top of page

How To: SailPoint IdentityNow – Use Workflows for Automating Tasks

Mike Egan

In 2022, SailPoint released a powerful new feature in IdentityNow called Workflows. (This should not be confused with the existing core concept of workflows which are used for life cycle management and provisioning.) If the Workflows feature is enabled for your tenant, it can be found in the Admin UI.

Whenever a specific, defined event occurs, a Workflow (e.g., a set of tasks that are automatically executed) is initiated. Workflows are a great way to automate processes in IdentityNow, especially now that they can be configured to respond to a trigger, also known as an Event Trigger. This cuts down on manual administration tasks and provides a way of automating and sending alerts in real time.

The technical aspects of a workflow are handled with JSON (JSONpath) however most of a workflow can be designed and administered via the User Interface. While Workflow uses a no-code model, it does require a basic understanding of JSON and can get quite complex. The following is a useful example of a Workflow that automates the time-consuming task of checking if any Source aggregations have failed:

1. Select [+New Workflow]:

2. Select [Build a New Workflow]:

3. Give the Workflow the Name*, “Account Aggregation Alert”, and the Description, “Account Aggregation Alert Workflow”,and select [Continue to Builder]:

4. You should see the following Workflow Builder screen with the Triggers tab, Actions tab and Operators tab. Locate the Trigger labeled “Account Aggregator Completed” and drag it into the blank space at the center of the console:

5. From the left side panel, drag and dropthe Actions and Operators and configure them underneath the Trigger as follows (the tool itself will help you along with the available options):

6. Select the Trigger box and, if needed, fill in the fields below, to the right (NOTE: there is no filter for the Trigger included in this example, it is included for comprehensiveness):

7. Select the Operator box and fill in the fields with the below values (to the right):

8. Select the Action box, located under True, labeled Send Email, and fill in the fields with the below values (to the right):

9. Select the Action box, located under False, labeled Send Email, and fill in the field with the Recipient Email Addresses* box by typing a name (of the email you wish to send the results to) until it appears in the field below it (to the right):

10. Select the Operator box, labeled End Step – Failure, and fill in the fields, as shown, with the below values (to the right):

11. Select the Operator box, labeled End Step – Success, and fill in the fields, as shown, with the below values (to the right):

12. When completed, select [Save] and then [Test Workflow].

13. You will return to the Current Step 1. Setup screen. From the lower right, select, [Start Test].

14. Once the test is complete you will receive an email to the email address input in step 9. above. From Current Step 3. Results, you will note that there are “No workflow errors detected”.

15. Select the Operator box, labeled End Step – Failure, and select the Step Input tab (to the right):

16. From within Step Input, on the lower right, locate the line in the code, “’status’: Success” and change it to state “’status’: Failed”.

17. Select [Start New Test].

18. Once the test is complete you will receive an email to the email address input in step 9. above stating the workflow failed.

19. Enable the Workflow to run automatically by enabling it in the main Workflow page as shown below:


While this Workflow is quite simple to build, it automates an important manual administrative task. Additionally, it sends alerts if an aggregation has failed.

Workflows created through any method (i.e., via an imported JSON file, the Builder UI or Templates provided by SailPoint) will follow the same model.

If you want to learn more about our Identity as a Service (IDaaS) offerings, see our Cloud IAM & IDaaS page or our Identity Governance & Administration (IGA) page.

Talk to the experts at CyberSolve to see how your organization can implement SailPoint IdentityNow (IDN) features to fit your unique needs.

Comments


bottom of page