How can we help?

Workflow Triggers

Noga Tubi
Noga Tubi
  • Updated


When creating a workflow, you start by selecting a workflow trigger. The trigger defines criteria that will be evaluated against Torii the next time data is synced with external sources (integrations). If an entity meets the criteria, the workflow will trigger and run through its actions sequentially.

The following workflows are available:

  1. User meets criteria
  2. User joins
  3. User left
  4. App meets criteria
  5. New app discovered
  6. Closed app in use
  7. License Count Threshold
  8. Contract meets criteria

See below for descriptions and examples for each workflow trigger.

1. User meets criteria

  • This is the most powerful trigger, which allows you to define a combination of criteria per user. You can tie criteria to user attributes that are Torii-specific (e.g. number of apps used by a user), or to attributes related to an application that is integrated with Torii (e.g. user status in Okta, user hire date in BambooHR, user license type in Zoom and many more). You can also combine different criteria, by adding several filters, to set up a highly specific trigger for unique scenarios in your organization.
  • The two scenarios where this trigger is especially useful are handling user onboarding and offboarding. You can define a unique set of criteria (e.g. active BambooHR users who belong to the Sales department and are located in Germany) and run onboarding actions when such users are first discovered (e.g. to create a Salesforce user, and users in other applications that the new employees will need).

2. User joins

  • Use this trigger to tie your workflow to user creation or hire date in your source of truth for the user lifecycle.
    • If your source of truth is an SSO (Google Workspace, Azure AD, Okta, OneLogin, or Jumpcloud), the workflow will be triggered each time Torii discovers a new user in these IDP providers.
    • If your source of truth is an HRMS, the workflow will be triggered each time Torii discovers a new user with a future hire date.
  • This trigger will help you to handle onboarding processes in your organization.
  • You can define to run various actions for the newly hired employees, e.g. to create users in various applications, to send emails to new employee managers, and many more.

3. User left

  • Use this trigger to tie your workflow to user removal or deactivation in your source of truth for the user lifecycle.
  • Triggering workflows with "User left" will help you to handle offboarding processes. For example, if your source of truth is Google Workspace, you can define that when a user is deactivated in Google Workspace, you delete the user from various applications used in your organization.

4. App meets criteria

  • Similar to the "User meets criteria" trigger, the "App meets criteria" trigger allows the creation of a dynamic set of criteria, but in the context of applications. See below examples of scenarios in which the trigger can be especially useful:
  1. Budget management facilitation. You can notify budget owners or department heads when an application in their purview exceeds a certain expense threshold.  note that expenses in Torii represent the last 12 months.
  2. Identifying new apps which are gaining popularity. You can send notifications about a new app once the number of its users goes over a certain threshold, to immediately draw IT attention to popular apps. You can also decide to automatically move this app to In Review state or Sanctioned state.
  3. Keeping your SAAS stack secure. You can send notifications about newly discovered apps with high-security risks, that were connected to Google Workspace, Azure AD, or Slack. Read more about how Torii calculates application risk levels here.

5. New app discovered

  • Use this trigger to initiate the workflow when Torii discovers a new app.
    The workflow will be triggered when an app is discovered through any connected data source - Torii browser extension, direct integration, your IDP provider, or expense data.
  • You might be interested in using this trigger for the initiation of application approval procedures. For example, use "New app discovered" to send a security questionnaire for new applications.

6. License not in use

  • Use this trigger to identify employees who have not used applications they are assigned a license for, during a fixed period of time. You can select which applications and which type of licenses to monitor. The inactivity period is configurable and can vary from 30 to 180 days.
  • Triggering workflows by "License, not in use" might be especially useful if you want to remove wasted licenses and optimize your license spending. For example, you can trigger the workflow when Torii identifies inactive pro-Zoom licenses, and then deactivate these.
  • When using this workflow trigger, Torii will ONLY show licenses that have a last used date, regardless if Torii has tracked any logins to the app in the defined inactivity period or not.

7. Closed app in use

  • The trigger will identify logins to applications whose status was set to Close in Torii.
  • You can use it to monitor new sign-ups for decommissioned apps and take actions like notifying users about org policies.

8. License Count Threshold

  • You can set up thresholds for a number of licenses, per each app license type and license status. A workflow will run whenever its threshold is reached.
  • Using this trigger can help you optimize your license management processes to remove wasted licenses or, on the contrary, buy licenses in advance.
    For example, you can define a workflow to trigger when Torii identifies 5 and more Zoom basic licenses that have not been used recently and remove these.

9. Contract meets criteria

  • This trigger allows you to set up a flexible combination of criteria to be applied to contracts within Torii.
  • It can be especially helpful for effective renewal management. For example, you can trigger a workflow when a contract with more than 5 licenses that was planned to be renewed is approaching its end date, and to send yourself a reminder to renew it.


Can a Workflow be triggered more than once on the same object? (app, user, contract, or license)
Workflows will only trigger more than once on the same object if the object was changed and no longer match the criteria but then changed again to match the criteria.
  • A workflow triggers on "App has more than 10 users".
    It's triggered for Adobe when the user count reaches 11.
  • As Torii sees the user count for Adobe climb to 12, 13, 14, etc...the workflow will NOT continue to trigger because it already identified Adobe once before.
    If, however, Adobe's user count falls to 6 it no longer matches the workflow criteria. So if the user count jumps from 6 to 13, the workflow WILL trigger again because Adobe matches the criteria again.

Understand How Workflows Work

Manually Run Workflows


Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request