Hi Team,

I have created a workflow that sends password notifications after successfully creating a user account in Active Directory (AD). I am using identity attributes to display the user’s details.

To generate email addresses, we have used the “Create Unique LDAP” attribute and mapped the “email” attribute from AD in the identity profile to pull the email. However, in some cases, the email address may not populate correctly in the identity attribute, causing the attributes to appear incorrect.

Could someone assist in retrieving the email account attribute from AD to be included in the email body content?

Email Address: ${email} Username: ${uid} Employee ID: ${identificationNumber}

SendInitialPasswordnotificationtousersaftercreatinganADaccount20241110.json (4.9 KB)

I think you can’t directly refer account attribute instead of you can use the identity attribute to store the value and add in the email body. I have tested and it’s working fine. Here is the updated WF json file.
SendInitialPasswordnotificationADaccount20241111.json (4.9 KB)

Thanks
Shantha Kumar

Hi @poison001,

You can use an HTTP action and perform a GET operation on Accounts

https://sailpoint.api.identitynow.com/v3/accounts?filters=identityId eq "{{$.getIdentity.id}}" and sourceId eq "YOUR AD source ID"

$.hTTPRequest.body[*].attributes.mail can be used to get the email value from your AD source to be used in your email.

Having said that, you would also want to find out why the email ID is not populating correctly in the identity attributes. May be you want to increase the wait time in the WF to see if it behaves correctly.

Hi @poison001 ,

Please update the send email context of email variable as below, to access email value that has been generated and sent while creating the AD account:

"email.$": "$.trigger.accountRequests[?(@.accountOperation== \"Create\" && @.source.name == \"Active Directory\")].attributeRequests[?(@.attributeName == \"mail\")].attributeValue"

This will retrieve the email value from the workflow trigger input.

I hope this helps.

Thanks,
Vijay

Hi Deepak,

Just curious, why are you not using the OOTB email template to send the info.

Email Template: New Account Provisioned

No need for a workflow with this

Hi Team,

I have created a workflow that sends password notifications after successfully creating a user account in Active Directory (AD). I am using identity attributes to display the user’s details.

To generate email addresses, we have used the “Create Unique LDAP” attribute and mapped the “email” attribute from AD in the identity profile to pull the email. However, in some cases, the email address may not populate correctly in the identity attribute, causing the attributes to appear incorrect.

Could someone assist in retrieving the email account attribute from AD to be included in the email body content?

Email Address: ${email} Username: ${uid} Employee ID: ${identificationNumber}

Hello Deepak,

Sometimes, when we use a workflow on the joiner process that sends an email when the identity is created, some attributes that depends on an account attributes are not populated yet. The fastest way to solve this issue, is adding a 2 minutes delay with a wait box in the workflow.

Hope it helps,
Pablo

Make sure you have populated the ‘context’ so that it knows what to put into the body. I roughed out an example below, but double check all your attribute mappings so that the value matches your Identity Profile.

Like Pablo said, depending on your workflow and how you’re assigning access, you may need to add a wait step before sending the email so that there is time for the identity to update before the email is sent. Try adding the context and if that isn’t sufficient, try adding a wait step.

"context": {
       "email.$": "$.getIdentity.attributes.workEmail",
       "uid.$": "$.getIdentity.attributes.uid",
       "identificationNumber.$": "$.getIdentity.attributes.identificationNumber"
}