I am trying to trigger an workflow with the follow JSONPath expression. But it won’t trigger for what I want.
What is wrong in my expression? I want it trigger when from an identity the teamcode or functiecode has been changed. But only if the identity attribute is Manager is true.
$.changes[?(@.identity.attributes.isManager == “true” && (@.attribute == “teamcode” || @.attribute == “functiecode”))]
Hi @zeross
Option 1: Checking isManager at the Root Identity Object (Most Robust)
This assumes isManager is part of the identity object at the top level of the event payload, which is generally how IdentityNow structures these events for global identity attributes.
JSON
$.[?(@.identity.attributes.isManager == true && (@.changes[0].attribute == "teamcode" || @.change
Option 2: A More Common and Often More Reliable Approach for Multiple Conditions:
Instead of trying to combine isManager with specific attribute changes in one complex JSONPath on $.changes, it’s often more reliable to:
Trigger the Workflow on a Broader sp:identity-attributes-changed event.
Use an Initial Workflow Step (e.g., an If/Else step or a script) to filter based on the isManager attribute and the specific teamcode/functiecode changes.
Example Workflow Structure:
sp:identity-attributes-changed$.changes[?(@.attribute == "teamcode" || @.attribute == "functiecode")]teamcode or functiecode changed, regardless of isManager initially.$.identity.attributes.isManager).if condition or a script to check:Could you please give a try:
<Step name="CheckConditions">
<If>
<Condition>
<Script>
<Source>
<![CDATA[
// This 'json' variable holds the full event payload
// Access identity attributes from the root identity object
boolean isManager = json.get("identity").get("attributes").get("isManager");
// Check for desired attribute changes within the 'changes' array
List<Map<String, Object>> changes = (List<Map<String, Object>>) json.get("changes");
boolean teamcodeOrFunctiecodeChanged = false;
for (Map<String, Object> change : changes) {
String attributeName = (String) change.get("attribute");
if ("teamcode".equals(attributeName) || "functiecode".equals(attributeName)) {
teamcodeOrFunctiecodeChanged = true;
break;
}
}
return isManager && teamcodeOrFunctiecodeChanged;
]]>
</Source>
</Script>
</Condition>
<Transition to="ContinueWorkflow" on="true"/>
<Transition to="Stop" on="false"/>
</If>
</Step>
<Step name="ContinueWorkflow">...</Step>
<Step name="Stop">...</Step>
I misread earlier your jsonPath.
You are trying to filter on
Can you share what the json is of the attributes you are expecting there?
Hi Dennis
I think the true is boolean doesn’t need to be in double quotes
$.changes[?(@.identity.attributes.isManager == true && (@.attribute == “teamcode” || @.attribute == “functiecode”))]
it will work fine like this
thanks
Tulasi
Could you try splitting the conditions as below:
Identity trigger $.changes[?(@.attribute == “teamcode” || @.attribute == “functiecode”)]
Get Identity (Identity in trigger)
Compare Boolen $.getIdentity.isManager
Thanks all for the replies. I see the reply varies between a lot of answers. Maybe it’s better to make my whole function clear.
I want a workflow that:
After the authority source aggregation has been completed, can termine which identity with the attribute isManager: True has his teamcode or functioncode changed. And all these identity names I want to send by email to an specific emailaddress.
But I now find out that the trigger, triggers for every identity in an unique workflow. So i cannot make the collection then.
Hi @zeross,
You cannot achieve this in a single trigger filter, because the Identity attribute changed trigger will only contain the details of the changed attributes.
So, in the trigger filter, you can use the below query :
$.changes[?(@.attribute == "teamcode" || @.attribute == "functiecode"))]
Then use a Get Identity action - Identity filter as $.trigger.identity.id to fetch the Identity details (The output will contain the isManager attribute)
Then use a compare operator on $.getIdentity.isManager - true or false
And to your last point, Yes - the trigger is separate for each user and you cannot achieve sending this as a list directly through this WF. You may need to look into the possibilities listing the records in a separate location and then triggering the list from there.
And if you are syncing these two attributes to AD or some other source, you can get the event results in a search and can be sent out as a saved search report.
Here is a sample search, where ADteamcode & ADfunctiecode are AD attributes.
(attributes.attributeName:"ADteamcode" OR attributes.attributeName:"ADfunctiecode") AND created:[now-24h TO now]
I’m getting a little bit further, but cannot get my compare to be working.
It look’s like he doesn’t compare correctly. Any ideas ?
Result in JSON
“type”: “ActivityTaskScheduled”,
“timestamp”: “2025-05-23T14:00:41.805524771Z”,
“attributes”: {
“displayName”: “Compare Strings”,
“input”: {
“compareStrings”: {
“ChoiceList”: [
{
“Comparator”: “StringEquals”,
“NextStep”: “Send Email”,
“VariableA.$”: “$.identity.attributes.isManager”,
“VariableB”: “true”
}
],
Nevermind, I have it now working 
Thanks for all the tips
