthCheckResult":{
        "status":"Failed",
        "resultType":"SOURCE_STATE_HEALTHY",
        "message":"Source is healthy."
    }
}
    

Actions

Each action receives input from the data flow and performs an action in IdentityNow. The values you enter in the fields for each action help determine what is done and how. The result of each action, in JSON format, is added to the workflow's data flow.

The value for each field must be either a variable from a previous step or a static, fixed value. Select which format you'll be using for each field before entering the value and saving your workflow.

There are some fields that you will see in every action:

  • Name - The name of the action. This must be unique within the workflow you create, so that it can be used in Next steps and conditional logic. With the workflow builder, this name is automatically generated based on the action type.
  • Description - This is an optional field to allow you to record details about this action and its importance or intent in this workflow.

Each action is allowed a period of time before it times out. If an action times out, the workflow fails.

Below, you can find a list of all actions currently available for workflows, as well as the unique fields and timeout period for each action. If a particular action adds any JSON to the workflow, a sample of that JSON is available.


Activate Certification Campaign

Activates the certification campaign with the selected ID.

Field Required? Description
Campaign ID Yes The ID of the campaign to activate.

If you add this action to your workflow and you don't have the Certifications service, your workflow will fail. This step will time out if it takes longer than 2 hours to complete.


Approve Access Request

Approves an access request with the selected ID and leaves a comment.

Field Required? Description
Access Request ID Yes The ID of the access request to approve.
Comment Yes Provide a comment to leave on the access request's approval.

If you add this action to your workflow and you don't have the Access Request service, your workflow will fail. This step will time out if it takes longer than 90 seconds to complete.


Create Certification Campaign

Creates a new certification campaign. The campaign must be activated separately.

Field Description
Campaign Name The name of the campaign.
Campaign Description A description of the campaign.
Reviewer Type The type of reviewer to use for this campaign. If you select Manager, a certification is created for all identities in your site and each identity's manager will review their access. You can also choose Source Owner to certify all access for one or more sources. If you choose Individual or Governance Group, you can select a specific identity or group to review the access of one or more identities or access items.
Campaign Duration The length of time the certification campaign should run. Choose a time period and then a unit.
AI Recommendations Choose whether or not to include recommendations from the Access Recommendations service in this campaign. If you don't have this service, this field is disabled.
Email Notifications Choose whether or not to send reminder emails associated with the campaign.
Start Campaign when Created Choose whether or not to activate the campaign once it's created. If you disable this option, you must activate the campaign separately.
Undecided Access Items Choose whether to maintain or automatically revoke undecided access items when the campaign ends.
If you selected Source Owner under Reviewer Type:
Source IDs Enter the IDs of all sources to include in the campaign. A single ID can be represented as a string. If including multiple IDs, enclose them in brackets and separate them with spaces. For example, [ID1 ID2 ID3]
If you selected Individual under Reviewer Type:
Reviewer Identity Select the identity that should be responsible for reviewing this certification.
Certification Type Choose whether to use an identity certification to certify the access of one or more identities, or to use an access certification to certify whether each identity that has specific access items should have that access.
If you selected Access Certification in Certification Type under Individual:
Access Type Choose the type of access to be included in this campaign.
Access Filter Choose whether to certify all access of the selected type or only specific access items. If you choose specific access items, use the Access Filter field to choose the IDs of access. You can also enter the ID values manually in a JSON array using this format: [“id1”, “id2”, “id3”]
If you selected Identity Certification in Certification Type under Individual:
Identities to Certify Select the identities to certify in the campaign.
If you selected Governance Group under Reviewer Type:
Governance Group Select a governance group to review this campaign.
Certification Type Choose whether to use an identity certification to certify the access of one or more identities, or to use an access certification to certify whether each identity that has specific access items should have that access.
If you selected Access Certification in Certification Type under Governance Group:
Access Type Choose the type of access to be included in this campaign.
Access Filter Choose whether to certify all access of the selected type or only specific access items. If you choose specific access items, use the Access Filter field to choose the IDs of access. You can also enter the ID values manually in a JSON array using this format: [“id1”, “id2”, “id3”]
If you selected Identity Certification in Certification Type under Governance Group:
Identities to Certify Select the identities to certify in the campaign.

If you add this action to your workflow and you don't have the Certifications service, your workflow will fail. This step will time out if it takes longer than 36 hours to complete.

This action returns a JSON blob when it completes successfully.

Open "Create Certification Campaign" JSON Sample

{
    "id":"2c918086719eec070171a7e3355a360a",
    "name":"Manager Review",
    "description":"A review of everyone's access by their manager.",
    "deadline":"2020-12-25T06:00:00.123Z",
    "type":"MANAGER",
    "status":"ACTIVE",
    "emailNotificationEnabled":false,
    "autoRevokeAllowed":false,
    "recommendationsEnabled":false,
    "filter":{
       "type":"CAMPAIGN_FILTER",
       "id":"e0adaae69852e8fe8b8a3d48e5ce757c"
    }
}
    

Create Request for Access

Submits an access request for the selected list of users.

Field Required? Description
Identity IDs Yes The technical IDs of the identities to request this access for. This must be either JSONPath or a list in JSON format.
Items to Request Yes The technical IDs of the items to be requested. This must be either JSONPath or a list in JSON format.

If you add this action to your workflow and you don't have the Access Request service, your workflow will fail. This step will time out if it takes longer than 90 seconds to complete.


Deny Access Request

Denies an access request by ID and leaves a comment.

Field Required? Description
Access Request ID Yes The ID of the access request to deny.
Comment Yes Provide a comment to leave on the access request's denial.

If you add this action to your workflow and you don't have the Access Request service, your workflow will fail. This step will time out if it takes longer than 90 seconds to complete.


Disable Account

Disables an account on a source by its technical ID.

Field Required? Description
Account ID Yes The technical ID of the account to disable.

This step will time out if it takes longer than 2 minutes to complete.

This action returns a JSON blob when it completes successfully.

Open "Disable Account" JSON Sample

{
    "id":"2c91803654683da6017468123c260195"
}
    

Enable Account

Enables an account on a source by its technical ID.

Field Required? Description**
Account ID Yes The technical ID of the account to enable.

This step will time out if it takes longer than 2 minutes to complete.

This action returns a JSON blob when it completes successfully.

Open "Enable Account" JSON Sample

{
    "id":"2c91803654683da6017468123c260195"
}
    

Get Access

Gets a set of access items held by a selected identity or found through a search query.This step returns a maximum of 250 access items and is often used in conjunction with the Manage Access step.

Field Description
Access Selection Method Select how to determine the access that will be returned. Options are By Identity and By Search Query.
If you select By Identity:
By Identity Select an identity from the dropdown list, or use Choose Variable to select an identity from the input.
If you select By Search Query:
By Search Query Enter a search query to return specific access.

Underneath these fields, you select the checkbox beside the types of access you want to return. The options are access profiles, roles, and entitlements.

This step will time out if it takes longer than 1 minute to complete.

This action returns a JSON blob when it completes successfully. The sample JSON blob below includes an entitlement, a role, and an access profile. This is the format that the Manage Access step expects.

Open "Get Access" JSON Sample

{
    "accessItems":[
        {
            "id":"2c9180847fdd00e1017ff5afb9c31f4e",
            "name":"CN=AD Access,OU=pod-name,DC=Test",
            "type":"entitlement"
        },
        {
            "id":"2c9180867ff523f4017ff5b17ff500af",
            "name":"Sales Role",
            "type":"role"
        },
        {
            "id":"2c9180887ff4d87e017ff5b1192b010e",
            "name":"Access to AD",
            "type":"accessprofile"
        }
    ]
}
    

Get Access Request Recommendations

Gets a list of the recommended access requests for the specified user.

Field Required? Description
Get Access Request Recommendations Yes The ID of the identity for whom to retrieve access request recommendations.

If you add this action to your workflow and you don't have the Access Request and Recommendations AI services, your workflow will fail.

This step will time out if it takes longer than 90 seconds to complete.

This action returns a JSON blob when it completes successfully.

Open "Get Access Request Recommendation" JSON Sample

{
    "response":[
        {
            "request":{
                "identityId":"2c91803654683da6017468123c260195",
                "item":{
                    "id":"2c938083633d259901633d2623ec0375",
                    "type":"ENTITLEMENT"
                }
            },
            "recommendation":"YES",
            "interpretations":[
                "75% of identities with the same department have this access. This information had a high impact on the overall score.",
                "67% of identities with the same peer group have this access. This information had a low impact on the overall score.",
                "42% of identities with the same location have this access. This information had a low impact on the overall score."
            ],
            "translationMessages":[
                {
                    "key":"recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH",
                    "values":[
                        "75",
                        "department"
                    ]
                }
            ],
            "recommenderCalculations":{
                "identityId":"2c91808457d8f3ab0157e3e62cb4213c",
                "entitlementId":"2c91809050db617d0150e0bf3215385e",
                "recommendation":"YES",
                "overallWeightedScore":0,
                "featureWeightedScores":{
                    "property1":0,
                    "property2":0
                },
                "threshold":0,
                "identityAttributes":{
                    "property1":{
                        "value":"string"
                    },
                    "property2":{
                        "value":"string"
                    }
                },
                "featureValues":{
                    "feature":"department",
                    "numerator":0,
                    "denominator":0
                }
            }
        }
    ]
}
    

Get Accounts

Gets one or more source accounts. This step returns a maximum of 250 accounts and is often used in conjunction with Manage Accounts.

Field Description
Account Selection Method Select By Identity to choose an identity and return its accounts. Select By Account Data to filter the accounts returned by details about the accounts.
If you selected By Identity:
Accounts By Identity Select an identity using the dropdown list or use Choose Variable to select the technical ID of an identity from the input. All accounts of the selected identity will be returned.
If you selected By Account Data:
Account Details Select an option to return accounts using details related to the account. options include the Technical ID of the account, the technical Identity ID, the Account Name, the native Account ID, the Source ID, and the Uncorrelated status.
Operator How to compare the value of the selected account detail with the Value field below. At this time, the valid option is Equals.
Value Enter a value to compare to the selected account detail you selected and return accounts that match your requirements.

This step will time out if it takes longer than 1 minute to complete.

This action returns a JSON blob when it completes successfully.

Open "Get Accounts" JSON Sample

{
    "accounts":[
        {
            "id":"id12345",
            "name":"aName",
            "created":"2019-08-24T14:15:22Z",
            "modified":"2019-08-24T14:15:22Z",
            "sourceId":"2c9180835d2e5168015d32f890ca1581",
            "identityId":"2c9180835d2e5168015d32f890ca1581",
            "attributes":{

            },
            "authoritative":true,
            "description":"string",
            "disabled":true,
            "locked":true,
            "nativeIdentity":"string",
            "systemAccount":true,
            "uncorrelated":true,
            "uuid":"string",
            "manuallyCorrelated":true,
            "hasEntitlements":true
        }
    ]
}
    

Get Certification Campaign

Gets data about the specified certification campaign.

Field Required? Description
Campaign ID Yes The ID of the campaign to get.

If you add this action to your workflow and you don't have the Certifications service, your workflow will fail. This step will time out if it takes longer than 1 minute to complete.

This action returns a JSON blob when it completes successfully.

Open "Get Certification Campaign" JSON Sample

{
    "id":"2c918086719eec070171a7e3355a360a",
    "name":"Manager Review",
    "description":"A review of everyone's access by their manager.",
    "deadline":"2020-12-25T06:00:00.123Z",
    "type":"MANAGER",
    "status":"ACTIVE",
    "emailNotificationEnabled":false,
    "autoRevokeAllowed":false,
    "recommendationsEnabled":false
}
    

Get Identities

Gets data about a list of one or more identities.

You can choose how to find the identities you want to manage. Additional fields will be displayed based on your choice.

In the Find Identities By field, choose an option. Additional fields appear when you select how to return identities.

Field Description
Search Query Enter a search query to return one or more identities.
Saved Search Choose a saved search from the dropdown list.
Tag Find identities that have a specific tag.
Managers Select one or more managers. All of the identities that report to one of those managers will be returned.
Direct Reports Select one or more identities. All of the managers of those identities will be returned.

This step will time out if it takes longer than 1 minute to complete.

This action returns a JSON blob when it completes successfully.

Open "Get Identities" JSON Sample

{
    "identities":[
        {
            "id":"2c9180865c45e7e3015c46c434a80622",
            "name":"ad.admin",
            "_type":"identity",
            "firstName":"AD",
            "lastName":"Admin",
            "displayName":"AD Admin",
            "email":"SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM",
            "created":"2018-08-22T19:54:54.302Z",
            "modified":"2018-08-22T19:54:54.302Z",
            "synced":"2018-08-22T19:54:54.302Z",
            "phone":"512-942-7578",
            "inactive":false,
            "protected":false,
            "status":"UNREGISTERED",
            "employeeNumber":"O349804",
            "manager":null,
            "isManager":false,
            "identityProfile":{
                "id":"2c918085605c8d0601606f357cb231e6",
                "name":"E2E AD"
            },
            "source":{
                "id":"2c9180855c45b230015c46c19b9c0202",
                "name":"EndToEnd-ADSource"
            },
            "attributes":{
                "uid":"ad.admin",
                "firstname":"AD",
                "cloudAuthoritativeSource":"2c9180855c45b230015c46c19b9c0202",
                "cloudStatus":"UNREGISTERED",
                "iplanet-am-user-alias-list":null,
                "displayName":"AD Admin",
                "internalCloudStatus":"UNREGISTERED",
                "workPhone":"512-942-7578",
                "email":"SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM",
                "lastname":"Admin"
            },
            "processingState":null,
            "processingDetails":null,
            "accounts":[
                {
                    "id":"2c9180865c45e7e3015c46c434a80623",
                    "name":"ad.admin",
                    "accountId":"CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local",
                    "source":{
                        "id":"2c9180855c45b230015c46c19b9c0202",
                        "name":"EndToEnd-ADSource",
                        "type":"Active Directory - Direct"
                    },
                    "disabled":false,
                    "locked":false,
                    "privileged":false,
                    "manuallyCorrelated":false,
                    "passwordLastSet":"2018-08-22T19:54:54.302Z",
                    "entitlementAttributes":{
                        "memberOf":[
                            "CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local",
                            "CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local",
                            "CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local",
                            "CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local",
                            "CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local",
                            "CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local",
                            "CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local"
                        ]
                    },
                    "created":"2018-08-22T19:54:54.302Z"
                },
                {
                    "id":"2c918083606d670c01606f35a30a0349",
                    "name":"ad.admin",
                    "accountId":"ad.admin",
                    "source":{
                        "id":"ff8081815c46b85b015c46b90c7c02a6",
                        "name":"IdentityNow",
                        "type":"IdentityNowConnector"
                    },
                    "disabled":false,
                    "locked":false,
                    "privileged":false,
                    "manuallyCorrelated":false,
                    "passwordLastSet":null,
                    "entitlementAttributes":null,
                    "created":"2018-08-22T19:54:54.302Z"
                }
            ],
            "accountCount":2,
            "apps":[
                {
                    "id":"22751",
                    "name":"ADP Workforce Now",
                    "source":{
                        "id":"2c9180855c45b230015c46e2f6a8026a",
                        "name":"Corporate Active Directory"
                    },
                    "account":{
                        "id":"2c9180865c45efa4015c470be0de1606",
                        "accountId":"CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com"
                    }
                }
            ],
            "appCount":1,
            "access":[
                {
                    "id":"2c918083634bc6cb01639808d40270ba",
                    "name":"test [AccessProfile-1527264105448]",
                    "displayName":"test",
                    "type":"ACCESS_PROFILE",
                    "description":"test",
                    "source":{
                        "id":"2c9180855c45b230015c46c19b9c0202",
                        "name":"EndToEnd-ADSource"
                    },
                    "owner":{
                        "id":"2c9180865c45e7e3015c46c434a80622",
                        "name":"ad.admin",
                        "displayName":"AD Admin"
                    }
                },
                {
                    "id":"2c9180865c45e7e3015c46c457c50755",
                    "name":"Administrators",
                    "displayName":"Administrators",
                    "type":"ENTITLEMENT",
                    "description":null,
                    "source":{
                        "id":"2c9180855c45b230015c46c19b9c0202",
                        "name":"EndToEnd-ADSource"
                    },
                    "privileged":false,
                    "attribute":"memberOf",
                    "value":"CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local",
                    "standalone":false
                },
                {
                    "id":"2c9180865decdaa5015e06598b293108",
                    "name":"test [cloudRole-1503345085223]",
                    "displayName":"test",
                    "type":"ROLE",
                    "description":"test",
                    "owner":{
                        "id":"2c9180865c45e7e3015c46c5030707a0",
                        "name":"will.albin",
                        "displayName":"Albin Will"
                    },
                    "disabled":false
                }
            ],
            "accessCount":3,
            "accessProfileCount":1,
            "entitlementCount":1,
            "roleCount":1,
            "tags":[
                "TAG_1",
                "TAG_2"
            ]
        }
    ]
}
    

Get Identity

Gets data about a single identity.

Field Required? Description
Identity ID Yes The technical ID of the identity to get.

This step will time out if it takes longer than 1 minute to complete.

This action returns a JSON blob when it completes successfully.

Open "Get Identity" JSON Sample

[
    {
        "id":"2c91803654683da6017468123c260195",
        "name":"Alison Ferguso",
        "alias":"alison.ferguso",
        "email":"alison.ferguso@acme-solar.com",
        "status":"Active",
        "manager":{
            "type":"IDENTITY",
            "id":"2c9180a82faadee4016ea4e018c20639",
            "name":"Thomas Edison"
        },
        "attributes":[
            {
                "key":"phone",
                "name":"Phone",
                "value":"5125551234"
            },
            {
                "key":"country",
                "name":"Country",
                "value":"US"
            }
        ]
    }
]
    

HTTP Request

Makes an HTTP request to an external system.

This step will time out if it takes longer than 90 seconds to complete.

Field Description
Authentication Type The type of authentication to use. The options for this field are Basic Authentication, Custom Authorization, and OAuth 2.0 - Client Credentials Grant.
If you selected Basic Authentication:
User Name The user name authorized to access the HTTP service.
Password The password corresponding to the user name.
Method The HTTP method to use. The options are POST, GET, PUT, PATCH, and DELETE.
Request URL The URL of the service endpoint.
Query Parameters The parameters appended to the URL.
Request Headers The headers required by the service endpoint.
If you selected Custom Authorization:
Header Name The name or key required by the HTTP service.
Header Value The value required by the HTTP service.
Request URL The URL of the service endpoint.
Query Parameters The parameters appended to the URL.
Method The HTTP method to use. The options are POST, GET, PUT, PATCH, and DELETE.
If you selected OAuth 2.0 - Client Credentials Grant:
Token URL The URL to retrieve the token.
Client ID The client ID, similar to a user name.
Client Secret The client secret, similar to a password.
Credential Location Whether to include the credentials in the header or the body of the request.
Scope The scope parameters required by some third-party systems. To include multiple scope values in a single parameter, separate values with spaces. To include multiple scope values in multiple parameters, separate values with new lines.
Request URL The URL of the service endpoint.
Query Parameters The parameters appended to the URL.
Request Headers The headers required by the service endpoint.
If you selected POST, PUT, or PATCH in the Method field of any of the above options:
Request Content Type The type of content to include in the request body. The options are CSV, Form, JSON, and plain text.
Request Body The body of your request in the format you specified.

Manage Access

Adds or removes access items on one or more identities.

This step's input must be a list of objects in the same format as is provided by the Get Access step. This includes a JSON body similar to this example:


{
    "accessItems":[
        {
            "id":"technicalID",
            "name":"accessItemName",
            "type":"accessItemType"
        }
    ]
}

This step uses the Access Request service. If an access item being granted to or removed from an identity requires an approval process, this step submits that request and the workflow continues. Workflows with a Manage Access step that requires an approval process will move to the next step once the access request is submitted, while the approvals are still pending.

Field Description
Request Type Choose whether to add or remove access.
Identities Select one or more identities from the dropdown list that should receive this access or have it removed. You can also use Choose Variable to choose the technical IDs of the identities using JSONPath.
Access to Manage Select the access items to manage. The input to this step must be a list of access objects in the format listed above. The Get Access step provides this input in the correct format.
Comments Provide a comment about why this access is changing.
If you selected Add Access under Request Type, the Select Duration field will appear. Optionally enter the length of time that the user should have the access and select a unit.

This step will time out if it takes longer than 30 minutes total to complete.

This action returns a JSON blob when it completes successfully.

Open "Manage Access" JSON Sample

{
    "failedAccessRequests":[
        {
            "id":"2c918089759466e10175c2b5486d0b85",
            "name":"Access Profile 1",
            "type":"ACCESS_PROFILE"
        }
    ],
    "successfulAccessRequests":[
        {
            "id":"2c918089759466e10175adadf0d30567",
            "name":"Role 1",
            "type":"ROLE"
        },
        {
            "id":"2c91808c759466e80175adae75720526",
            "name":"Role 2",
            "type":"ROLE"
        },
        {
            "id":"2c918089759466e10175b9236b7b08e0",
            "name":"Access Profile 2",
            "type":"ACCESS_PROFILE"
        },
        {
            "id":"2c918089759466e10175c2b5486d0b85",
            "name":"Access Profile 3",
            "type":"ACCESS_PROFILE"
        }
    ]
}
    

Manage Accounts

Deletes, disables, enables, or unlocks a source account.

Field Description
Account Action Select an action to take on the selected accounts. Valid options are Delete, Disable, Enable, or Unlock.
Select Accounts Choose one or more accounts to act on. If selecting the IDs of accounts from the Get Accounts step, use the JSONPath $.getAccounts.accounts[*].id. The [*].id must be added to the variable chosen by the Variable Selector.

Note

The Delete option is only applicable to accounts on flat file sources.

This step will time out if it takes longer than 1 hour to complete.

This action returns a JSON blob when it completes successfully. The object in this JSON body is the ID of the account that was updated.

Open "Manage Accounts" JSON Sample

{
   "id":"2c91808474683da6017468693c260195"
}
    

Request Access Removal

Requests the removal of one or more access items from a list of identities.

Field Required? Description
Identity IDs Yes The technical IDs of the identities to request access removal for. This must be either JSONPath or a list in JSON format.
Items to Revoke Yes The technical IDs of the items to request their removal. This must be either JSONPath or a list in JSON format.

If you add this action to your workflow and you don't have the Access Request service, your workflow will fail. This step will time out if it takes longer than 90 seconds to complete.


Send Email

Sends an email to the specified identity.

Field Required? Description
Recipient Addresses Yes The email address that should receive this email. Select or enter up to 10 email addresses.
Reply-To Address No The email address to use as the reply-to address. If left blank, this uses the "From" address on the Branding page.
From Address No The email address to use as the sender address. If left blank, this uses the "From" address on the Branding page.
Subject No The subject line of the email.
Body No The body of the email.
Templating Context No The map of variables to be passed to the email template. Use the format {"variable1.$":"$.JSONPathVariableSelection1", "variable2.$":"$.JSONPathVariableSelection2"}. The variable in each map can be used to represent the value selected by the JSONPath in the second part of each map and entered in the email template using the format ${variable}.

Templating Context Example

The following example uses JSONPath to select the username of an identity in the Get Identity step and assign it the variable "name":
{"name.$":"$.getIdentity.name"}
To use the username variable within the body of the email, the following can be used in the Body field:
"Your username is ${name}."
In the final rendered email, the identity's username will be displayed in place of the variable.

This step will time out if it takes longer than 1 minute to complete.


Unlock Account

Unlocks an account on a source by the specified technical ID.

Field Required? Description
Account ID Yes The technical ID of the account to unlock.

This step will time out if it takes longer than 2 minutes to complete.

This action returns a JSON blob when it completes successfully.

Open "Unlock Account" JSON Sample

{
    "id":"2c91803654683da6017468123c260195"
}
    

Wait

Pauses the workflow's execution for a set period of time.

Field Required? Description
Type Yes Choose Wait For to configure the step to pause for a time duration or Wait Until to wait until a specific date and time.
If you selected Wait For:
Wait Duration Yes The length of time to pause the workflow. Choose a number and select the time unit. Choose a time period between 60 seconds and 30 days.
If you selected Wait Until:
Future Date Yes The date when this workflow should resume. This can be pulled from a variable in the workflow. Choose a date no more than 180 days in the future.
Time Yes The time on the specified date when this workflow should resume. This field only appears when the Type is Wait Until.

This step will time out if it takes longer than 182 days to complete.


Operators

Operators allow you to make comparisons between values and, based on the results of that comparison, choose a new path for your workflow to follow.


Boolean

A boolean operator is a type of choice operator. It compares two boolean (true or false) values.

Field Required? Description
Value 1 No A JSONPath expression to a TRUE or FALSE value in the step's input, to be compared with Value 2.
Comparison Operator Yes The operator Equals.
Value 2 No A static value or a JSONPath expression to another value in the input, to be compared with Value 1.

Compare Numbers

A compare numbers operator is a type of choice operator. It compares two numerical values.

Field Required? Description
Value 1 No A JSONPath expression to an integer value in the step's input, to be compared with Value 2.
Comparison Operator No The operator to use to compare Value 1 to Value 2.
Value 2 No A static value or JSONPath expression to another value in the input, to be compared with Value 1.

Compare Strings

A Compare Strings operator is a type of choice operator. It compares two text, or string, values.

Field Required? Description
Value 1 No A JSONPath expression to a string value in the step's input, to be compared with Value 2.
Comparison Operator Yes The operator to use to compare Value 1 to Value 2.
Value 2 No A static value or a JSONPath expression to another value in the input, to be compared with Value 1.

Verify Data Type

The Verify Data Type operator allows you to confirm that the data in a field you select is a specific type, or that it exists at all.

Field Required? Description
Value Yes A JSONPath expression to a variable in the step's input to validate against what you select in Data Type.
Data Type Yes The type of data. At runtime, the attribute in the Value field is compared to the type selected here.

This step can validate whether the value in the selected attribute:

  • Exists
  • Is a boolean
  • Is a number
  • Is a string
  • Is a timestamp
  • Is null

Comparison Operators

In each choice step, two values are compared. You'll see the following options for the Compare Strings and Compare Numbers steps:

  • Contains
  • Equals
  • Is Greater Than
  • Is Greater Than or Equal To
  • Is Less Than
  • Is Less Than or Equal To

Note that the Contains operator is only available for Compare Strings steps.

End Steps

Each workflow must have at least one end step. These steps can be added to stop your workflow and categorize its execution as a success or a failure. Each branch of your workflow must finish with an end step.

The Executions tab on a workflow's details reflects whether each execution ended in success or failure.


Success

Add this step to your workflow to stop the workflow and mark its execution as a success.

It doesn't have any unique fields.


Failure

Add this step to your workflow to stop the workflow and mark its execution as a failure. This step is used to signify that the workflow ended with an error, and workflow tests that end in this step are considered failed tests.

Field Required? Description
Failure Name Yes The name of the step, used for linking steps together.
Failure Details No Details or notes to be included in the workflow's execution results to explain its failure.

To learn more about the process of building a workflow, either in the visual builder or using JSON, visit Creating and Managing Workflows.