Issue with Workflow Trigger Behavior: Source Account Created Trigger in SailPoint IDN

Hello,

I am experiencing an issue with the Source Account Created trigger in SailPoint IdentityNow workflows and would appreciate some clarification.

I have a workflow designed to trigger using the Source Account Created event. According to the documentation, this event occurs when a new account is detected during an account aggregation and refresh from a source. My understanding is that this trigger does not differentiate whether the account creation occurred on the source or in Identity Security Cloud (ISC), and it omits events related to ISC accounts, such as the ISC Admin account.

I am using this trigger to monitor the creation of new accounts from our authoritative HRIS source and have filtered the workflow to listen specifically for new accounts from this source. However, I am noticing that the workflow only triggers if there is an existing identity and a new account is added or detected from the authoritative source we’re filtering on. If a new identity is being created from the authoritative source account, the workflow does not trigger as expected.

The goal of the workflow is to write back the business email to the HRIS once the source account is created. We have a specific use case where an individual has an account and identity from a partner source, and later receives a new profile in the employee HRIS. This employee profile should correlate with the existing identity, which already has an email address and an AD account. With the new profile in HRIS, we want to write back the existing AD account and business email address used as a partner to the employee HRIS.

Is this the expected behavior for the Source Account Created event trigger in SailPoint IdentityNow workflows, where it only works for existing identities? If so, are there any recommendations to ensure that new identities also trigger this workflow?

Any guidance or insights would be much appreciated.

Thanks in advance!

Hi @adebomol2024 ,

Have you tried Native Change Account Created Trigger for your workflow, This might help the use case you have mentioned, Let me know how it goes.

Thank you

1 Like

You can try “Identity Created” Tigger instead of Source Account created. and further filter that to specific identity profile.

1 Like

Once your HRIS account is corellated to the identity which you want I believe you need to sync the email using attribute sync instead of using a workflow. The reason being if the email is updated later then you again need to push that to HRIS. With Attribute Sync you should be able to do this in a smoother way by using OOTB configs

This was going to be my suggestion. If you look at the example input from the trigger, it shows an existing identity, so I think that answers whether or not the identity needs to already exist:

So the identity created trigger should meet your use case.

Thanks!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.