Hi @jkalle ,
You can design your workflow with something like below:
Step1: Trigger - Identity Attributes Changed . You can use filter (Advanced) as $.changes[?(@.attribute == "cloudLifecycleState")]
Step 2: Compare String operator to check if the new cloudLifecycleState value is Inactive (or equivalent of your offboarding LCS) e.g. compare $.trigger.changes[?(@.attribute == "cloudLifecycleState")].newValue with Inactive
Step 3: For Compare String True flow, Get Accounts by Identity based on $.trigger.identity.id
Step 4: Use a Loop with Loop Input as $.getAccounts.accounts and Loop context as $
Step 5: Within the loop, fetch the app access items and store them in variable using Define Variable
Step 6: Send Email to the app owner using variable fetched in the Step 5.
Hope this gives you a start to design the workflow.
Thanks,
Shailee