Salesforce: Need to setup an workflow when account disable is failed during termination

Hi All,
Use case: Need to trigger a email from sailpoint when salesforce account is failed to disable while user termination. Am trying to use the below Json to create work flow but its with validation errors.
{
“name”: “Notify Salesforce User on Disable Failure”,
“description”: “This workflow sends an email notification to the admin when a Salesforce account fails to disable in SailPoint.”,
“definition”: {
“start”: “Check If Salesforce Disable Failed”,
“steps”: {
“Check If Salesforce Disable Failed”: {
“type”: “conditional”,
“properties”: {
“condition”: “{{trigger.accountOperation}} == ‘Disable’ && {{trigger.provisioningTarget}} == ‘Salesforce’ && {{trigger.provisioningResult}} != ‘committed’”
},
“ifTrue”: {
“nextStep”: “Get Identity”
},
“ifFalse”: {
“nextStep”: “End Step — Success”
}
},
“Get Identity”: {
“actionId”: “sp:get-identity”,
“attributes”: {
“id.$”: “$.trigger.identity.id”
},
“description”: “Retrieves details of the affected user.”,
“nextStep”: “Send Email”,
“type”: “action”,
“versionNumber”: 2
},
“Send Email”: {
“actionId”: “sp:send-email”,
“attributes”: {
“recipients”: [
“[email protected]”
],
“subject”: “Salesforce Account Disable Failed”,
“body”: “Dear Admin,

The attempt to disable the Salesforce account for user ${displayName} was unsuccessful.

Please investigate the issue and take the necessary actions.

Regards,
Identity Management Team”,
“context”: {
“displayName.$”: “$.getIdentity.attributes.displayName”
}
},
“description”: “Notifies the admin that the Salesforce account disable action failed.”,
“nextStep”: “End Step — Success”,
“type”: “action”,
“versionNumber”: 2
},
“End Step — Success”: {
“type”: “success”
}
}
},
“trigger”: {
“type”: “provisioningActionCompleted”,
“attributes”: {
“filter.$”: “$.accountRequests[?(@.accountOperation == ‘Disable’ && @.provisioningTarget == ‘Salesforce’ && @.provisioningResult != ‘committed’)]”,
“id”: “idn:post-provisioning”
}
},
“enabled”: true
}

Can anyone please look in

Hi @nandiniks,

Since you are already filtering for the SF failed events in the trigger, you don’t need to recheck it in the compare operator. And looks like the compare operator had formatting issues.

Here is a modified version, you can try.

SFDisable20250214.json (1.5 KB)

HI Jesvin,
Thank you for the reply. Still the logic doesnot work. Error persists.
Nandini

Hi @nandiniks,

Can you download and attach your WF here.

salesforcetest220250220.json (2.2 KB)

Attached the json Jesvin. PLease review.

Hi @nandiniks,

You can use a 4 step WF as below :

image377×420 15.2 KB

In the trigger filter, try something as below, so that it checks for the source name as well as failure in a single step.

$.accountRequests[?(@.accountOperation == "Disable" && !(@.provisioningResult == "SUCCESS" || @.provisioningResult=="committed") && @.provisioningTarget == "SF")]

Thank You Jesvin, It worked. I also have a requirement to pull the account attribute into the email template. Am trying with below expression but seems not able to fetch.
{“accountId.$”: “$.getAccounts.accounts[?(@.sourceId==‘420af5bb17704a16b4be20241f88d10c’)].attributes.Id”}

Hi @nandiniks,

Try this - {"accountId.$": "$.getAccounts.accounts[?(@.sourceId=='420af5bb17704a16b4be20241f88d10c')].id"}

If you are looking for a specific account attribute, you will need to mention the attribute name that is in your account schema.

eg. if your account schema contains the attribute SF_username, you can use the below filter :

{"accountId.$": "$.getAccounts.accounts[?(@.sourceId=='420af5bb17704a16b4be20241f88d10c')].attributes.SF_username"}

Hi Jesvin, not working as expected. Am pulling this above expression with ${accountId} in template. Do we have any other solution?
Nandini

am using the below expression:
{“accountId.$”: “$.getAccounts.accounts[?(@.sourceId==‘420af5bb17704a16b4be20241f88d10c’)].id”}

Used both filters. but seems no luck