Event Based Certification - Trigger details

Paul_Meyer · November 20, 2025, 12:40pm

IIQ 8.5

I’m working on Event based Certifications that are triggered by Identity Attribute changes. I need to figure out what the previous and new values are, to put into the email notification.

Is it possible to get the old and new values from within the Notification email. The notification email has access to the related WorkItem & Certification objects.

In the Certification object → CertyificationEntity, there is a reference (by ID) to a “snapshotId”. What object does the id reference?

haideralishaik · November 20, 2025, 12:55pm

hi @Paul_Meyer

Yes, you can get both the old and new values, but it takes a little digging.

The snapshotId you see in the CertificationEntity points to an IdentitySnapshot object. SailPoint creates this snapshot when the certification is generated, and it contains the state of the identity at that moment (attributes, entitlements, etc.).

Here’s the general approach:

Current value: You can pull this directly from the Identity object or the WorkItem context.
Previous value: Use the snapshotId to look up the corresponding IdentitySnapshot. That snapshot holds the old attribute values. You’ll need to parse the snapshot XML/JSON and compare it with the current Identity.

For your email notification, you can write a rule or script that:

Resolves the snapshotId to the IdentitySnapshot.
Extracts the attribute you care about.
Compares it with the current value and passes both into the email template.

If you need more granular history, the Identity History feature is also helpful for tracking changes over time.

Paul_Meyer · November 21, 2025, 9:34am

@haideralishaik

Thanks for the info.

I’ve managed to get a rule to execute in the emailtemplate, pasing the snapshotId and dumping/logging the SnapShot object in the rule. From what I can see the SnapShot contains the current value of the attribute and not the previous value.

I’m triggering the change through an aggregation task so as to make sure it follows the correct process of updating the Identity Attributes.

Paul_Meyer · November 21, 2025, 10:14am

What I am seeing on the Identity after aggregation is a “triggerSnapshots” Identity Attribute, which seems to contain the previous value of the Attribute(s). Will persure this avenue for a bit.

Harikrishna_06 · November 21, 2025, 10:26am

Hi @Paul_Meyer ,

There are 2 ways. They are

Once refer below link.

https://community.sailpoint.com/t5/IdentityIQ-Forum/Showing-Previous-Identity-Information-on-Workflow/m-p/88929

Configure value change rule in identity mapping. Write a rule.

Paul_Meyer · November 21, 2025, 10:32am

Thanks for the link. Certification Events does not involve Worfklows.

With point 2, do you mean run a rule to launch a certification manually?

Harikrishna_06 · November 21, 2025, 11:00am

Hi @Paul_Meyer ,

No need to launch certification manually. If it is an identity attribute, in identity mappings you find value change rule in that rule you will get past value and new value and then send email there.

system · January 20, 2026, 11:01am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
oldValue in Identity attribute ISC Discussion and Questions identity-security-cloud	7	745	April 9, 2024
How to create a certification when identity attribute is changed ISC Discussion and Questions workflows , identity-security-cloud , certifications	2	1432	July 19, 2023
previousIdentity and newIdentity Identical in LifeCycle Event Trigger IIQ Discussion and Questions identityiq , lifecycle-management	3	318	November 9, 2024
Transform to detect a change on attribute ISC Discussion and Questions	9	2922	July 19, 2023
Unable to fetch IdentitySnapshot id from Identity certification History(Entitlement owner certification) IIQ Discussion and Questions identityiq , certifications	5	404	March 12, 2024

Event Based Certification - Trigger details

Related topics