IDN Workflow to send notification when the accounts are due to expire

ssel · August 13, 2025, 1:28pm

I have set up a scheduled trigger to send notifications when accounts are about to expire, got the error below

{“error”:“unable to get value with path ‘$.getIdentity1.attributes.endDate:[now TO now+8d]’, output value was ‘’: jsonslice.Get was unable to get value with path ‘$.getIdentity1.attributes.endDate:[now TO now+8d]’: path: invalid character at 33”}

“

LEOS · August 13, 2025, 1:42pm

Hello @ssel ,

Could you test with ‘$.getIdentity1.attributes.endDate:[now TO now+8d/d]’ please ?

ssel · August 13, 2025, 2:28pm

could you please tell me how to test?

LEOS · August 13, 2025, 4:17pm

Can you send me your workflow in JSON please ?

So I can fix in yours and send it to you back

ssel · August 13, 2025, 4:25pm

Sure thing,

{
“id”: “13a9ba68-3ee6-4ece-ae69-4704d1759c40”,
“name”: “Notify Manager of Non Employee End Date”,
“description”: “”,
“created”: “2025-08-11T19:22:59.368147099Z”,
“modified”: “2025-08-13T15:04:49.957669419Z”,
“modifiedBy”: {
“type”: “IDENTITY”,
“id”: “1e7b01ebe4a441558d14addda5a1f60c”,
“name”: “”
},
“definition”: {
“start”: “Get List of Identities”,
“steps”: {
“End Step - Success 1”: {
“actionId”: “sp:operator-success”,
“displayName”: “”,
“type”: “success”
},
“Get List of Identities”: {
“actionId”: “sp:get-identities”,
“attributes”: {
“inputQuery.$”: “$.getIdentity1.attributes.endDate:[now TO now+15d]”,
“inputSavedSearch”: “6848b8ac-e33f-4376-bc7b-1e5d15ff52e0”,
“searchBy”: “savedSearch”
},
“displayName”: “”,
“nextStep”: “Loop”,
“type”: “action”,
“versionNumber”: 2
},
“Loop”: {
“actionId”: “spiterator”,
“attributes”: {
“context.$”: “$.loop.context.manager”,
“input.$”: “$.getListOfIdentities.identities”,
“start”: “Get Identity”,
“steps”: {
“Compare Timestamps 1”: {
“actionId”: “sp:compare-timestamps”,
“choiceList”: [
{
“comparator”: “TimestampEquals”,
“nextStep”: “Send Email 1”,
“variableA.$”: “$.defineVariable.varToday”,
“variableB.$”: “$.defineVariable.var8Days”
}
],
“defaultStep”: “Compare Timestamps 2”,
“displayName”: “8 Days to End Date”,
“type”: “choice”
},
“Compare Timestamps 2”: {
“actionId”: “sp:compare-timestamps”,
“choiceList”: [
{
“comparator”: “TimestampEquals”,
“nextStep”: “Send Email 2”,
“variableA.$”: “$.defineVariable.varToday”,
“variableB.$”: “$.defineVariable.var1Days”
}
],
“defaultStep”: “End Step - Success”,
“displayName”: “1 Day to End Date”,
“type”: “choice”
},
“Define Variable”: {
“actionId”: “sp:define-variable”,
“attributes”: {
“id”: “sp:define-variable”,
“variables”: [
{
“description”: “”,
“name”: “var8Days”,
“transforms”: [
{
“id”: “sp:transform:subtractTime:time”,
“input”: {
“length”: 8,
“unit”: “days”
}
}
],
“variableA.$”: “$.getIdentity.attributes.endDate”
},
{
“description”: “”,
“name”: “var1Days”,
“transforms”: [
{
“id”: “sp:transform:subtractTime:time”,
“input”: {
“length”: 1,
“unit”: “days”
}
}
],
“variableA.$”: “$.getIdentity.attributes.endDate”
},
{
“description”: “”,
“name”: “varToday”,
“transforms”: [
{
“id”: “sp:transform:subtractTime:time”,
“input”: {
“length”: 0,
“unit”: “days”
}
}
],
“variableA.$”: “$.getIdentity.attributes.endDate”
}
]
},
“displayName”: “”,
“nextStep”: “Compare Timestamps 1”,
“type”: “Mutation”
},
“End Step - Success”: {
“actionId”: “sp:operator-success”,
“displayName”: “”,
“type”: “success”
},
“Get Identity”: {
“actionId”: “sp:get-identity”,
“attributes”: {
“id.$”: “$.loop.loopInput”
},
“displayName”: “”,
“nextStep”: “Define Variable”,
“type”: “action”,
“versionNumber”: 2
},
“Send Email 1”: {
“actionId”: “sp:send-email”,
“attributes”: {
“body”: "
“context”: {},
“from”: “no-reply@sailpoint.com”,
“recipientEmailList.$”: “$.getIdentity.attributes.email”,
“replyTo”: “Test@Dummycu.org”,
“subject”: “Notification: Non-Employee End Date in 10 days”
},
“displayName”: “”,
“nextStep”: “End Step - Success”,
“type”: “action”,
“versionNumber”: 2
},
“Send Email 2”: {
“actionId”: “sp:send-email”,
“attributes”: {
“body”: "
“from”: “no-reply@sailpoint.com”,
“recipientEmailList.$”: “$.getIdentity.attributes.email”,
“replyTo”: “TEst@Dummycu.org”,
“subject”: “Notification: Non-Employee End Date in 5 days”
},
“displayName”: “”,
“nextStep”: “End Step - Success”,
“type”: “action”,
“versionNumber”: 2
}
}
},
“description”: null,
“displayName”: “”,
“nextStep”: “End Step - Success 1”,
“type”: “action”,
“versionNumber”: 1
}
}
},
“enabled”: false,
“executionCount”: 0,
“failureCount”: 0,
“creator”: {
“type”: “IDENTITY”,
“id”: “e3e3d148b64a42daa11549fe47033183”,
“name”: “12264”
},
“owner”: {
“type”: “IDENTITY”,
“id”: “e3e3d148b64a42daa11549fe47033183”,
“name”: “12264”
},
“trigger”: {
“type”: “SCHEDULED”,
“attributes”: {
“cronString”: “0 7 * * *”,
“dailyTimes”: [
“1969-12-31T12:00:00.000Z”
],
“frequency”: “daily”,
“id”: “idn:cron-schedule”,
“timeZone”: “America/New_York”
}
}
}

ssel · August 13, 2025, 4:27pm

also, need a search query to return identities exaclty 7 days from the day, meaning it needs to return only the users whose enddate is 08/20

ssel · August 13, 2025, 4:43pm

Thank you so much, it means a lot

ssel · August 13, 2025, 7:08pm

any idea, please?

baoussounda · August 13, 2025, 8:27pm

Hi @ssel

In your use case have tried to use ISC out to the box saved search Managing Saved Searches - SailPoint Identity Services ?

ssel · August 13, 2025, 8:42pm

How do I cc on these notifications if I have to choose a variable for the recipient? meaning I need to add a DL to the recepient email address along with manager’s email

“recipientEmailList.$”: “$.getIdentity1.attributes.email”,

baoussounda · August 14, 2025, 8:14am

Who will receive the notification? The manager?

LEOS · August 14, 2025, 8:58am

Hello @ssel ,

Here you can find the workflow that I fixed for you :

NotifyManagerofNonEmployeeEndDate20250814.json (4.8 KB)

1/ First of all, in your Get Identity Action, the idwas missing inside the Identity choose variable :

I fixed it !

2/ I also changed the Get List of Identities method to be more easy to manage it instead of using Saved Search :

This Search Query means all identities whose attributes.endDate is between now TO now + 15 days.

3/ If you want to return identities exaclty 7 days from the day, you can change the Query toattributes.endDate:[now+7d/d TO now+7d/d] but you should also delete your define variable and all others comparators.

I hope my post will help you

ssel · August 14, 2025, 2:56pm

Thank you so much !! Also, email needs to be sent to manager as well as the distribution list in choose variable, can we do that?

ssel · August 14, 2025, 2:57pm

Yes, also it needs to go to the distribution list

suresh4iam · August 14, 2025, 7:31pm

Yes, you can do that by adding multiple emails in the Send Email action in the Workflow.


"recipientEmailList": [
                        "{{$.getManagerIdentity.attributes.email}}",
                        "testDL@domain.com"
                    ]

system · October 13, 2025, 7:31pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create workflow for notification to Managers when enddate is +14 ISC Discussion and Questions workflows	2	553	July 19, 2023
Accounts Expiration Email Notification ISC Discussion and Questions identity-security-cloud	20	62	October 12, 2025
NELM end-date reminder email ISC Discussion and Questions apis , identity-security-cloud	5	739	July 19, 2023
Notify when AD account expiration date approaches ISC Discussion and Questions identity-security-cloud	7	190	June 15, 2025
30 day + Inactive Lifecycle Workflow trigger ISC Discussion and Questions workflows , identity-security-cloud	5	197	November 4, 2024

IDN Workflow to send notification when the accounts are due to expire

Related topics