# Identity Deleted Event Trigger

The platform has introduced an event trigger within the Identity Aggregation and Refresh Flow:


When an identity is deleted, this trigger can:

  • Notify an administrator or system to take the appropriate provisioning actions as part of the Leaver workflow.
  • Notify a system to trigger another action (e.g. deactivate an employee’s badge upon termination).

This event trigger provides a flexible way to extend Joiner-Mover-Leaver processes. This provides more proactive governance and ensure users can quickly obtain needed access when enter your organization.

# Getting Started

# Prerequisites

  • An oAuth Client configured with Authority as ORG_ADMIN.
  • An Authoritative Source. To quickly test this service, use a Flat File Source.
  • Identity Profile using Authoritative Source.

# In This Topic

# Event Context

  • Identity deleted events occur when the associated account with an identity is deleted from authoritative sources. After accounts are aggregated and the identity refresh process finds an identity that is not correlated to an account, the associated identity is deleted from IdentityNow. For more information, see Configuring Correlation (opens new window)
  • The Identity deleted event will contain any attributes of the identity as configured for the identity profile. For more information, see Mapping Identity Profiles (opens new window)

Identity Attributes

Use the following command to view the Identity Deleted Trigger details:

curl --request GET --url 'https://{tenant}.api.identitynow.com/beta/triggers' --header 'authorization: Bearer {access_token}'

# Trigger Type

This event trigger type is a FIRE_AND_FORGET type. When you subscribe to this event trigger with your HTTP endpoint, a response is not expected to be returned.

# Input Schema

The input schema defines what you will receive from the trigger service. Here is input example provided by the trigger:

    "identity": {
        "id": "ee769173319b41d19ccec6cea52f237b",
        "name": "john.doe",
        "type": "IDENTITY"
    "attributes": {
        "firstname": "John",
        "lastname": "Doe",
        "email": "john.doe@gmail.com",
        "department": "Sales",
        "displayName": "John Doe",
        "created": "2020-04-27T16:48:33.597Z",
        "employeeNumber": "E009",
        "uid": "E009",
        "inactive": "true",
        "phone": null,
        "identificationNumber": "E009",
        "isManager": false,
        "manager": {
            "id": "ee769173319b41d19ccec6c235423237b",
            "name": "nice.guy",
            "type": "IDENTITY"
        "customAttribute1": "customValue",
        "customAttribute2": "customValue2"
  • identity - A reference to the identity that was deleted. This can be used for SailPoint REST API callbacks for further related information, assuming there are still APIs have reference to the deleted.
  • attributes - A list of identity attributes that the identity had. This includes standard attributes (e.g. firstname, lastname, email, uid, etc.) as well as custom attributes that have been designed.

# Subscribe to the Identity Deleted Event Trigger

To subscribe to the Identity Deleted Event Trigger, make a POST call to /beta/trigger-subscriptions with the following headers and body:


  • Authorization: Bearer <access_token>



Subscriptions to this trigger can generate a lot of event notifications, especially for tenants which have a lot of identities. SailPoint recommends leveraging event filters to isolate the events that contain changes that you are interested in. It is also important to ensure the systems that are receiving these events can handle the traffic that this trigger generates.

# Testing Tools

  • webhook.site (opens new window) - This tool creates a temporary HTTP endpoint for you to verify that you are able to successfully subscribe to the Event Trigger. You can receive the event after an access request has been submitted. Copy the "unique URL" from webhook.site and use it in the url field of the POST body to /beta/trigger-subscriptions.
  • localhost.run - This tool creates an endpoint for a HTTP server running on your local machine.