# Understanding Conditions and Transformers Lifecycle Management automates identity provisioning across your applications. When an employee joins, changes roles, or leaves, workflows answer two questions: **Should** this person get access? And **what** should their account look like? This document explains the building blocks: conditions that control when things happen, and transformers that control what values are set. ## Terminology These terms are used throughout Lifecycle Management documentation. | Term | Definition | Example | | --------------- | --------------------------------------------------------------------------- | ------------------------------------------------------------------------ | | **Condition** | A SCIM filter expression that evaluates to true/false | `department eq "Engineering"` | | **Transformer** | A complete attribute mapping configuration | Maps `email` to target, with formatter `{first_name}.{last_name}@co.com` | | **Formatter** | The template string within a transformer that constructs the value | `{first_name}.{last_name}@company.com` | | **Then Apply** | A transformation applied within a formatter using the pipe (`\|`) character | `UPPER`, `LOWER`, `SUBSTRING` | {% hint style="info" %} **Key relationship:** A **Transformer** CONTAINS a **Formatter**. The transformer is the complete configuration (which attribute to set, the formatter template, sync options). The formatter is just the template string that defines how to construct the value. {% endhint %} ## Quick Reference | When You Need To... | Use This System | Syntax Type | Output | | ---------------------------------------------- | ---------------------------------------------------------- | -------------------- | --------------------- | | Decide **IF** a workflow runs | [Workflow Trigger Condition](#workflow-trigger-conditions) | SCIM filter | Boolean | | Decide **IF** a subsequent action runs | [Condition on Success](#conditions-on-success) | SCIM filter | Boolean | | Decide **WHAT** value an attribute should have | [Attribute Transformer](#attribute-transformers) | Formatter (template) | String | | Decide **WHICH** Access Profile to assign | [Dynamic Access Profile](#dynamic-access-profiles) | Formatter (template) | String (profile name) | ## The Four Systems ### Workflow Trigger Conditions **Purpose:** Determine whether a workflow should execute based on identity attributes. **Syntax:** SCIM filter expressions that evaluate to true or false. **Example:** ```txt is_active eq true and department eq "Engineering" ``` **When to use:** Gate workflow execution based on identity state, department, location, employment type, or other attributes. See [Trigger Conditions Reference](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions/trigger-conditions-reference.md) for complete syntax documentation. *** ### Conditions on Success **Purpose:** After a workflow trigger matches, determine whether subsequent actions should run. **Syntax:** Same SCIM filter syntax as workflow triggers. **Example:** ```txt job_level ge 5 and location sw "US-" ``` **When to use:** Create branching logic within a workflow where different actions apply to different identity subsets. See [Conditions and Actions](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions.md) for configuration details. *** ### Attribute Transformers **Purpose:** Construct attribute values when syncing identities to target systems. **Syntax:** Formatter templates with optional pipeline functions. **Examples:** ```txt {first_name}.{last_name}@company.com ``` ```txt {first_name | LOWER}.{last_name | LOWER | SUBSTRING, 0, 10} ``` **When to use:** Transform source attributes into the format required by target systems (usernames, email addresses, distinguished names, etc.). Transformers also support IF/ELSE conditional logic to select different values based on identity attributes. See [Attribute Sync and Transformers](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers.md) for complete documentation. *** ### Dynamic Access Profiles **Purpose:** Dynamically determine which Access Profile to assign based on identity attributes. **Syntax:** Formatter templates (same as attribute transformers) that resolve to Access Profile names. **Example:** ```txt dept-{department | LOWER} ``` If user's department is "Engineering", this resolves to the Access Profile named `dept-engineering`. **When to use:** Assign Access Profiles based on department, location, role, or other attributes without creating separate workflow conditions for each combination. {% hint style="info" %} Dynamic Access Profiles answer "**which** profile?" not "**should** we assign a profile?" They use formatter syntax, not SCIM conditions. {% endhint %} See [Dynamic Access Profiles](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/profiles/dynamic-access-profiles.md) for complete documentation. *** ## Combining Conditions and Transformers Conditions and transformers can work together. Workflow trigger conditions can embed transformer syntax for dynamic value comparisons. ### Example: Time-Windowed Leaver Trigger This condition triggers a leaver workflow when an employee's last day falls within a 2-day window around today: ```txt is_active eq true and customprop_lastdayofwork le "{| NOW | UTC_TO_TIME_ZONE, \"-05:00\" | DATE_ADJUST_DAY, 0 | DATE_FORMAT, \"DateOnly\"}" and customprop_lastdayofwork gt "{| NOW | UTC_TO_TIME_ZONE, \"-05:00\" | DATE_ADJUST_DAY, -2 | DATE_FORMAT, \"DateOnly\"}" ``` **Breaking it down:** | Component | Layer | Purpose | | ----------------------------------------------- | -------------------- | ----------------------------------- | | `is_active eq true` | SCIM condition | Check if employee is active | | `customprop_lastdayofwork le ...` | SCIM condition | Compare last day to threshold | | `{\| NOW \| UTC_TO_TIME_ZONE, "-05:00" \| ...}` | Embedded transformer | Generate "today in EST" dynamically | **The syntax `{\| FUNCTION \| ...}`** (pipe immediately after opening brace) indicates a transformer with no source attribute—it starts directly with a function like `NOW`. See [Dynamic Value Comparisons](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions/trigger-conditions-reference.md#dynamic-value-comparisons-with-embedded-transformers) for more examples. *** ## Summary | Feature | Workflow Conditions | Attribute Transformers | | -------------------------- | ------------------------------------- | ------------------------- | | **Purpose** | Gate execution | Construct values | | **Output** | Boolean (yes/no) | String (the value) | | **Base syntax** | SCIM filter (`eq`, `le`, `and`, `or`) | Template (`{attribute}`) | | **Supports IF/ELSE** | No (use nested conditions) | Yes | | **Can embed transformers** | Yes, for dynamic values | N/A (is the transformer) | | **Then Apply** | Only within embedded values | Yes (`\| UPPER \| LOWER`) | *** ## Related Topics * [Trigger Conditions Reference](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/actions/trigger-conditions-reference.md) - Complete SCIM syntax for workflow triggers * [Attribute Sync and Transformers](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers.md) - Formatter syntax and pipeline functions * [Transformer Reference](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers/transformer-reference.md) - All available transformation functions * [Dynamic Access Profiles](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/profiles/dynamic-access-profiles.md) - Formatter-based profile assignment * [System Attributes](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/transformers/system-attributes.md) - Computed attributes like `sys_attr__is_mover` * [Policies](/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/policies.md) - Creating and configuring Lifecycle Management policies --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/features/lifecycle-management/policies-workflows/conditions-and-transformers-overview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.