Hi I am trying to create a Identity lifecycle state changed or Identity Attribute changed workflow. The goal is to filter out the oldValue == null or OldValue == terminated and newValue == active. So that users can be moved to active state from null state for new users and from terminated state for rehire.
I am trying to use this filter “$.changes[?(@.attribute == \“cloudLifecycleState\” && ((@.oldValue == null && @.newValue == \“active\”) || (@.oldValue == \“terminated\” && @.newValue == \“active\”)))]”
but getting invalid syntax errors.
Am I doing anything wrong here ? Any suggestions would be appreciated.
Looks like you are trying to use the Identity Attribute Changed trigger. According to the docs, the trigger doesn’t detect null → active changes, so you would be better suited with the Identity Created trigger for that case.
Judging off your requirements, I would say two workflows/triggers are needed here. One for the case of OldValue == terminated → Re Hire (Attributes Changed Trigger) and another for the OldValue == null → New Hire(Created Trigger).
Give these trigger filters a shot and let me know if these work for you!
This event trigger doesn’t detect an identity’s change in lifecycle state from ‘null’ to ‘active’, so it’s recommended that you set an identity’s lifecycle state when it’s created. You can then use the Identity Created trigger to detect that change to ‘active’ for Joiners.
Thanks you @trettkowski - The new hire trigger did worked. I will check the rehire filter as well. I was wondering if there is any trigger that can be used to cover both of my scenarios in just one trigger condition.
Unfortunately, I’m not aware of anyway to combine both of these into 1 trigger. Seems to be a limitation on the OOTB triggers that SP provides. Definitely something I would like combined as well since I’ve had this exact issue before…
Adding to @trettkowski reply since you asked about combining into one trigger.
I think the core issue isn’t the filter. terminated -> active and null -> active are emitted by different triggers. Identity Attributes Changed does not fire on null -> active, so it won’t catch joiners on its own. You’ll need two triggers.
Sometimes the escaped quotes (" ") or special characters cause syntax errors, so replacing them with normal quotes usually fixes it.
Also, just to confirm — are you testing this directly in the workflow condition or via API? The context sometimes affects how the expression is parsed.
Just an additional thought - if you do need two separate triggers/workflows, each of them can just call a third workflow via external trigger where the main body of work is done. This way, you don’t have to completely replicate all of the workflow steps.
Something like this:
Main workflow with external trigger. Contains all of the steps.
New identity workflow, calls main workflow, passes needed attributes
Rehire workflow, calls main workflow, passes needed attributes
After the trigger step, add compare strings to check the old value, if it is null, then continue with logic for new users, and if it is terminated, continue with logic for rehire users, so using one trigger filter, you can cover both the cases.
