Skip to content

Workflow Triggers

When building a workflow, you'll always start with a trigger.

A trigger is the event that tells the workflow to start. The workflow uses data provided by the input to calculate the results of each action and operator.

All available triggers are listed below, along with a sample input, if applicable, that can be used to test a workflow.

You can also define filters to limit when a trigger fires, such as limiting the Source Account Created trigger to only begin the workflow when the account was created on a specific source.


Access Request Decision

An access request was approved or denied.

This trigger only fires if you have the Access Request service.

Open "Access Request Decision" JSON Sample
{
    "accessRequestId":"4b4d982dddff4267ab12f0f1e72b5a6d",
    "requestedBy":{
        "id":"2c91808b6ef1d43e016efba0ce470906",
        "name":"Adam Admin",
        "type":"IDENTITY"
    },
    "requestedFor":{
        "id":"2c91808b6ef1d43e016efba0ce470909",
        "name":"Ed Engineer",
        "type":"IDENTITY"
    },
    "requestedItemsStatus":[
        {
            "approvalInfo":[
                {
                    "approvalComment":" this is an approval comment",
                    "approvalDecision":"APPROVED",
                    "approver":{
                        "id":"2c91808b6ef1d43d016efba0cf470910",
                        "name":"Stephen Austin",
                        "type":"IDENTITY"
                    },
                    "approverName":"Stephen.Austin"
                }
            ],
            "clientMetadata":{
                "applicationName":"My application"
            },
            "comment":"requester comments",
            "description":"Engineering Access",
            "id":"2a91808b6cf1d43e016efba0cf470904",
            "name":"Engineering Access",
            "operation":"Add",
            "type":"ACCESS_PROFILE"
        }
    ]
}

Note

clientMetadata is determined by the user that invoked create-access-request and can contain any value at runtime that was specified in the access request.


Account Aggregation Completed

An account aggregation completed.

Open "Account Aggregation Completed" JSON Sample
{
    "source":{
        "id":"4e4d982afddff4267ab12f0f1e72b5e6d",
        "name":"Corporate Active Directory",
        "type":"SOURCE"
    },
    "status":"Success",
    "started":"2020-06-29T22:01:50.474Z",
    "completed":"2020-06-29T22:02:04.090Z",
    "errors":[

    ],
    "warnings":[
        "Account skipped"
    ],
    "stats":{
        "scanned":200,
        "unchanged":190,
        "changed":6,
        "added":4,
        "removed":3
    }
}

Accounts Collected for Aggregation

Identity Security Cloud has gathered the accounts on a source and is prepared to aggregate them.

Open "Accounts Collected for Aggregation" JSON Sample
{
    "source":{
        "id":"4e4d982dbdff4267ab16f0f1e72b5c6d",
        "name":"Corporate Active Directory",
        "type":"SOURCE"
    },
    "status":"Success",
    "started":"2020-06-29T22:01:50.474Z",
    "completed":"2020-06-29T22:02:04.090Z",
    "errors":[
    ],
    "warnings":[
        "Account skipped"
    ],
    "stats":{
        "scanned":200,
        "unchanged":190,
        "changed":6,
        "added":4,
        "removed":3
    }
}

Certification Triggers

Workflow triggers related to parts of a certification.

Campaign Activated

A certification campaign was activated.

This trigger only fires if you have the Certifications service.

Open "Campaign Activated" JSON Sample
{
    "campaign":{
        "id":"2c91848576f886190176e88cac6a0010",
        "name":"Manager Access Campaign",
        "description":"Audit access for all employees.",
        "created":"2021-02-16T03:04:45.815Z",
        "modified":null,
        "deadline":"2021-03-16T03:04:45.815Z",
        "type":"MANAGER",
        "campaignOwner":{
            "id":"37f081867702e1910177031820c40n27",
            "displayName":"William Wilson",
            "email":"william.wilson@example.com"
        },
        "status":"ACTIVE"
    }
}

Campaign Ended

A certification campaign ended.

This trigger only fires if you have the Certifications service.

Open "Campaign Ended" JSON Sample
{
    "campaign":{
        "id":"2c91808576f846190176f81cac5a0810",
        "name":"Manager Access Campaign",
        "description":"Audit access for all employees.",
        "created":"2021-02-16T03:04:45.815Z",
        "modified":null,
        "deadline":"2021-03-16T03:04:45.815Z",
        "type":"MANAGER",
        "campaignOwner":{
            "id":"37f080867705c1910177031220c40e27",
            "displayName":"William Wilson",
            "email":"william.wilson@example.com"
        },
        "status":"COMPLETED"
    }
}

Campaign Generated

A certification campaign finished generating.

This trigger only fires if you have the Certifications service.

Open "Campaign Generated" JSON Sample
{
    "campaign":{
        "id":"2c91834576f886190176f88efc5a0010",
        "name":"Manager Access Campaign",
        "description":"Audit access for all employees.",
        "created":"2021-02-16T03:04:45.815Z",
        "modified":null,
        "deadline":null,
        "type":"MANAGER",
        "campaignOwner":{
            "id":"37f082867702c1910177031320c60n27",
            "displayName":"William Wilson",
            "email":"william.wilson@example.com"
        },
        "status":"STAGED"
    }
}

Certification Signed Off

A certification reviewer signed off on their certifications.

This trigger only fires if you have the Certifications service.

Open "Certification Signed Off" JSON Sample
{
    "certification":{
        "id":"2c91208574f836190176b88caf0d0167",
        "name":"Manager Access Review for Alice Baker",
        "created":"2020-02-16T03:04:45.815Z",
        "modified":null,
        "campaignRef":{
            "campaignType":"MANAGER",
            "description":"Audit access for all employees.",
            "type":"CAMPAIGN",
            "id":"2c91808576f896190176f38cac5c0010",
            "name":"Manager Access Campaign"
        },
        "completed":true,
        "hasErrors":false,
        "errorMessage":null,
        "decisionsMade":50,
        "decisionsTotal":50,
        "due":"2020-03-16T03:04:45.815Z",
        "signed":"2020-03-04T03:04:45.815Z",
        "reviewer":{
            "name":"Reviewers group",
            "id":"6a80321c-8d11-40bc-a3c8-29e2660b85e8",
            "type":"GOVERNANCE_GROUP",
            "email":null
        },
        "campaignOwner":{
            "id":"37f081867702c1910179031320c40n27",
            "displayName":"William Wilson",
            "email":"william.wilson@example.com"
        },
        "reassignment":{
            "comment":"Changing reviewer.",
            "from":{
                "id":"8a89c6de77ef762f0177ef7f52f10004",
                "name":"Manger Access Review for Charlie Davis",
                "type":"CERTIFICATION",
                "reviewer":{
                    "id":"2c9180867702c1910177031320c4010c",
                    "name":"Charlie Davis",
                    "type":"IDENTITY",
                    "email":"charlie.davis@example.com"
                }
            }
        },
        "phase":"SIGNED",
        "entitiesCompleted":12,
        "entitiesTotal":12
    }
}

External Trigger

A third-party system triggered a workflow based on configurations made on that system and within your SaaS platform.

Because the input provided to the workflow by the external trigger varies depending on the external site and API, it's not possible to use the variable selector in future steps to choose variables from this trigger.

However, you can still select variables using JSONPath for use in future steps by adding the trigger field to your JSONPath expression using the Goessner implementation.

For example, if your external system provides the following input to your workflow when the trigger is fired:

{
    "name":"Sherri",
    "email":"sherri@email.com"
}

You can use the following JSONPath expression to select the value of the name field in a future action:

$.trigger.name

To use an external trigger, you must generate an access token using the information provided in the trigger. You can find an overview of generating an access token below.

Generating an Access Token for an External Trigger

After adding an External Trigger to your workflow:

  1. Select New Access Token.

  2. Copy the Client ID, Client URL, and the Client Secret to a secure location and save them. The Client Secret can't be retrieved once this page is closed.

  3. Use the contents of the text field under Generate OAuth Token to create an OAuth 2.0 token so that your external system can authenticate into your SaaS platform and trigger your workflow.

  4. Use the contents of the text box under Provide Workflow Input to configure your external system to correctly trigger your workflow. Replace the {"sampleJSON":"sampleJSON"} object with the input you want to use in your workflow.

Once you've completed these steps or saved this information in a secure location, you can close the overlay and continue building your workflow.

If you lose the access token for this step and need to generate a new one, you can select this step and choose New Access Token. The previous token will be overwritten.


Form Submitted

A form was submitted by a user.

This trigger fires when a form is submitted or when a form is submitted with specific attribute values.

To use a Form Submitted trigger, complete the following fields:

Field Description
Description Enter a description of the trigger.
Basic/Advanced Choose whether to use the Basic or Advanced configuration options. Basic allows configuration of a trigger using one form. Advanced allows you to use JSONPath to filter when a trigger fires based on multiple forms, form elements, or values within a form.
If you selected Basic:
Form to Filter Select which form to use to trigger the workflow.
Form Element to Filter Select the technical key of the element you want to filter for, limiting the conditions under which this trigger starts the workflow.
Operator Select an operator to act on the selected form element. The available operators will change based on your selection.
Attribute Value Enter the value that should appear in the field you selected. When the submitted form meets these criteria, the workflow is triggered.
If you selected Advanced:
Filter A JSONPath expression to narrow down the circumstances under which your workflow will be triggered.

Examples:

Example Filter
Trigger the workflow when the selected form is submitted and the department equals sales AND the manager equals amanda.ross. $[?(@.formDefinitionId == '<formId>' && @.formData.department == "sales" && @.formData.manager == "amanda.ross")]
Trigger the workflow when the selected form is submitted and either the department equals sales OR finance. $[?(@.formDefinitionId == '<formId>' && @.formData.department == "sales" && @.formData.department == "finance")]
Trigger the workflow when either of the selected forms is submitted. $[?(@.formDefinitionId == '<formId1>' && @.formDefinitionId == '<formId2>' )]

Below is an example of the JSON for this trigger.

Note

The data inside “formData” is dynamic and will depend on the selected form.

Open "Form Submitted" JSON Sample
{
    "exampleInput":{
       "submittedAt":"2020-06-29T22:01:50.474Z",
       "tenantId":"2c9180845f1edece015d27s9717c3e19",
       "formInstanceId":"2c9180835d2e5167015d32f890ca1482",
       "formDefinitionId":"2c9180845d2e5168015j32f890ca1581",
       "name":"Open Service Request",
       "createdBy":{
          "type":"WORKFLOW_EXECUTION",
          "id":"2c9180843d1edece015d27a9617c3e19"
       },
       "submittedBy":{
          "type":"IDENTITY",
          "id":"2v9180845d1edece015r27a9717c3e19",
          "name":"“John “Doe"
       },
       "formData":{
          "department":"IT",
          "requestType":"New Laptop",
          "laptop":"New Laptop type for Engineer",
          "comments":"My laptop is running slow, and I need to get a new laptop to get my work done. Thanks!"
       }
    }
 }

Identity Triggers

Changes made to identities and their attributes.

Identity Attributes Changed

One or more attributes was changed on an identity.

To use an identity attributes changed trigger, complete the following fields:

Field Description
Description Enter a description of the trigger.
Basic/Advanced Choose whether to use the Basic or Advanced configuration options. Basic allows configuration of a trigger using one attribute. Advanced allows you to use JSONPath to filter when a trigger fires based on multiple attributes.
If you selected Basic:
Attribute to Filter Select the technical key of the attribute you want to filter for, limiting the conditions under which this trigger starts the workflow.
If you selected Advanced:
Filter Enter a JSONPath expression to narrow down the circumstances under which your workflow will be triggered.
Open "Identity Attributes Changed" JSON Sample
{
    "identity":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    },
    "changes":[
        {
            "attribute":"department",
            "oldValue":"sales",
            "newValue":"marketing"
        },
        {
            "attribute":"manager",
            "oldValue":{
                "id":"ee769173319b41d19ccec6c235423237b",
                "name":"william.wilson",
                "type":"IDENTITY"
            },
            "newValue":{
                "id":"ee769173319b41d19ccec6c235423236c",
                "name":"ed.engineer",
                "type":"IDENTITY"
            }
        },
        {
            "attribute":"email",
            "oldValue":"john.doe@hotmail.com",
            "newValue":"john.doe@gmail.com"
        }
    ]
}

Identity Created

An identity was created.

To use an identity created trigger, complete the following fields:

Field Description
Description Enter a description of the trigger.
Basic/Advanced Choose whether to use the Basic or Advanced configuration options. Basic allows configuration of a trigger using one attribute. Advanced allows you to use JSONPath to filter when a trigger fires based on multiple attributes.
If you selected Basic:
Attribute to Filter Select the technical key of the attribute you want to filter for, limiting the conditions under which this trigger starts the workflow.
Operator Select an operator to act on the selected attribute. The available operators will change based on your selection.
Attribute Value Enter the value that should appear in the field you selected. When a new identity is created with an attribute that meets this criteria, the workflow is triggered.
If you selected Advanced:
Filter Enter a JSONPath expression to narrow down the circumstances under which your workflow will be triggered.
Open "Identity Created" JSON Sample
{
    "identity":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    },
    "attributes":{
        "firstname":"John",
        "lastname":"Doe",
        "email":"john.doe@gmail.com",
        "department":"Sales",
        "displayName":"John Doe",
        "created":"2020-04-27T16:48:33.597Z",
        "employeeNumber":"E009",
        "uid":"E009",
        "inactive":"true",
        "phone":null,
        "identificationNumber":"E009",
        "isManager":false,
        "manager":{
            "id":"ee769173319b41d19ccec6c235423237b",
            "name":"william.wilson",
            "type":"IDENTITY"
        },
        "customAttribute1":"customValue",
        "customAttribute2":"customValue2"
    }
}

Identity Deleted

An identity was deleted from Identity Security Cloud. Note that this does not mean that the user no longer has accounts on any sources, only that their accounts do not correlate to an identity.

Open "Identity Deleted" JSON Sample
{
    "identity":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    },
    "attributes":{
        "firstname":"John",
        "lastname":"Doe",
        "email":"john.doe@gmail.com",
        "department":"Sales",
        "displayName":"John Doe",
        "created":"2020-04-27T16:48:33.597Z",
        "employeeNumber":"E009",
        "uid":"E009",
        "inactive":"true",
        "phone":null,
        "identificationNumber":"E009",
        "isManager":false,
        "manager":{
            "id":"ee769173319b41d19ccec6c235423237b",
            "name":"william.wilson",
            "type":"IDENTITY"
        },
        "customAttribute1":"customValue",
        "customAttribute2":"customValue2"
    }
}

Native Change Account Triggers

Changes made to accounts external to Identity Security Cloud.

Native Change Account Created

A new account external to Identity Security Cloud was created. Note you must have at least one source configured for Native Change Detection (NCD) before you will receive events from this trigger.

Open "Native Change Account Created" JSON Sample
{
    "identity": {
        "manager": {
          "name": "Martena Heath",
          "id": "2c91808378eb9fa30178fb8caf90097f",
          "type": "IDENTITY",
          "email": "martena.heath@sample_email.com"
        },
        "name": "peter.williams",
        "alias": "peter.williams",
        "id": "e43ba47b265b4baf943efe3aaef886c8",
        "type": "IDENTITY",
        "email": "peter.williams@sample_email.com"
    },
    "singleValueAttributeChanges": [
        {
            "newValue": "Peter Williams",
            "name": "cn",
            "oldValue": null
        },
        {
            "newValue": "Peter Williams",
            "name": "displayName",
            "oldValue": null
        },
        {
            "newValue": "CN=Peter Williams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
            "name": "distinguishedName",
            "oldValue": null
        },
        {
            "newValue": "Peter",
            "name": "givenName",
            "oldValue": null
        }
    ],
    "entitlementChanges": [
        {
            "removed": [],
            "added": [
                {
                    "owner": {
                      "id": "2c91808978eb9fab0178fb8ca9280919",
                      "name": "Gregory Brooks",
                      "type": "IDENTITY"
                    },
                    "name": "ProductionManagement",
                    "id": "2c91808778eb9fa30178fb9482f00c60",
                    "value": "CN=ProductionManagement,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
                },
                {
                    "owner": null,
                    "name": "Employees",
                    "id": "2c91808378eb9fa30178fb94818e0af8",
                    "value": "CN=Employees,OU=BirthRight,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
                },
                {
                    "owner": null,
                    "name": "WindowsAdministration",
                    "id": "2c91808378eb9fa30178fb9481c30b02",
                    "value": "CN=WindowsAdministration,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
                }
            ],
            "attributeName": "memberOf"
        }
    ],
    "eventType": "ACCOUNT_CREATED",
    "source": {
        "owner": {
            "name": "Aaron Andrew",
            "id": "2c9180867a7c46d0017a7ca099d50531",
            "type": "IDENTITY",
            "email": "aaron.andrew@sample_email.com"
        },
        "name": "Active Directory",
        "alias": "Active Directory [source]",
        "id": "2c91808a78efc63e0178fb8624b248c5",
        "type": "SOURCE",
        "governanceGroup": {
          "id": "fd0d1393-35fb-47d8-9809-0e385b73f25e",
          "name": "Active Directory Owners",
          "type": "GOVERNANCE_GROUP"
        }
    },
    "accountChangeTypes": [
        "ATTRIBUTES_CHANGED",
        "ENTITLEMENTS_ADDED"
    ],
    "multiValueAttributeChanges": [
        {
            "removedValues": [],
            "addedValues": [
                "top",
                "person",
                "organizationalPerson",
                "user"
            ],
            "name": "objectClass"
        },
        {
            "removedValues": [],
            "addedValues": [
                "Normal User Account",
                "Password Cannot Expire",
                "User Account is Disabled"
            ],
            "name": "accountFlags"
        }
    ],
    "account": {
        "name": "peter.williams",
        "id": "b3b17b0072f04da39b41e8802aaff01b",
        "type": "ACCOUNT",
        "uuid": "{615ebfa6-3d21-484e-9e67-01bd4e20c3da}",
        "correlated": true,
        "nativeIdentity": "CN=Peter Williams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
    }
}

Native Change Account Deleted

An account external to Identity Security Cloud was deleted. Note you must have at least one source configured for Native Change Detection (NCD) before you will receive events from this trigger.

Open "Native Change Account Deleted" JSON Sample
{
    "identity": {
        "manager": {
            "name": "Martena Heath",
            "id": "2c91808378eb9fa30178fb8caf90097f",
            "type": "IDENTITY",
            "email": "martena.heath@sample_email.com"
        },
        "name": "Letty Wilson",
        "alias": "Letty.Wilson",
        "id": "2c91808978eb9fab0178fb8ca6d308fb",
        "type": "IDENTITY",
        "email": "letty.wilson@sample_email.com"
    },
    "singleValueAttributeChanges": [{
            "newValue": null,
            "name": "cn",
            "oldValue": "Letty Wilson"
        },
        {
            "newValue": null,
            "name": "displayName",
            "oldValue": "Letty Wilson"
        },
        {
            "newValue": null,
            "name": "distinguishedName",
            "oldValue": "CN=Letty Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
        }
    ],
    "entitlementChanges": [{
        "removed": [{
                "owner": {
                    "id": "2c91808978eb9fab0178fb8ca9280919",
                    "name": "Gregory Brooks",
                    "type": "IDENTITY"
                },
                "name": "ProductionManagement",
                "id": "2c91808778eb9fa30178fb9482f00c60",
                "value": "CN=ProductionManagement,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
            },
            {
                "owner": null,
                "name": "Employees",
                "id": "2c91808378eb9fa30178fb94818e0af8",
                "value": "CN=Employees,OU=BirthRight,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
            },
            {
                "owner": null,
                "name": "WindowsAdministration",
                "id": "2c91808378eb9fa30178fb9481c30b02",
                "value": "CN=WindowsAdministration,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
            }
        ],
        "added": [],
        "attributeName": "memberOf"
    }],
    "eventType": "ACCOUNT_DELETED",
    "source": {
        "owner": {
            "name": "Aaron Andrew",
            "id": "2c9180867a7c46d0017a7ca099d50531",
            "type": "IDENTITY",
            "email": "aaron.andrew@sample_email.com"
        },
        "name": "Active Directory",
        "alias": "Active Directory [source]",
        "id": "2c91808a78efc63e0178fb8624b248c5",
        "type": "SOURCE",
        "governanceGroup": {
            "id": "fd0d1393-35fb-47d8-9809-0e385b73f25e",
            "name": "Active Directory Owners",
            "type": "GOVERNANCE_GROUP"
        }
    },
    "accountChangeTypes": [
        "ATTRIBUTES_CHANGED",
        "ENTITLEMENTS_REMOVED"
    ],
    "multiValueAttributeChanges": [{
            "removedValues": [
                "top",
                "person",
                "organizationalPerson",
                "user"
            ],
            "addedValues": [],
            "name": "objectClass"
        },
        {
            "removedValues": [
                "Normal User Account",
                "Password Cannot Expire",
                "User Account is Disabled"
            ],
            "addedValues": [],
            "name": "accountFlags"
        }
    ],
    "account": {
        "name": "letty.wilson",
        "id": "6805a47c09cc4dfca9083f1ce84552ee",
        "type": "ACCOUNT",
        "uuid": "{3c096158-9188-46f4-bb13-20ef9daafa7f}",
        "correlated": true,
        "nativeIdentity": "CN=Letty Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
    }
}

Native Change Account Updated

An account external to Identity Security Cloud was updated. Note you must have at least one source configured for Native Change Detection (NCD) before you will receive events from this trigger.

Open "Native Change Account Updated" JSON Sample
{
    "identity": {
        "manager": {
            "name": "Martena Heath",
            "id": "2c91808378eb9fa30178fb8caf90097f",
            "type": "IDENTITY",
            "email": "martena.heath@sample_email.com"
        },
        "name": "Ann English",
        "alias": "Ann.English",
        "id": "2c91808978eb9fab0178fb8ca6d308fb",
        "type": "IDENTITY",
        "email": "ann.english@sample_email.com"
    },
    "singleValueAttributeChanges": [{
        "newValue": "Call Center Representative",
        "name": "title",
        "oldValue": "Call Center Manager"
    }],
    "entitlementChanges": [{
        "removed": [{
            "owner": null,
            "name": "AccountsReceivable",
            "id": "d0470502d73d4c2e8c7543c712f518ca",
            "value": "CN=AccountsReceivable,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
        }],
        "added": [{
            "owner": null,
            "name": "Accounts Payable",
            "id": "2c91808978eb9fab0178fb9482620b71",
            "value": "CN=AccountsPayable,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
        }],
        "attributeName": "memberOf"
    }],
    "eventType": "ACCOUNT_UPDATED",
    "source": {
        "owner": {
            "name": "Aaron Andrew",
            "id": "2c9180867a7c46d0017a7ca099d50531",
            "type": "IDENTITY",
            "email": "aaron.andrew@sample_email.com"
        },
        "name": "Active Directory",
        "alias": "Active Directory [source]",
        "id": "2c91808a78efc63e0178fb8624b248c5",
        "type": "SOURCE",
        "governanceGroup": {
            "id": "fd0d1393-35fb-47d8-9809-0e385b73f25e",
            "name": "Active Directory Owners",
            "type": "GOVERNANCE_GROUP"
        }
    },
    "accountChangeTypes": [
        "ATTRIBUTES_CHANGED",
        "ENTITLEMENTS_ADDED",
        "ENTITLEMENTS_REMOVED"
    ],
    "multiValueAttributeChanges": [{
        "removedValues": [],
        "addedValues": [
            "User Account is Disabled"
        ],
        "name": "accountFlags"
    }],
    "account": {
        "name": "Ann.English",
        "id": "2c91808378eb9fa30178fb9481a30afa",
        "type": "ACCOUNT",
        "uuid": "{08ee6c6d-7d02-4978-9417-d92ba6a5ed50}",
        "correlated": true,
        "nativeIdentity": "CN=Ann English,OU=Call Center,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
    }
}

Outlier Detected

An outlier was detected using Data Intelligence.

Open "Outlier Detected" JSON Sample
{
    "score":0.9601614,
    "_meta":{
        "triggerType":"FIRE_AND_FORGET",
        "subscriptionId":"e5fa2a32-3f33-436d-bac8-af4c53122eed",
        "invocationId":"b246f3c8-e706-4cfa-9254-360fc6de0ef1"
    },
    "outlierType":"LOW_SIMILARITY",
    "identity":{
        "id":"2c9139527c99d847017cd57f4b586e97",
        "displayName":"Haley Cline",
        "type":"IDENTITY"
    }
}

Provisioning Completed

A provisioning action completed on a source.

This trigger only fires if you have the Provisioning service.

Open "Provisioning Completed" JSON Sample
{
    "trackingNumber":"4b4d982dddff4267ab12f0f1e72b5a6d",
    "action":"IdentityRefresh",
    "requester":{
        "id":"2c91808b6ef1d43e016efba0ce470906",
        "name":"Adam Admin",
        "type":"IDENTITY"
    },
    "recipient":{
        "id":"2c91808b6ef1d43e016efba0ce470909",
        "name":"Ed Engineer",
        "type":"IDENTITY"
    },
    "errors":[
        "General Error",
        "Connector AD Failed"
    ],
    "warnings":[
        "Notification Skipped due to invalid email"
    ],
    "sources":"Corp AD, Corp LDAP, Corp Salesforce",
    "accountRequests":[
        {
            "source":{
                "id":"4e4d982dddff4267ab12f0f1e72b5a6d",
                "name":"Corporate Active Directory",
                "type":"SOURCE"
            },
            "accountId":"CN=example,ou=sample,ou=test,dc=ex,dc=com",
            "accountOperation":"Modify",
            "provisioningResult":"SUCCESS",
            "provisioningTarget":"Corp AD",
            "ticketId":"72619262",
            "attributeRequests":[
                {
                    "operation":"Add",
                    "attributeName":"memberOf",
                    "attributeValue":"CN=admin,DC=training,DC=com"
                }
            ]
        }
    ]
}

A scheduled search completed and results are available.

Open "Scheduled Search" JSON Sample
{
    "fileName":"Modified.zip",
    "ownerEmail":"test@sailpoint.com",
    "ownerName":"Cloud Support",
    "query":"modified:[now-7y/d TO now]",
    "searchName":"Modified Activity",
    "searchResults":{
        "Identity":{
            "count":"2",
            "noun":"identities",
            "preview":[
                [
                    "Display Name",
                    "First Name",
                    "Last Name",
                    "Work Email",
                    "Created",
                    "Lifecycle State"
                ],
                [
                    "William Wilson",
                    "William",
                    "Wilson",
                    "william.wilson@sailpoint.com",
                    "2019-11-14T15:56:00.862Z",
                    ""
                ],
                [
                    "Ed Engineer",
                    "Ed",
                    "Engineer",
                    "ed.engineer@sailpoint.com",
                    "2019-11-14T15:56:00.862Z",
                    ""
                ]
            ]
        },
        "Entitlement":{
            "count":"2",
            "noun":"entitlements",
            "preview":[
                [
                    "Display Name",
                    "Name",
                    "Description",
                    "Source ID",
                    "Source Name",
                    "Attribute",
                    "Value",
                    "Privileged",
                    "Tags"
                ],
                [
                    "Administrator",
                    "Administrator",
                    "Full administrative access to IdentityNow",
                    "2c91808a6e236e33016e6a91f61e3b32",
                    "IdentityNow",
                    "assignedGroups",
                    "ORG_ADMIN",
                    "false",
                    ""
                ],
                [
                    "Auditor",
                    "Auditor",
                    "Auditor access to IdentityNow",
                    "2c91808a6e236e33016e6a91f61e3b32",
                    "IdentityNow",
                    "assignedGroups",
                    "AUDITOR",
                    "false",
                    ""
                ]
            ]
        },
        "Account":{
            "count":"3",
            "noun":"accounts",
            "preview":[
                [
                    "Account Name",
                    "Native Account ID",
                    "Source Name",
                    "Identity Name",
                    "Extended Attributes",
                    "Tags"
                ],
                [
                    "Adam.Archer",
                    "Adam.Archer",
                    "Engineering",
                    "Adam.Archer",
                    "mail=adam.archer@sample.com,teletexTerminalIdentifier=teletexTerminalIdentifier,postalCode=78726,carLicense=[carLicense],telexNumber=telexNumber,employeeNumber=681497,postOfficeBox=postOfficeBox,registeredAddress=registeredAddress,pager=pager,msRTCSIP-UserEnabled=false,mailNickname=mailNickname,LyncPinSet=LyncPinSet,physicalDeliveryOfficeName=abc,sAMAccountName=Adam.Archer,initials=HH,msNPAllowDialin=msNPAllowDialin,givenName=Adam,homePhone=512-942-7578,objectClass=[objectClass],destinationIndicator=destinationIndicator,postalAddress=postalAddress,internationaliSDNNumber=internationaliSDNNumber,departmentNumber=Legal,objectSid=objectSid,LyncPinLockedOut=LyncPinLockedOut,pwdLastSet=pwdLastSet,msNPCallingStationID=[msNPCallingStationID],msRADIUSFramedIPAddress=msRADIUSFramedIPAddress,preferredLanguage=preferredLanguage,roomNumber=roomNumber,telephoneNumber=512-942-7578,displayName=Adam Archer,distinguishedName=DN=Adam Archer,title=title,seeAlso=seeAlso,uid=uid,secretary=secretary,street=street,objectguid=125,memberOf=[Diagnostics],msExchHideFromAddressLists=false,sn=Archer,department=department,userPrincipalName=userPrincipalName,idNowDescription=391ff9c367aa90a0e1a0c6c174aa1d3dec1d3071148e0e62827858a562397224,st=st,manager=CN=Amanda.Ross,ou=[ou],mobile=512-942-7578,primaryGroupDN=primaryGroupDN,cn=Adam.Archer,facsimileTelephoneNumber=[512-942-7578],l=l,homeMDB=homeMDB,homePostalAddress=11305 Four Points Blvd,SipAddress=SipAddress,o=o,accountFlags=[accountFlags],employeeType=Full Time,preferredDeliveryMethod=preferredDeliveryMethod,primaryGroupID=primaryGroupID,businessCategory=Legal,RegistrarPool=RegistrarPool,msDS-PrincipalName=msDS-PrincipalName,msRADIUSFramedRoute=[msRADIUSFramedRoute],msRADIUSCallbackNumber=msRADIUSCallbackNumber",
                    ""
                ],
                [
                    "Amanda.Ross",
                    "Amanda.Ross",
                    "Engineering",
                    "Amanda.Ross",
                    "mail=amanda.ross@sailpoint.com,teletexTerminalIdentifier=teletexTerminalIdentifier,postalCode=78726,carLicense=[carLicense],telexNumber=telexNumber,employeeNumber=681497,postOfficeBox=postOfficeBox,registeredAddress=registeredAddress,pager=pager,msRTCSIP-UserEnabled=false,mailNickname=mailNickname,LyncPinSet=LyncPinSet,physicalDeliveryOfficeName=abc,sAMAccountName=Amanda.Ross,initials=HH,msNPAllowDialin=msNPAllowDialin,givenName=Amanda,homePhone=512-942-7578,objectClass=[objectClass],destinationIndicator=destinationIndicator,postalAddress=postalAddress,internationaliSDNNumber=internationaliSDNNumber,departmentNumber=Administration,objectSid=objectSid,LyncPinLockedOut=LyncPinLockedOut,pwdLastSet=pwdLastSet,msNPCallingStationID=[msNPCallingStationID],msRADIUSFramedIPAddress=msRADIUSFramedIPAddress,preferredLanguage=preferredLanguage,roomNumber=roomNumber,telephoneNumber=512-942-7578,displayName=Amanda Ross,distinguishedName=DN=Amanda Ross,title=title,seeAlso=seeAlso,uid=uid,secretary=secretary,street=street,objectguid=125,memberOf=[Administration],msExchHideFromAddressLists=false,sn=Ross,department=department,userPrincipalName=userPrincipalName,idNowDescription=0fb7bb4cb6c086640ef098f5dd36c5c42500e3a60a116ea936f284a4f70cf45b,st=st,manager=CN=Amanda.Ross,ou=[ou],mobile=512-942-7578,primaryGroupDN=primaryGroupDN,cn=Amanda.Ross,facsimileTelephoneNumber=[512-942-7578],l=l,homeMDB=homeMDB,homePostalAddress=11305 Four Points Blvd,SipAddress=SipAddress,o=o,accountFlags=[accountFlags],employeeType=Full Time,preferredDeliveryMethod=preferredDeliveryMethod,primaryGroupID=primaryGroupID,businessCategory=Administration,RegistrarPool=RegistrarPool,msDS-PrincipalName=msDS-PrincipalName,msRADIUSFramedRoute=[msRADIUSFramedRoute],msRADIUSCallbackNumber=msRADIUSCallbackNumber",
                    ""
                ],
                [
                    "Amy.Chen",
                    "Amy.Chen",
                    "Engineering",
                    "Amy.Chen",
                    "mail=amy.chen@example.com,teletexTerminalIdentifier=teletexTerminalIdentifier,postalCode=78726,carLicense=[carLicense],telexNumber=telexNumber,employeeNumber=681497,postOfficeBox=postOfficeBox,registeredAddress=registeredAddress,pager=pager,msRTCSIP-UserEnabled=false,mailNickname=mailNickname,LyncPinSet=LyncPinSet,physicalDeliveryOfficeName=abc,sAMAccountName=Amy.Chen,initials=HH,msNPAllowDialin=msNPAllowDialin,givenName=Amy,homePhone=512-942-7578,objectClass=[objectClass],destinationIndicator=destinationIndicator,postalAddress=postalAddress,internationaliSDNNumber=internationaliSDNNumber,departmentNumber=Diagnostics,objectSid=objectSid,LyncPinLockedOut=LyncPinLockedOut,pwdLastSet=pwdLastSet,msNPCallingStationID=[msNPCallingStationID],msRADIUSFramedIPAddress=msRADIUSFramedIPAddress,preferredLanguage=preferredLanguage,roomNumber=roomNumber,telephoneNumber=512-942-7578,displayName=Amy Chen,distinguishedName=DN=Amy Chen,title=title,seeAlso=seeAlso,uid=uid,secretary=secretary,street=street,objectguid=125,memberOf=[Diagnostics],msExchHideFromAddressLists=false,sn=Chen,department=department,userPrincipalName=userPrincipalName,idNowDescription=820ff29573b916d9630205e4cae9a21061284a2866981433c9ef012f644ea326,st=st,manager=CN=William.Wilson,ou=[ou],mobile=512-942-7578,primaryGroupDN=primaryGroupDN,cn=Amy.Chen,facsimileTelephoneNumber=[512-942-7578],l=l,homeMDB=homeMDB,homePostalAddress=11305 Four Points Blvd,SipAddress=SipAddress,o=o,accountFlags=[accountFlags],employeeType=Full Time,preferredDeliveryMethod=preferredDeliveryMethod,primaryGroupID=primaryGroupID,businessCategory=Diagnostics,RegistrarPool=RegistrarPool,msDS-PrincipalName=msDS-PrincipalName,msRADIUSFramedRoute=[msRADIUSFramedRoute],msRADIUSCallbackNumber=msRADIUSCallbackNumber",
                    ""
                ]
            ]
        }
    },
    "signedS3Url":"https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Raws4_request&X-Amz-Signature=2e753bb97a12a1fd8a215613e3b82fcdae8ba1fb6a25916843ab5m51d2ddefbc"
}

Scheduled Trigger

A scheduled trigger was initiated based on the configured CRON schedule.

To use a scheduled trigger, complete the following fields:

Field Description
Frequency Set a regular schedule for the trigger to fire, based on a CRON expression. Choose between Daily, Weekly, Monthly, Yearly, or Cron Schedule.
Time Zone Use the dropdowns to select your time zone.

To set the Frequency of the scheduled trigger, choose from the following options:

Field Description
If you selected Daily:
Times Select one or more times for the workflow to start each day.
If you selected Weekly:
Days Select one or more days each week to start the workflow.
Times Select one or more times to start this workflow each day. The workflow will start on each selected time for all days selected.
For Monthly or Yearly, if you selected a Schedule Type of By Date:
Months Select one or more months for the workflow to start. This is for Yearly only.
Days Select one or more dates of the month for the workflow to start.
Times Choose one or more times that this workflow should start each day. The workflow will start on each selected time for all days selected.
For Monthly or Yearly, if you selected a Schedule Type of Relative dates:
Months Select one or more months for the workflow to start. This is for Yearly only.
Dates Select one or more relative dates for the workflow to start for the selected months.
Times Choose one or more times that this workflow should start each day. The workflow will start on each selected time for all days selected.
If you selected Cron Schedule:
Cron String Enter the CRON expression for the schedule your workflow should follow.

NOTE: Cron strings support down to hours only, minutes are not currently supported.

A preview of the workflow schedule displays at the bottom of the configuration panel and updates as you make your selections.

The input for the scheduled trigger is a CRON expression and isn't represented in JSON.


Source Triggers

Triggers related to sources and their accounts.

Source Account Created

A new account was detected during an account aggregation.

Open "Source Account Created" JSON Sample
{
    "uuid":"b7264868-7201-415f-9118-b581d431c688",
    "id":"ee769173319b41d19ccec35ba52f237b",
    "nativeIdentifier":"",
    "sourceId":"jlasdferquwoep452343214v",
    "sourceName":"Active Directory",
    "identityId":"132rfvwfr14353yas56213l",
    "identityName":"john.doe",
    "attributes":{
        "firstname":"John",
        "lastname":"Doe",
        "email":"john.doe@gmail.com",
        "department":"Sales",
        "displayName":"John Doe",
        "created":"2020-04-27T16:48:33.597Z",
        "employeeNumber":"E009",
        "uid":"E009",
        "inactive":"true",
        "phone":"512-555-1234",
        "manager":"jane.doe",
        "identificationNumber":"E009"
    }
}

Source Account Deleted

An account was removed from a source, and this deletion was detected during an account aggregation.

Open "Source Account Deleted" JSON Sample
{
    "uuid":"b7264868-7201-415f-9118-b581d431c688",
    "id":"ee769173319b41d19ccec35ba52f237b",
    "nativeIdentifier":"",
    "sourceId":"jlasdferquwoep452343214v",
    "sourceName":"Active Directory",
    "identityId":"132rfvwfr14353yas56213l",
    "identityName":"john.doe",
    "attributes":{
        "firstname":"John",
        "lastname":"Doe",
        "email":"john.doe@gmail.com",
        "department":"Sales",
        "displayName":"John Doe",
        "created":"2020-04-27T16:48:33.597Z",
        "employeeNumber":"E009",
        "uid":"E009",
        "inactive":"true",
        "phone":"512-555-1234",
        "manager":"jane.doe",
        "identificationNumber":"E009"
    }
}

Source Account Updated

One or more account attributes changes were detected during an account aggregation.

Open "Source Account Updated" JSON Sample
{
    "uuid":"b7264868-7201-415f-9118-b581d431c688",
    "id":"ee769173319b41d19ccec35ba52f237b",
    "nativeIdentifier":"",
    "sourceId":"jlasdferquwoep452343214v",
    "sourceName":"Active Directory",
    "identityId":"132rfvwfr14353yas56213l",
    "identityName":"john.doe",
    "attributes":{
        "firstname":"John",
        "lastname":"Doe",
        "email":"john.doe@gmail.com",
        "department":"Sales",
        "displayName":"John Doe",
        "created":"2020-04-27T16:48:33.597Z",
        "employeeNumber":"E009",
        "uid":"E009",
        "inactive":"true",
        "phone":"512-555-1234",
        "manager":"jane.doe",
        "identificationNumber":"E009"
    }
}

Source Created

A new source was successfully created.

Open "Source Created" JSON Sample
{
    "id":"2c9180866166b5b0016167c32ef31a66",
    "name":"Test source",
    "type":"DIRECT_CONNECT",
    "created":"2021-03-29T22:01:50.474Z",
    "connector":"active-directory",
    "actor":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    }
}

Source Deleted

A source was successfully deleted.

Open "Source Deleted" JSON Sample
{
    "id":"2c9180866166b5b0016167c32ef31a66",
    "name":"Test source",
    "type":"DIRECT_CONNECT",
    "deleted":"2021-03-29T22:01:50.474Z",
    "connector":"active-directory",
    "actor":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    }
}

Source Updated

Configuration changes were successfully made to a source.

Open "Source Updated" JSON Sample
{
    "id":"2c9180866166b5b0016167c32ef31a66",
    "name":"Test source",
    "type":"DIRECT_CONNECT",
    "modified":"2021-03-29T22:01:50.474Z",
    "connector":"active-directory",
    "actor":{
        "id":"ee769173319b41d19ccec6cea52f237b",
        "name":"john.doe",
        "type":"IDENTITY"
    }
}

VA Cluster Status Change Event

A virtual appliance cluster changed status.

Open "VA Cluster Status Change Event" JSON Sample
{
    "created":"2020-06-29T22:01:50.474Z",
    "type":"Source",
    "application":{
        "id":"2c9180866166b5b0016167c32ef31a66",
        "name":"Production VA Cluster",
        "attributes":{
            "clusterId":"2c9180866166b5b0016167c32ef31a66"
        }
    },
    "healthCheckResult":{
        "status":"Failed",
        "resultType":"SOURCE_STATE_FAILURE_SOURCE",
        "message":" Test Connection failed with exception.  Error message - java.lang.Exception"
    },
    "previousHealthCheckResult":{
        "status":"Failed",
        "resultType":"SOURCE_STATE_HEALTHY",
        "message":"Source is healthy."
    }
}

To learn more about the process of building a workflow, either in the visual builder or using JSON, visit Creating and Managing Workflows.

Once you've selected a trigger for your workflow, you can add actions and operators.

Documentation Feedback