Using IdentityNow Workflows to Send a List of Uncorrelated Accounts After Aggregation

Content Community Blog
, ,
1

Tutorials-Blue
Tutorials-Blue2401Ă—1354 228 KB

Introduction

The goal of this blog is to show how create a workflow that will send an email with a list of uncorrelated accounts to a source owner after each aggregation. This workflow can keep the source owner informed about uncorrelated accounts after each aggregation.

The notification will contain the following information:

  • Source Name
  • Number of uncorrelated accounts
  • A preview of the first ten uncorrelated accounts in table format
  • A direct link to the source uncorrelated export page

Workflow implementation

Here is the functional flow of the workflow steps :

image
image591Ă—755 19.5 KB

Create a new workflow called “Send notification with uncorrelated accounts” and add the “Account Aggregation Completed” trigger as the first step.

image
image1309Ă—391 44 KB

As you can see in screenshot above, it possible to add an optional filter if you want to send notification only for specific sources.

$[?((@.source.name in ["My source 1", "My source 2", "My source 3"]) && (@.status == "Success"))]
  • This filter means a workflow will process only for the sources : “My source 1”, “My source 2”, “My source 3” and if the aggregation status is Success
  • You can replace “My source 1”, “My source 2”, “My source 3” with your source names and add more sources if you want.

Next, add an HTTP Request action beneath the trigger. This action will be used to fetch the list of uncorrelated accounts using the Accounts List endpoint. Configure it as follows

image
image370Ă—655 13.1 KB

image
image366Ă—709 15.2 KB

image
image373Ă—733 13.6 KB

  • Token URL is in the following format: https://{tenant}.api.identitynow.com/oauth/token
  • Client ID and Client Secret are the obtained from your personal access token. See this guide for more information on generating a PAT.
  • Request URL is https://{{tenant}}.api.identitynow.com/v3/accounts?filters=sourceId%20eq%20%22{{$.trigger.source.id}}%22%20and%20uncorrelated%20eq%20true&count=true&limit=10
  • Leave the Request Content Type empty

After the HTTP Request, add a Verify Data Type operator to check if uncorrelated accounts are returned or not. If an item was returned, then we continue with next steps. If there was no item returned, we will terminate with “End Step — Success” operator. Configure the Verify Data Type operator as follows.

image
image363Ă—700 11.8 KB

Connect the Verify Data Type “False” output to the “End Step — Success” operator and the “True” output to a new HTTP Request action.

image
image694Ă—273 12.3 KB

This second HTTP Request action will be used to retrieve the source owner using the Get Source by ID endpoint. Configure it as follows

image
image369Ă—648 12.4 KB

image
image367Ă—564 12.2 KB

image
image357Ă—739 13.4 KB

  • Token URL is in the following format: https://{tenant}.api.identitynow.com/oauth/token
  • Client ID and Client Secret are the obtained from your personal access token. See this guide for more information on generating a PAT.
  • Request URL is https://{tenant}.api.identitynow.com/v3/sources/{{$.trigger.source.id}}
  • Leave the Request Content Type empty

After the second HTTP Request, add another Verify Data Type operator to check if the source informations is retrieved correctly. Configure it as follow

image
image358Ă—703 11.9 KB

Connect the Verify Data Type 1 operator “False” output to the new “End Step — Success” operator and the “True” output to the Get Identity action.

image
image835Ă—404 17.4 KB

This Get Identity action will be used to retrieve the source owner email. Configure it as follow.

image
image381Ă—672 11.5 KB

Next, add a Send Email action beneath the Get Identity action and connect its output to the new “End Step — Success” operator. This Send Email action will be used to send an email to the source owner. Configure it as follow.

image

image
image365Ă—716 12.5 KB

image
image345Ă—589 14.5 KB

  • Recipient Email Addresses : must contain recipients email addresses. In this case we use the source owner email with following JSONpath variable : $.getIdentity.attributes.email
  • Leave the Reply To Email Address and From empty.
  • Templating Context : is used to define variables that can be used in an email subject and body template. In our case we defining following variables:
{
	"accounts.$": "$.hTTPRequest.body",
	"aggregationCompletedDate.$": "$.trigger.completed",
	"ownerName.$": "$.getIdentity.attributes.displayName",
	"sourceName.$": "$.trigger.source.name",
	"totalAccounts.$": "$.hTTPRequest.headers['X-Total-Count'][0]",
	"uncorrelatedAccountsLink": "https://{{tenant}}.identitynow.com/ui/admin#admin:connections:sources:{{$.trigger.source.id}}:uncorrelatedAccounts"
}

In the value of uncorrelatedAccountsLink variable you must replace {{tenant}} with your tenant URL.

  • Subject : must contain an email subject. In this case we use: Uncorrelated accounts on source ${sourceName}
  • Body : Use the following template:
<!DOCTYPE html>
<html lang="en">
	<head>
		<meta charset="UTF-8" />
		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	</head>
	<body style="font-family: Arial, sans-serif; margin: 20px">
		<p>Hello <strong>${ownerName}</strong>,</p>

		<p>
			After aggregation on source <strong>${sourceName}</strong> at
			<strong>${aggregationCompletedDate}</strong>, <strong>
				${totalAccounts}</strong
			>
			uncorrelated accounts are detected.
		</p>
		<p>
			You can access export of uncorrelated accounts page
			<a
				href="${uncorrelatedAccountsLink}"
				style="color: blue; text-decoration: underline"
				>here</a
			>
		</p>

		#if($totalAccounts <= 10)
		<p>Below list of uncorrelated accounts :</p>
		#else
		<p>Below list of the 10 first uncorrelated accounts :</p>
		#end

		<table style="width: 100%; margin-top: 20px; border-collapse: collapse">
			<thead>
				<tr>
					<th style="border: 2px solid grey; background-color: #f2f2f2">
						account
					</th>
					<th style="border: 2px solid grey; background-color: #f2f2f2">
						displayName
					</th>
				</tr>
			</thead>
			<tbody>
				#foreach($account in $accounts)
				<tr>
					<td style="border: 2px solid grey; padding: 8px; text-align: center">
						${account.nativeIdentity}
					</td>
					<td style="border: 2px solid grey; padding: 8px; text-align: center">
						${account.name}
					</td>
				</tr>
				#end
			</tbody>
		</table>

		<p>Best regards</p>
		<p>IdentityNow Team</p>
	</body>
</html>

As you can see in the template we use different variables defined in the Templating Context.

Complete workflow and JSON file

Here is the complete workflow

image
image600Ă—678 32.4 KB

And you can download the JSON file here:
SendNotificationForUncorrelatedAccountsV2.json (5.3 KB)

Testing the workflow

For testing this workflow, you can use the “Test workflow” button available in the UI :

image

This default input is provided as:

{
  "source": {
    "id": "4e4d982dddff4267ab12f0f1e72b5a6d",
    "name": "Corporate Active Directory",
    "type": "SOURCE"
  },
  "status": "Success",
  "started": "2020-06-29T22:01:50.474Z",
  "completed": "2020-06-29T22:02:04.090Z",
  "errors": [],
  "warnings": [
    "Account skipped"
  ],
  "stats": {
    "scanned": 200,
    "unchanged": 190,
    "changed": 6,
    "added": 4,
    "removed": 3
  }
}

Replace the id and name properties in the source object per your source id and name which you will use for testing.

Next , click on “Start workflow test” button and you should see a result like this:

image
image770Ă—837 37.4 KB

The owner of the source should receive an email similar to this.

image
image826Ă—349 30.4 KB

1 Like