Skip to main content

Identity Deleted


This is an early access event trigger. Please contact support to have it enabled in your tenant.

Event Context


Identity deleted event will occur when an identity meets all of the following requirements:

  • No correlated accounts
  • Not an owner of a role, access profile, application, source, or taskResult
  • Not an owner or requester of a workItem
  • Not a protected account or manager
  • No assigned capabilities (ex. not an assigned cert reviewer)
  • Not involved in any active certification as a target (its access is not being certified)

After accounts are aggregated and the identity refresh process finds an identity that meets the above criteria, the associated identity is deleted from Identity Security Cloud. For more information, see Configuring Correlation. The Identity deleted event contains any identity attributes as they are configured in the identity profile. For more information, see Mapping Identity Profiles.


Identity Security Cloud will hide an identity from the identity list in the UI when the authoritative account is removed. This does not necessarily mean that the identity has been deleted. The identity will only be deleted when the above criteria are met. The deletion task run each night, so there will be a delay from when the criteria are met to when the identity will actually be deleted.

This event trigger provides a flexible way to extend joiner-mover-leaver processes. This provides more proactive governance and ensures users can quickly get necessary access when they enter your organization.

Some uses cases for this trigger include the following:

  • Notify an administrator or system to take the appropriate provisioning actions as part of the leaver workflow.
  • Notify a system to trigger another action (e.g. deactivate an employee’s badge upon termination).

This is an example input from this trigger:

"identity": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "William Wilson"
"attributes": {
"firstname": "John"