I had the similar requirement to one of the customer but not entirely same. Below is the approach I took to implement it by using Workflow,
- Trigger: Scheduled Trigger (twice a day)
- Action: Get List of Identities. Used Search Query to find the limited identities whose falling within the reminder days by using end Date/AD account expires identity attribute like now+15d OR now+10d OR now+5d)
- Operator: Loop. To iterate each identities from the Search result
- Inside Loop:
=> Action: Get Identity. Getting an identity from the loop
=> Operator: Define Variable. Variable for each reminder days and for a current date. Here you need to define 3 reminder variables for 15,10 and 5 days. Calculate the reminder day from end date, Below is a sample variable definition for 15days
{
"name": "var15Days",
"description": "",
"transforms": [
{
"id": "sp:transform:subtractTime:time",
"input": {
"length": 15,
"unit": "days"
}
}
],
"variableA.$": "$.getIdentity1.attributes.endDate"
}
=> Operator: CompareTimestamps. Compare the current date with remainderDays variable. For example, Value1 = varToday, Comparison Operator = “Is on the Date”, Value2 = var15Days. If it is True Send email, else goto 10dayscheck and do the same comparison with 10days and 5days variable.
=> Operator: End Step - Success. To end the loop
5. Operator: End Step - Success. To end the Workflow.
This way, it does not required additional identity attribute and also not required to processing unchanged identities everyday. Workflow will execute on the scheduled time and process only the identities whose end date fall in the specific timeline.
Hope this helps on your case.