# Identity Created Event Trigger

The platform has introduced an event trigger within the Identity Aggregation and Refresh Flow:

Flow

When an identity is created, this trigger can:

  • Notify an administrator or system to take the appropriate birthright provisioning actions as part of the Joiner workflow.
  • Notify a third party system to trigger another action (e.g. create an onboarding experience for a new hire).

This event trigger provides a flexible way to extend Joiner-Mover-Leaver processes. This provides more proactive governance and ensure users can quickly obtain needed access when they enter your organization.


# Getting Started

# Prerequisites

  • An oAuth Client configured with Authority as ORG_ADMIN.
  • An Authoritative Source. To quickly test this service, use a Flat File Source.
  • Identity Profile using Authoritative Source.

# In This Topic


# Event Context

  • Identity Created events occur when a new identity is detected during an aggregration and refresh from an authoritative source.
  • New identities are detected when an account from the authoritative source is not correlated to an existing identity. For more information, see Configuring Correlation (opens new window)
  • The Identity Created event will contain all attributes of the identity as configured for the Identity Profile. For more information, see Mapping Identity Profiles (opens new window)

Identity Attributes

Use the following command to view the Identity Created Trigger details:

curl --request GET --url 'https://{tenant}.api.identitynow.com/beta/triggers' --header 'authorization: Bearer {access_token}'

# Trigger Type

This event trigger type is a FIRE_AND_FORGET type. When you subscribe to this event trigger with your HTTP endpoint, a response is not expected to be returned.

# Input Schema

The input schema defines what you will receive from the trigger service. Here is input example provided by the trigger:

{
    "identity": {
        "id": "ee769173319b41d19ccec6cea52f237b",
        "name": "john.doe",
        "type": "IDENTITY"
    },
    "attributes": {
        "firstname": "John",
        "lastname": "Doe",
        "email": "john.doe@gmail.com",
        "department": "Sales",
        "displayName": "John Doe",
        "created": "2020-04-27T16:48:33.597Z",
        "employeeNumber": "E009",
        "uid": "E009",
        "inactive": "true",
        "phone": null,
        "identificationNumber": "E009",
        "isManager": false,
        "manager": {
            "id": "ee769173319b41d19ccec6c235423237b",
            "name": "nice.guy",
            "type": "IDENTITY"
        },
        "customAttribute1": "customValue",
        "customAttribute2": "customValue2"
    }
}
  • identity - A reference to the identity that was created. This can be used for SailPoint REST API callbacks for further related information.
  • attributes - A list of identity attributes that the identity was created with. This includes standard attributes (e.g. firstname, lastname, email, uid, etc.) as well as custom attributes that have been designed.

# Subscribe to the Identity Created Event Trigger

To subscribe to the Identity Created Event Trigger, make a POST call to /beta/trigger-subscriptions with the following headers and body:

Headers:

  • Authorization: Bearer <access_token>

Body:

{
   "triggerId":"idn:identity-created",
   "type":"HTTP",
   "httpConfig":{
      "url":"https://urlOfTheExternalService.com",
   }
}

Subscriptions to this trigger can generate a lot of event notifications, especially for tenants which have a lot of identities. SailPoint recommends leveraging event filters to isolate the events that contain changes that you are interested in. It is also important to ensure the systems that are receiving these events can handle the traffic that this trigger generates.

# Testing Tools

  • webhook.site (opens new window) - This tool creates a temporary HTTP endpoint for you to verify that you are able to successfully subscribe to the Event Trigger. You can receive the event after an access request has been submitted. Copy the "unique URL" from webhook.site and use it in the url field of the POST body to /beta/trigger-subscriptions.
  • localhost.run - This tool creates an endpoint for a HTTP server running on your local machine.