Workflow to remove old account after new creation (Native Change – Account Created)

AmandaHirayama · November 4, 2025, 7:10pm

Hi everyone!

I’m developing a workflow triggered by a Native Change Account Created
The goal is to ensure that when a new account is created in the authoritative source, the system checks whether that identity already has another account in the same source.

In more detail:

When a new account is created, the workflow should query all accounts from a specific source associated with that identity.
If the query result shows that there is more than one active account for the same identity, the process should remove (or deactivate) the previous account, keeping only the most recent one active.

If anyone has implemented a similar logic or can share best practices, expressions, or condition examples for this type of scenario, I’d really appreciate your input!

Thanks in advance!

srezzaki · November 4, 2025, 10:02pm

Hello,
It’s a little bit strange to have 2 accounts on the same authoritative source, but her is my suggestion to accomplish this :

add a custom attribute on the identity profile level

- add a transform that calculates number of accounts of an identity coming from the authoritative source and link it to the custom attribute

- activate the Native Change Detection of the authoritative source

- Workflow :

trigger : Native Change Account Created

Get Identity

Comparaison string : custom attribte value > 2 ?
If yes => Http Request : run a search query using API with an innerHit query

=> Loop over the body [ compare Timestamps : $.loop.loopInput.created with today

=> if it’s in the past HTTP request or Manage Accounts action (it depens on your authoritative source)

else end ]

else end workflow

the time today could be define using “Define variable operator”

search query :

{

"includeNested": true,

"indices": [

    "identities"

],

"query": {

     "innerHit": {

         "query": "(source.name:\"source authoritaire name\")",

        "type": "accounts"

     },

    "query": "attributes.uid:$getIdentity.attributes.uid"

},

"queryResultFilter": {

    "includes": ["accounts"]

}

}

From your description I am assuming that the uid is the same on both accounts and the new added account will be correlated to the existing identity.

Topic		Replies	Views
Detect/Prevent Second Account Creation in IdentityNow ISC Discussion and Questions identity-security-cloud , provisioning	6	1220	July 19, 2023
Native Change Account Updated ISC Discussion and Questions workflows , identity-security-cloud	6	451	February 11, 2024
Remove Identity from IDN on lifecycle state change ISC Discussion and Questions workflows	3	576	July 19, 2023
How to detect identities with multiple accounts? ISC Discussion and Questions identity-security-cloud	8	264	September 15, 2025
Remove Account and Create a New Account for the Same Identity ISC Discussion and Questions identity-security-cloud , provisioning	6	622	January 21, 2024

Workflow to remove old account after new creation (Native Change – Account Created)

Related topics