Event Triggers In Identity Security Cloud

Introduction of Event Triggers

The SailPoint Event Triggers is an extensibility feature used through UI to notify third party application. We can also perform this action through API.

Triggers different from API, we must initiate a request to receive latest update through API. User receive latest update by subscribing on event triggers if any actions performed.

The action such as Source created, Identity created, Access Request Dynamic Approval performed in SailPoint based on this event will be triggered.

Types of Triggers

Fire and Forget: It is a one-way communication to notify subscribers. It only sends request to subscribers and don't wait responses from subscribers.

Response Required Trigger: It is a two-way communication between the trigger service and subscriber. It sends request to subscribers and wait responses from subscribers.

Available Event triggers in IdentityNow

We can access available event triggers through UI in Admin Interface.

Subscribing to an Event Trigger

Before we can subscribe, we need service to accept http requests from event triggers service. The most common type of services is webhook testing service, Native SaaS workflows, No code Provider and custom applications.

we can have up to 50 subscriptions for each fire and forget. One subscription for each response required trigger.

We can subscribe through both UI and API to receive updates.

The two-subscription type in UI are Http and Amazon event bridge. Based on our requirements we can select any of this type.

If we choose Amazon Event Bridge as a subscription type, the events send to Aws event bridge and routes to AWS CloudWatch.

We use rule in amazon event bridge to match the incoming event with event pattern and filter to decide which event will go which side for easy understanding.

For fire and forget trigger, For Integration URL we need to provide the endpoint URL of the third-party application. For Authentication Type we can choose based on our choice which response want to receive.

For Response Required Trigger, we can choose response type based on requirements. The default response deadline is P1DT1H.

The response deadline for synchronous triggers is 10 seconds can't be modified.

By using filter to specify which condition occur in event to trigger.

Testing Subscription

We need to check the events are successfully receive and correctly based on filters before used in production.

We can see complete list of subscription in Activity log. Successful executions are stored at least 24hours and unsuccessful are stored at least 48hours.It display up to 2,000 total executions.

Early Access Event Triggers

These triggers must be requested before they can add into tenant because it can change at any time. Some of the early access event triggers are Identity deleted, Source account created, source account deleted, source account updated.

Use Cases

In real time we use triggers in bank to monitor customer action. For example, if customer receive loan based on company requirements. The company requirements do not allow customer to incur additional debt during loan duration. If customer incur more additional debt the events will triggered and notify bank to take appropriate actions.

Conclusion

Using event triggers, by subscription we receive events automatically to monitor status of the identity in our tenant whenever the specific event is triggered. It is very flexible and enhance workflow to automate tasks to achieve our goals.

Stay tuned to our blog to see more posts about SailPoint Product implementations and its related updates.