Hello,
We are trying to create Workflows to send an email to the some group of users when a new account is created by Identity Now for user in a Target, so that we can do some modification in application
Workflow works for any activity performed on any users in Target not just for newly created users.
Did you consider notifying using Source config itself
"accountCreateNotification": {
"accountUserName": "accountID",
"notifyAccountManager": false,
"notifyList": [
"team mails"
],
"notifyAccountOwner": true,
"enabled": false,
"notifyAccountOwnerAltEmail": false
},
We need this config for newly created users that contain role starting with ‘FSM’, I suppose source config will be for all users.
Hello @skotian ,
Could you please elaborate on your query ? Let me know if my understanding is correct.
So , the use case is to send email to identity if an account is newly created to the identity on a particular source ?
If my understanding is wrong , please let me know .
No, we need to send email to some other group of users (support users) once account is newly created for identity on particular Target system that have Entitlement starting with ‘FSM’ got assigned.
Here is the idea for implementing the use case .
[
{
"accountId": "talker3",
"accountOperation": "Modify",
"attributeRequests": [
{
"attributeName" : "detectedRoles" ,
"attributeValue": "Accounts Payable [AccessProfile-1709866079244]",
"operation" : "Add"
}
],
"provisioningResult": "IdentityNow Task",
"provisioningTarget": "IdentityNow",
"source": {"id": "IdentityNow", "name": "IdentityNow", "type": "SOURCE"},
"ticketId": "..."
},
{
"accountId": "CN=whiters walkers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
"accountOperation": "Create",
"attributeRequests": [
{
"attributeName": "memberOf",
"attributeValue": "CN=AccountsPayable,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
"operation": "Add"
},
{
"attributeName" : "ObjectType",
"attributeValue": "User" ,
"operation" : "Add"
},
{
"attributeName" : "sAMAccountName" ,
"attributeValue": "whiters.walkers",
"operation" : "Add"
},
{
"attributeName" : "displayName",
"attributeValue": "talker3" ,
"operation" : "Add"
},
{
"attributeName": "manager",
"attributeValue": "CN=Nagur Shaik,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
"operation": "Add"
},
{
"attributeName" : "mail" ,
"attributeValue": "[email protected]",
"operation" : "Add"
},
{
"attributeName" : "givenName",
"attributeValue": "whiters" ,
"operation" : "Add"
},
{"attributeName": "sn", "attributeValue": "walkers", "operation": "Add"},
{
"attributeName" : "pwdLastSet",
"attributeValue": "false" ,
"operation" : "Add"
},
{
"attributeName" : "IIQDisabled",
"attributeValue": "false" ,
"operation" : "Add"
}
],
"provisioningResult": "committed",
"provisioningTarget": "Active Directory",
"source": {
"id" : "f5cedeea49164e3f9ce1d1bd883b02b4",
"name": "Active Directory" ,
"type": "SOURCE"
},
"ticketId": "..."
}
]
Refer to Constructing and Building Event Trigger Filters , which gives you idea on what filters you need to compose in string compare operators .
The below is the workflow image :
Hope this will help.
Thanks
Here is how I did something like this for a source.
The compare strings is looking at the sourceid. For your use case I would pull back the needed information on the account and then step into a compare string and compare the values from the account pull with the value you are looking.
Thank you for the reply. I cannot use Tigger ‘Source Account Created’. My requirement is ’ When new user get created in ‘Target system’ which is third party and have role assigned starting with ‘FSM’
I am assuming that you want to send email when the user is created on End application directly and not from ISC in that case,
You can use Native change detection for this usecase,
On the source, enable NCD, Checkmark account creation and select the attribute.
Now whenever an account is created with that attribute ISC will trigger NCD event. Now on trigger you can filter such that If the “attribtueXYZ” startsWith “FSM”, then only procceed further.
Hope this helps 
Hi @skotian ,
Can you try this filter in Provisioning Completed :
$.accountRequests[?(@.accountOperation == "Create" && @.provisioningResult == "SUCCESS" && @.source.name == "TARGET SOURCE NAME")]
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
