ISC Workflow email

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

We have a working workflow to send an email when an account is set to active, we also want to retrieve the email address of the manager of the Identity and include the manager as a recipient.

“Get Identity 1”: {
“actionId”: “sp:get-identity”,
“attributes”: {
“id.$”: “$.trigger.identity.id”
},
“displayName”: “Get User Identity”,
“nextStep”: “Get Accounts”,
“type”: “action”,
“versionNumber”: 2
},
“Send Email”: {
“actionId”: “sp:send-email”,
“attributes”: {
“body”: “”,
“context”: {
“accountName.$”: “$.getAccounts.accounts[?(@.sourceId==“”)].name”,
“userName.$”: “$.getIdentity1.attributes.uid”
},
“from”: “Sender@email.com”,
“recipientEmailList.$”: “$.getIdentity1.attributes.email”,

2

@mbradshaw The given JSON is not a complete one, please provide the valid JSON. Anyway, on your ask to include the manager as a recipient, follow the below steps

  1. Action - Get Identity ($getIdentity): This is to get the active identity’s details
  2. Operator - Verify Data Type: Check whether the identity has a manager by using value = $.getIdentity.managerRef.id and Data Type = Exists
  3. Action - Get Identity ($getIdentity1): When #2 is true, get the manager identity’s detail by passing the value $.getIdentity.managerRef.id
  4. Action - Send Email: Add the managers email id in the recipient list as below and add other email IDs too if you needed:
"recipientEmailList": [
                        "{{$.getIdentity1.attributes.email}}",
                        "otheremail@domain.com"
                    ]

Hope this helps you.

3

How would we be able to pull the email address from the $.getIdentity.managerRef.id into a variable to add to the recipient list?

4

Point #3 is doing that. You need another Get Identity (getIdentity1) action to get Manager identity’s email. In #4, it is referred to $.getIdentity1.attributes.email in recipientlist.

So, you should have 2 Get identity action in your workflow.

5

@mbradshaw Did it help you to achieve your goal?

6

Hi I am not sure that it is formatted correctly, newbie to JSON

{
“id”: “ID”,
“name”: “AD Account Creation Notification 2025 V2”,
“description”: “New AD Account Creation Notification”,
“created”: “2025-09-15T15:26:41.384995484Z”,
“modified”: “2025-09-15T15:26:41.384995484Z”,
“modifiedBy”: {
“type”: “IDENTITY”,
“id”: “ID”,
“name”: “Admin”
},
“definition”: {
“start”: “Get Identity”,
“steps”: {
“Get Identity”: {
“actionId”: “sp:get-identity”,
“attributes”: {
“id.$”: “$.trigger.identity.id”
},
“displayName”: “Get User Identity”,
“nextStep”: “Verify Manager Exists”,
“type”: “action”
},
“Verify Manager Exists”: {
“type”: “operator”,
“operator”: “verify-data-type”,
“attributes”: {
“value.$”: “$.getIdentity.managerRef.id”,
“dataType”: “Exists”
},
“displayName”: “Check if Manager Exists”,
“nextStep”: “Get Identity1”
},
“Get Identity1”: {
“actionId”: “sp:get-identity1”,
“attributes”: {
“id.$”: “$.getIdentity.managerRef.id”
},
“displayName”: “Get Identity1”,
“nextStep”: “Get Accounts”,
“type”: “action”
},
“Get Accounts”: {
“actionId”: “sp:get-accounts”,
“attributes”: {
“getAccountsBy”: “specificIdentity”,
“identity.$”: “$.trigger.identity.id”
},
“displayName”: “Get AD Account Name”,
“nextStep”: “Send Email”,
“type”: “action”
},
“Send Email”: {
“actionId”: “sp:send-email”,
“attributes”: {
“body”: “email Body”,
“context”: {
“accountName.$”: “$.getAccounts.accounts[?(@.sourceId=="sourceID")].name”,
“userName.$”: “$.getIdentity.attributes.uid”
},
“from”: “``no-reply@sailpoint.com``”,
“recipientEmailList”: [
“{{$.getIdentity.attributes.email}}”,
“{{$.getIdentity1.attributes.email}}”
],
“replyTo”: “``no-reply@sailpoint.com``”,
“subject”: “Active Directory - Account Created For {{$.getIdentity.attributes.uid}}”
},
“displayName”: “Send Email To Manager and User”,
“nextStep”: “End Step - Success”,
“type”: “action”
},
“End Step - Success”: {
“displayName”: “”,
“type”: “success”
}
}
},
“enabled”: false,
“executionCount”: 0,
“failureCount”: 0,
“creator”: {
“type”: “IDENTITY”,
“id”: “ID”,
“name”: “admin”
},
“owner”: {
“type”: “IDENTITY”,
“id”: “ID”,
“name”: “admin”
},

7

You can attach the Workflow’s JSON file in the post. Anyway below is a sample Workflow JSON which is doing the job what I explained in the previous thread.

{
    "name": "Send Email on active LCS Workflow",
    "description": "Send Email to Manager",
    "modified": "2025-09-15T15:26:41.384995484Z",
    "modifiedBy": {
        "type": "IDENTITY",
        "id": "ID",
        "name": "Admin"
    },
    "definition": {
        "start": "Get Identity",
        "steps": {
            "End Step - Failure": {
                "actionId": "sp:operator-failure",
                "displayName": "",
                "type": "failure"
            },
            "End Step - Success 4": {
                "actionId": "sp:operator-success",
                "displayName": "",
                "type": "success"
            },
            "Get Identity": {
                "actionId": "sp:get-identity",
                "attributes": {
                    "id.$": "$.trigger.recipient.id"
                },
                "description": "Get identity of user who received the account.",
                "displayName": "",
                "nextStep": "Verify Data Type",
                "type": "action",
                "versionNumber": 2
            },
            "Get Identity 1": {
                "actionId": "sp:get-identity",
                "attributes": {
                    "id.$": "$.getIdentity.managerRef.id"
                },
                "description": "Get Manager identity details",
                "displayName": "Get Manager Identity",
                "nextStep": "Send Email 4",
                "type": "action",
                "versionNumber": 2
            },
            "Send Email 4": {
                "actionId": "sp:send-email",
                "attributes": {
                    "body": "<p>Testing</p>",
                    "context": {
                        "accountName.$": "name",
                        "userName.$": "$.getIdentity.attributes.uid"
                    },
                    "recipientEmailList": [
                        "{{$.getIdentity1.attributes.email}}"
                    ],
                    "replyTo": "no-reply@sailpoint.com",
                    "subject": "Active Directory - Account Created For {{$.getIdentity.attributes.uid}}"
                },
                "description": "",
                "displayName": "",
                "nextStep": "End Step - Success 4",
                "type": "action",
                "versionNumber": 2
            },
            "Verify Data Type": {
                "actionId": "sp:compare-unary",
                "choiceList": [
                    {
                        "comparator": "IsPresent",
                        "nextStep": "Get Identity 1",
                        "variableA.$": "$.getIdentity.managerRef.id"
                    }
                ],
                "defaultStep": "End Step - Failure",
                "description": "Check manager exists",
                "displayName": "Does Manager Exist?",
                "type": "choice"
            }
        }
    },
    "creator": {
        "type": "IDENTITY",
        "id": "ID",
        "name": "Admin"
    },
    "trigger": {
        "type": "EVENT",
        "attributes": {
            "filter.$": "$.changes[?(@.attribute == \"cloudLifecycleState\" && (@.newValue == \"active\"))]",
            "id": "idn:identity-attributes-changed"
        }
    }
}
8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.