Skip to main content

Account Deleted

Event Context

This event trigger fires when an account is deleted in Identity Security Cloud.

Accounts can be deleted via aggregations or provisioning.

You could use this event trigger to fire a Workflow that takes additional actions after a privileged account has been deleted.

See Aggregating Accounts and Configuring Source Account Provisioning for more information about the scenarios that lead to account deletion.

This is an example input from this trigger:

{
  "event": {
    "type": "ACCOUNT_DELETED_V2",
    "cause": "AGGREGATION"
  },
  "source": {
    "id": "jlasdferquwoep452343214v",
    "name": "Active Directory",
    "alias": "AD",
    "owner": {
      "id": "owner-123",
      "name": "Source Owner"
    },
    "governanceGroup": {
      "id": "group-456",
      "name": "Governance Group"
    }
  },
  "account": {
    "id": "ee769173319b41d19ccec35ba52f237b",
    "name": "john.doe",
    "nativeIdentity": "john.doe",
    "uuid": "b7264868-7201-415f-9118-b581d431c688",
    "correlated": true,
    "isMachine": false,
    "origin": "Active Directory",
    "attributes": {
      "firstname": "John",
      "lastname": "Doe",
      "email": "john.doe@gmail.com",
      "department": "Sales",
      "displayName": "John Doe",
      "created": "2020-04-27T16:48:33.597Z",
      "employeeNumber": "E009",
      "uid": "E009",
      "inactive": "true",
      "phone": "512-555-1234",
      "manager": "jane.doe",
      "identificationNumber": "E009"
    }
  },
  "identity": {
    "id": "132rfvwfr14353yas56213l",
    "name": "john.doe",
    "alias": "jdoe",
    "email": "john.doe@gmail.com"
  }
}