"is Null" in Verify Data Type for Workflows

:bangbang: Please be sure you’ve read the docs and API specs before asking for help. Also, please be sure you’ve searched the forum for your answer before you create a new topic.

I have a use case I am trying to solve when the user is created in a staged state (not started yet), We are expecting name changes to happen even before the user starts and hence notifications are required to be sent. The AD account gets created in this state and we get the UserDN attribute to check when the changes happen at different LCS states

To get the old UserDN attribute I have used a variable UserDNold

If the onboarding happens for the very first time there is no userDn for this user and to check this we have Verify Data Type operator used - Is null

The issue here is if there is no UserDn it still proceeds to the other steps. It should be ending at step 6 when null

Hi @KirtiSikarwar,

You define variable userDNold in your define variable steps.

if there is no UserDn, userDNold still exist with empty value and this different from null.

I suggest this 2 solutions :

Best regards.

The variable.A has a void or empty value not a null, try checking for empty.

I updated the Verify Data Type to “Exists” instead of “IS Null”, the issue is still the same.

@KirtiSikarwar try compare strings operator :

For value 1 you can put your variable.

For value 2, leave it empty without put anything :


Comparison operator is Equals

My Screenshot is in French Language.

Hi @KirtiSikarwar

Can you try the following steps and hopefully you should be able to achieve the desired results?

1: Identity Attributes Changed
2: HTTP Request - using this endpoint get-identity | SailPoint Developer Community

3: Verify Data Type:

  • Value1: $.hTTPRequest.body[0].userAdDn
  • Data Type: Is null

4: End Step - Success

Let me know how it goes.


Getting the below error when I put it as blank.

1 validation error

These errors must be resolved before your workflow can be tested.

choiceStep(Compare Strings 4) Err: one should be defined: VariableB.$[] VariableB[]

Hi @KirtiSikarwar,

Looking at your WF, you are looking to take action only when the old UserDn has a value.

If that is the case, you can make use of a filter as below in the Identity attributes changed trigger, so that the WF will trigger only when old UserDn has a value

$.changes[?(@.attribute=='UserDn' && @.oldValue contains "CN")]

The above filter is under the assumption that UserDn is an actual AD distinguished name.

Try it out and see how it goes.

@jesvin90 Hi Jevin,

Currently, the trigger I’m using is designed to detect changes in email addresses - $.changes[?(@.attribute == “email”)].

The rationale behind this trigger is to ensure that when a name is updated in the HR source, the user DN is also updated accordingly. This requirement applies to all lifecycle states.

The trigger works effectively in cases where the userDN is present, such as pre-hire and active states. However, in scenarios where the AD (Active Directory) account is not yet created, as in the staged state, we intend to exclude those cases since they are part of the onboarding process.

  1. Trigger: The workflow is triggered by an event related to changes in email attributes.
  2. Get Identity: Retrieve user’s identity object
  3. Define Variable – now, userstartdate and UserDNold
  4. Check to see if the userDN attribute is null.
    If null: End Step – Success 6
  5. Else Compare String where now = Users Start date (Anything before this is considered as an onboarding event and should be ignored)
    If True: End Step – Success
    If False – Verify Data Type

Hi @KirtiSikarwar,

In your step 4, can you try the Compare Strings operator and check if $.defineVariable.userDNold contains CN=

If No, End Step.

@jesvin90 ,

this worked,