Workflow to send an email listing accounts identity was removed from

Trenton_Sauls · March 31, 2023, 2:49pm

I am trying to create a workflow that is triggered when an identity is changed to “Inactive”, it sends an email that contains all of the accounts the identity has been removed from. I got it to somewhat work but the list of accounts is put into an array and is in CN=abc,OU=123 format and each account is comma separated. i want to be able to get those accounts either with just the actual display name or at least put each DN on a separate line but i am not having any luck doing either. is this even possible.
This is the output i am able to get so far:

[CN=abc,OU=123,OU=456,DC=DC2,DC=DC1, CN=def,OU=123,OU=456,DC=DC2,DC=DC1]

As you can see this is just two different accounts, you can imagine how hard to read this would be with an identity with multiple accounts.

Within the body of the “Send Email” action here is what i have that as the place holder for the accounts:

${accounts}

I also pull the name of the person’s identity with this:

${displayName}

And here is the templating context i use:

{"accounts.$":"$.getAccounts.accounts[0:].attributes.memberOf[0:]","displayName.$":"$.getIdentity.attributes.displayName"}

LukeHagar · April 4, 2023, 2:48pm

Hey @Trenton_Sauls,

Welcome to the Community!
Thank you for posting in the forums.

Looking at this string specifically:

{"accounts.$":"$.getAccounts.accounts[0:].attributes.memberOf[0:]","displayName.$":"$.getIdentity.attributes.displayName"}

I believe the displayName of the accounts you are listing here would be the distinguishedName, you can try changing that last variable there to something else that’s a little more user viewable. Those options should be viewable on the account page in IdentityNow.

I’m not certain on the best way to programmatically format the array that’s being returned, I don’t have extensive experience with that kind of templating, but I will continue looking into the issue, and if I find anything helpful I will update here with that info.

jewalker · April 4, 2023, 6:52pm

Hello Trenton, I just finished working on something very similar but the output in the email is a table. I also have it do a foreach loop through all the accounts.

Template context for get accounts
{"accounts.$":"$.getAccounts.accounts","accounttype.$"}

Portion of HTML body with accounts table

<h2><b>-User Accounts-</b></h2>
<table style="border:1px solid black;border-collapse:collapse">
    <tr>
        <td style="border:1px solid black;border-collapse:collapse"><b>Source Name</b></td>
        <td style="border:1px solid black;border-collapse:collapse"><b>Account Name</b></td>
    </tr>
    #foreach( $account in ${accounts} )
    <tr>
        <td style="border:1px solid black;border-collapse:collapse">$account.sourceName</td>
        <td style="border:1px solid black;border-collapse:collapse">#if (${account.name}) ${account.name} #else $account.nativeIdentity #end</td>
    </tr>
    #end
</table>

Output looks like this:

I’m happy to answer any questions.

Trenton_Sauls · April 5, 2023, 1:46pm

Thank you. The displayName pulls back what i am needing. it pulls the user’s first and last name. As for the accounts, i am at a loss. no idea how to get what i am wanting +

Trenton_Sauls · April 5, 2023, 6:16pm

Thank you! this is what i needed. I was able to modify it a bit to fit what i needed. I really appreciate it!!

colin_mckibben · April 5, 2023, 7:31pm

Glad to hear you were able to resolve this. Do you mind sharing your solution for future readers of this topic?

Trenton_Sauls · April 5, 2023, 9:27pm

Of course. So the solution I went with gets me a list of entitlements removed from the identity when their cloudLifecycleState changed to “Inactive”.

Templating Context

{"accounts.$":"$.getAccounts.accounts","displayName.$":"$.getIdentity.attributes.displayName"}

Body

<p>The user ${displayName} cloudLifecycleState has changed to Inactive and the following entitlements has been removed from their identity</p>
<h3><b>-User Accounts-</b></h3>
<table style="border:1px solid black;border-collapse:collapse">
    <tr>
        <td style="border:1px solid black;border-collapse:collapse"><b>Entitlement</b></td>
    </tr>
    #foreach( $account in ${accounts} )
    #if($account.attributes.memberOf)
    #set($i = 0)
    #foreach($member in ${account.attributes.memberOf})
    #if($i <= ${account.attributes.memberOf.size()})
    <tr>
        <td style="border:1px solid black;border-collapse:collapse">$account.attributes.memberOf.get($i)</td>
    </tr>
    #set($i = $i + 1)
    #end
    #end
    #end
    #end
</table><br>

Thank you again all!

Topic		Replies	Views
Account details in send email action of workflow ISC Discussion and Questions workflows , transforms , apis , identity-security-cloud , sources	3	355	July 19, 2023
Workflow: Fetch Array from HTTP request and send in Email in a table with separated values ISC Discussion and Questions workflows , identity-security-cloud	2	386	October 30, 2023
Workflow to send email to personalEmail ISC Discussion and Questions workflows , identity-security-cloud	1	1345	July 19, 2023
Add multiple recipients to send email from workflow ISC Discussion and Questions workflows , identity-security-cloud , notifications	5	703	July 5, 2023
Workflow - Passing array to "Enter Value" field ISC Discussion and Questions workflows , identity-security-cloud	2	399	August 14, 2023

Workflow to send an email listing accounts identity was removed from

Related Topics