A trigger is the event that tells the workflow to start. The workflow uses data provided by the input to calculate the results of each action and operator.
All available triggers are listed below, along with a sample input, if applicable, that can be used to test a workflow.
You can also define filters to limit when a trigger fires, such as limiting the Source Account Created trigger to only begin the workflow when the account was created on a specific source.
Access Request Decision
An access request was approved or denied.
This trigger only fires if you have the Access Request service.
{"accessRequestId":"4b4d982dddff4267ab12f0f1e72b5a6d","requestedBy":{"id":"2c91808b6ef1d43e016efba0ce470906","name":"Adam Admin","type":"IDENTITY"},"requestedFor":{"id":"2c91808b6ef1d43e016efba0ce470909","name":"Ed Engineer","type":"IDENTITY"},"requestedItemsStatus":[{"approvalInfo":[{"approvalComment":" this is an approval comment","approvalDecision":"APPROVED","approver":{"id":"2c91808b6ef1d43d016efba0cf470910","name":"Stephen Austin","type":"IDENTITY"},"approverName":"Stephen.Austin"}],"clientMetadata":{"applicationName":"My application"},"comment":"requester comments","description":"Engineering Access","id":"2a91808b6cf1d43e016efba0cf470904","name":"Engineering Access","operation":"Add","type":"ACCESS_PROFILE"}]}
Notes
clientMetadata is determined by the user that invoked create-access-request and can contain any value at runtime that was specified in the access request.
When multiple approval decisions are required, the trigger fires after the final decision when it is known whether the access item was approved or denied for the user.
Access Request Submitted
An access request with an attached workflow linked in the Approval Type was submitted. The Access Request Submitted trigger will only fire if the access item is requested and the Workflow is enabled.
Editing, deleting, or disabling a workflow using this trigger will impact future access requests. Access requests currently being reviewed will continue through the review process as previously configured.
This trigger only fires if you have the Access Request service.
{"source":{"id":"4e4d982afddff4267ab12f0f1e72b5e6d","name":"Corporate Active Directory","type":"SOURCE"},"status":"Success","started":"2020-06-29T22:01:50.474Z","completed":"2020-06-29T22:02:04.090Z","errors":[],"warnings":["Account skipped"],"stats":{"scanned":200,"unchanged":190,"changed":6,"added":4,"removed":3}}
Account Inactivity Detected
An account with a set number of consecutive days of inactivity has been detected.
Field
Description
Filter
Enter a JSONPath expression to narrow down the circumstances under which your workflow will be triggered.
The filtering for this trigger is based on configuring the set number of consecutive days in the trigger filter. Below are some example trigger filters.
To trigger after 180 consecutive days of inactivity:
$[?(@.trigger.daysInactive > 180)]
For the trigger to only look at the filtered source:
$[?(@.sourceID)]
Open "Account Inactivity Detected" JSON Input Sample
{"name":"Notification on Account Inactivity ","description":"A workflow that delivers a custom notification to recipients that an account has been inactive for a period of time.","modified":"2025-10-27T17:18:47.166862457Z","modifiedBy":{"type":"IDENTITY","id":"5f8123eb53384a14b6f4036006346848","name":"aaron.nichols"},"definition":{"start":"Send Email","steps":{"End Step - Success":{"actionId":"sp:operator-success","displayName":"","type":"success"},"Send Email":{"actionId":"sp:send-email","attributes":{"body":"<p>Hello Admin,</p>\n<p>This email is to inform you that account ID ${accountId} of ${identityID} has been inactive for ${inactivity} consecutive days.</p>","context":{"accountId.$":"$.trigger.accountID","identityId.$":"$.trigger.identityID","inactivity.$":"$.trigger.daysInactive"},"recipientEmailList":["Aaron.Nichols@sailpointdemo.com"],"subject":"Inactive Account Detected"},"displayName":"","nextStep":"End Step - Success","type":"action","versionNumber":2}}},"creator":{"type":"IDENTITY","id":"5f8123eb53384a14b6f4036006346848","name":"aaron.nichols"},"trigger":{"type":"EVENT","attributes":{"id":"adi:account-inactivity-detected"}}}
Account Triggers
Account Created
This event trigger fires when a new account is created on a source or in Identity Security Cloud.
Accounts can be created via aggregations or provisioning, including when entitlements are added or removed.
You could use this event trigger to fire a Workflow that you configure to notify a source owner when an account is created.
Field
Description
Filter
Enter a JSONPath expression to narrow down the circumstances under which your workflow will be triggered.
This event trigger fires when an account is updated on a source or an Identity Security Cloud account.
Accounts can be updated via aggregations or provisioning, including when entitlements are added or removed.
You could use this event trigger to fire a Workflow that you configure to take additional actions after a new entitlement has been provisioned to a privileged account.
Field
Description
Filter
Enter a JSONPath expression to narrow down the circumstances under which your workflow will be triggered.
{"source":{"id":"4e4d982dbdff4267ab16f0f1e72b5c6d","name":"Corporate Active Directory","type":"SOURCE"},"status":"Success","started":"2020-06-29T22:01:50.474Z","completed":"2020-06-29T22:02:04.090Z","errors":[],"warnings":["Account skipped"],"stats":{"scanned":200,"unchanged":190,"changed":6,"added":4,"removed":3}}
Certification Triggers
Workflow triggers related to parts of a certification.
Campaign Activated
A certification campaign was activated.
This trigger only fires if you have the Certifications service.
{"campaign":{"id":"2c91848576f886190176e88cac6a0010","name":"Manager Access Campaign","description":"Audit access for all employees.","created":"2021-02-16T03:04:45.815Z","modified":null,"deadline":"2021-03-16T03:04:45.815Z","type":"MANAGER","campaignOwner":{"id":"37f081867702e1910177031820c40n27","displayName":"William Wilson","email":"william.wilson@example.com"},"status":"ACTIVE"}}
Campaign Ended
A certification campaign ended.
This trigger only fires if you have the Certifications service.
{"campaign":{"id":"2c91808576f846190176f81cac5a0810","name":"Manager Access Campaign","description":"Audit access for all employees.","created":"2021-02-16T03:04:45.815Z","modified":null,"deadline":"2021-03-16T03:04:45.815Z","type":"MANAGER","campaignOwner":{"id":"37f080867705c1910177031220c40e27","displayName":"William Wilson","email":"william.wilson@example.com"},"status":"COMPLETED"}}
Campaign Generated
A certification campaign finished generating.
This trigger only fires if you have the Certifications service.
{"campaign":{"id":"2c91834576f886190176f88efc5a0010","name":"Manager Access Campaign","description":"Audit access for all employees.","created":"2021-02-16T03:04:45.815Z","modified":null,"deadline":null,"type":"MANAGER","campaignOwner":{"id":"37f082867702c1910177031320c60n27","displayName":"William Wilson","email":"william.wilson@example.com"},"status":"STAGED"}}
Certification Signed Off
A certification reviewer signed off on their certifications.
This trigger only fires if you have the Certifications service.
{"certification":{"id":"2c91208574f836190176b88caf0d0167","name":"Manager Access Review for Alice Baker","created":"2020-02-16T03:04:45.815Z","modified":null,"campaignRef":{"campaignType":"MANAGER","description":"Audit access for all employees.","type":"CAMPAIGN","id":"2c91808576f896190176f38cac5c0010","name":"Manager Access Campaign"},"completed":true,"hasErrors":false,"errorMessage":null,"decisionsMade":50,"decisionsTotal":50,"due":"2020-03-16T03:04:45.815Z","signed":"2020-03-04T03:04:45.815Z","reviewer":{"name":"Reviewers group","id":"6a80321c-8d11-40bc-a3c8-29e2660b85e8","type":"GOVERNANCE_GROUP","email":null},"campaignOwner":{"id":"37f081867702c1910179031320c40n27","displayName":"William Wilson","email":"william.wilson@example.com"},"reassignment":{"comment":"Changing reviewer.","from":{"id":"8a89c6de77ef762f0177ef7f52f10004","name":"Manger Access Review for Charlie Davis","type":"CERTIFICATION","reviewer":{"id":"2c9180867702c1910177031320c4010c","name":"Charlie Davis","type":"IDENTITY","email":"charlie.davis@example.com"}}},"phase":"SIGNED","entitiesCompleted":12,"entitiesTotal":12}}
DAS Activity Alert
An alert was created by an activity on a DAS application.
{"pk":"<tenant_id>#<identity_id>","correlatedID":{"format":"email","email":"someuser@somedomain.com"},"identityAttributes":{"identityID":"1ba9e70786fc410b855adf1e385ccfd0","name":"Donald Duck","alias":"donald.duck","type":null,"state":"ACTIVE","inactive":false,"protected":false,"disabled":false,"correlated":true,"created":"1970-01-20T12:03:06.898893-07:00","modified":"1970-01-20T19:46:54.115674-07:00"},"ssfEvent":{"iss":"https://idp.example.com/123456789/","jti":"24c63fb56e5a2d77a6b512616ca9fa24","iat":1615305159,"aud":"https://sp.example.com/caep","txn":8675309,"sub_id":{"format":"complex","user":{"format":"email","email":"user@example.com"},"device":{"format":"opaque","sub":"11112222333344445555"}},"events":{"https://schemas.openid.net/secevent/caep/event-type/device-compliance-change":{"current_status":"not-compliant","previous_status":"compliant","initiating_entity":"policy","reason_admin":{"en":"Location Policy Violation: C076E8A3"},"reason_user":{"en":"Device is no longer in a trusted location."},"event_timestamp":1615304991643}}}}
External Trigger
A third-party system triggered a workflow based on configurations made on that system and within your SaaS platform.
Because the input provided to the workflow by the external trigger varies depending on the external site and API, it's not possible to use the variable selector in future steps to choose variables from this trigger.
However, you can still select variables using JSONPath for use in future steps by adding the trigger field to your JSONPath expression using the Goessner implementation.
For example, if your external system provides the following input to your workflow when the trigger is fired:
{
"name":"Sherri",
"email":"sherri@email.com"
}
You can use the following JSONPath expression to select the value of the name field in a future action:
$.trigger.name
To use an external trigger, you must generate an access token using the information provided in the trigger. You can find an overview of generating an access token below.
Generating an Access Token for an External Trigger
After adding an External Trigger to your workflow:
Select New Access Token.
Copy the Client ID, Client URL, and the Client Secret to a secure location and save them. The Client Secret can't be retrieved once this page is closed.
Use the contents of the text field under Generate OAuth Token to create an OAuth 2.0 token so that your external system can authenticate into your SaaS platform and trigger your workflow.
Use the contents of the text box under Provide Workflow Input to configure your external system to correctly trigger your workflow. Replace the {"sampleJSON":"sampleJSON"} object with the input you want to use in your workflow.
Once you've completed these steps or saved this information in a secure location, you can close the overlay and continue building your workflow.
If you lose the access token for this step and need to generate a new one, you can select this step and choose New Access Token. The previous token will be overwritten.
Form Submitted
A form was submitted by a user.
This trigger fires when a form is submitted or when a form is submitted with specific attribute values.
To use a Form Submitted trigger, complete the following fields:
Field
Description
Description
Enter a description of the trigger.
Basic/Advanced
Choose whether to use the Basic or Advanced configuration options. Basic allows configuration of a trigger using one form. Advanced allows you to use JSONPath to filter when a trigger fires based on multiple forms, form elements, or values within a form.
If you selected Basic:
Form to Filter
Select which form to use to trigger the workflow.
Form Element to Filter
Select the technical key of the element you want to filter for, limiting the conditions under which this trigger starts the workflow.
Operator
Select an operator to act on the selected form element. The available operators will change based on your selection.
Attribute Value
Enter the value that should appear in the field you selected. When the submitted form meets these criteria, the workflow is triggered.
If you selected Advanced:
Filter
A JSONPath expression to narrow down the circumstances under which your workflow will be triggered.
Example Filters:
Trigger the workflow when the selected form is submitted and the department equals sales AND the manager equals amanda.ross.
{"exampleInput":{"submittedAt":"2020-06-29T22:01:50.474Z","tenantId":"2c9180845f1edece015d27s9717c3e19","formInstanceId":"2c9180835d2e5167015d32f890ca1482","formDefinitionId":"2c9180845d2e5168015j32f890ca1581","name":"Open Service Request","createdBy":{"type":"WORKFLOW_EXECUTION","id":"2c9180843d1edece015d27a9617c3e19"},"submittedBy":{"type":"IDENTITY","id":"2v9180845d1edece015r27a9717c3e19","name":"“John “Doe"},"formData":{"department":"IT","requestType":"New Laptop","laptop":"New Laptop type for Engineer","comments":"My laptop is running slow, and I need to get a new laptop to get my work done. Thanks!"}}}
Identity Triggers
Changes made to identities and their attributes.
Identity Attributes Changed
One or more attributes was changed on an identity.
To use an identity attributes changed trigger, complete the following fields:
Field
Description
Description
Enter a description of the trigger.
Basic/Advanced
Choose whether to use the Basic or Advanced configuration options. Basic allows configuration of a trigger using one attribute. Advanced allows you to use JSONPath to filter when a trigger fires based on multiple attributes.
If you selected Basic:
Attribute to Filter
Select the technical key of the attribute you want to filter for, limiting the conditions under which this trigger starts the workflow.
If you selected Advanced:
Filter
Enter a JSONPath expression to narrow down the circumstances under which your workflow will be triggered.
Open "Identity Attributes Changed" JSON Input Sample
To use an identity created trigger, complete the following fields:
Field
Description
Description
Enter a description of the trigger.
Basic/Advanced
Choose whether to use the Basic or Advanced configuration options. Basic allows configuration of a trigger using one attribute. Advanced allows you to use JSONPath to filter when a trigger fires based on multiple attributes.
If you selected Basic:
Attribute to Filter
Select the technical key of the attribute you want to filter for, limiting the conditions under which this trigger starts the workflow.
Operator
Select an operator to act on the selected attribute. The available operators will change based on your selection.
Attribute Value
Enter the value that should appear in the field you selected. When a new identity is created with an attribute that meets this criteria, the workflow is triggered.
If you selected Advanced:
Filter
Enter a JSONPath expression to narrow down the circumstances under which your workflow will be triggered.
An identity was deleted from Identity Security Cloud. Note that this does not mean that the user no longer has accounts on any sources, only that their accounts do not correlate to an identity.
This trigger only fires when the Launchers associated with this trigger are manually initiated by a user from the Launchpad.
You can use the search queryLAUNCHER_LAUNCHED to view details of launched interactive processes. Details include the Actor (the user that launched the interactive process), Target (the name of the launcher), and when the interactive process was launched.
Field
Description
Create Launcher
Select Create Launcher to create a Launcher that shares a name and description with the current workflow. An entitlement is automatically created for this Launcher.
After your workflow has been configured, you can change the Launcher associated with this trigger from the Launchers page.
This event trigger fires when a machine identity is deleted in Identity Security Cloud.
Machine identities can be deleted via the UI, endpoint, or aggregations. Machine identities can also be auto-deleted when all account correlations to the machine identity are removed.
Field
Description
Filter
Enter a JSONPath expression to narrow down the circumstances under which your workflow will be triggered.
You could use this event trigger to fire a Workflow that you configure to notify machine identity owners when a machine identity is decommissioned.
Customers that have licensed Machine Identity Security or Agent Identity Security will receive this event trigger.
Changes made to accounts external to Identity Security Cloud.
Native Change Account Created
A new account external to Identity Security Cloud was created. Note you must have at least one source configured for Native Change Detection (NCD) before you will receive events from this trigger.
Open "Native Change Account Created" JSON Input Sample
{"identity":{"manager":{"name":"Martena Heath","id":"2c91808378eb9fa30178fb8caf90097f","type":"IDENTITY","email":"martena.heath@sample_email.com"},"name":"peter.williams","alias":"peter.williams","id":"e43ba47b265b4baf943efe3aaef886c8","type":"IDENTITY","email":"peter.williams@sample_email.com"},"singleValueAttributeChanges":[{"newValue":"Peter Williams","name":"cn","oldValue":null},{"newValue":"Peter Williams","name":"displayName","oldValue":null},{"newValue":"CN=Peter Williams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com","name":"distinguishedName","oldValue":null},{"newValue":"Peter","name":"givenName","oldValue":null}],"entitlementChanges":[{"removed":[],"added":[{"owner":{"id":"2c91808978eb9fab0178fb8ca9280919","name":"Gregory Brooks","type":"IDENTITY"},"name":"ProductionManagement","id":"2c91808778eb9fa30178fb9482f00c60","value":"CN=ProductionManagement,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"},{"owner":null,"name":"Employees","id":"2c91808378eb9fa30178fb94818e0af8","value":"CN=Employees,OU=BirthRight,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"},{"owner":null,"name":"WindowsAdministration","id":"2c91808378eb9fa30178fb9481c30b02","value":"CN=WindowsAdministration,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"}],"attributeName":"memberOf"}],"eventType":"ACCOUNT_CREATED","source":{"owner":{"name":"Aaron Andrew","id":"2c9180867a7c46d0017a7ca099d50531","type":"IDENTITY","email":"aaron.andrew@sample_email.com"},"name":"Active Directory","alias":"Active Directory [source]","id":"2c91808a78efc63e0178fb8624b248c5","type":"SOURCE","governanceGroup":{"id":"fd0d1393-35fb-47d8-9809-0e385b73f25e","name":"Active Directory Owners","type":"GOVERNANCE_GROUP"}},"accountChangeTypes":["ATTRIBUTES_CHANGED","ENTITLEMENTS_ADDED"],"multiValueAttributeChanges":[{"removedValues":[],"addedValues":["top","person","organizationalPerson","user"],"name":"objectClass"},{"removedValues":[],"addedValues":["Normal User Account","Password Cannot Expire","User Account is Disabled"],"name":"accountFlags"}],"account":{"name":"peter.williams","id":"b3b17b0072f04da39b41e8802aaff01b","type":"ACCOUNT","uuid":"{615ebfa6-3d21-484e-9e67-01bd4e20c3da}","correlated":true,"nativeIdentity":"CN=Peter Williams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"}}
Native Change Account Deleted
An account external to Identity Security Cloud was deleted. Note you must have at least one source configured for Native Change Detection (NCD) before you will receive events from this trigger.
Open "Native Change Account Deleted" JSON Input Sample
An account external to Identity Security Cloud was updated. Note you must have at least one source configured for Native Change Detection (NCD) before you will receive events from this trigger.
Open "Native Change Account Updated" JSON Input Sample
{"trackingNumber":"4b4d982dddff4267ab12f0f1e72b5a6d","action":"IdentityRefresh","requester":{"id":"2c91808b6ef1d43e016efba0ce470906","name":"Adam Admin","type":"IDENTITY"},"recipient":{"id":"2c91808b6ef1d43e016efba0ce470909","name":"Ed Engineer","type":"IDENTITY"},"errors":["General Error","Connector AD Failed"],"warnings":["Notification Skipped due to invalid email"],"sources":"Corp AD, Corp LDAP, Corp Salesforce","accountRequests":[{"source":{"id":"4e4d982dddff4267ab12f0f1e72b5a6d","name":"Corporate Active Directory","type":"SOURCE"},"accountId":"CN=example,ou=sample,ou=test,dc=ex,dc=com","accountOperation":"Modify","provisioningResult":"committed","provisioningTarget":"Corp AD","ticketId":"72619262","attributeRequests":[{"operation":"Add","attributeName":"memberOf","attributeValue":"CN=admin,DC=training,DC=com"}]}]}
Scheduled Search
A scheduled search completed and results are available.
{"created":"2020-06-29T22:01:50.474Z","type":"Source","application":{"id":"2c9180866166b5b0016167c32ef31a66","name":"Production VA Cluster","attributes":{"clusterId":"2c9180866166b5b0016167c32ef31a66"}},"healthCheckResult":{"status":"Failed","resultType":"SOURCE_STATE_FAILURE_SOURCE","message":" Test Connection failed with exception. Error message - java.lang.Exception"},"previousHealthCheckResult":{"status":"Failed","resultType":"SOURCE_STATE_HEALTHY","message":"Source is healthy."}}
To learn more about the process of building a workflow, either in the visual builder or using JSON, visit Building Workflows.
Once you've selected a trigger for your workflow, you can add actions and operators.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.