How can we help?

Workflow Triggers

Noga Tubi
Noga Tubi
  • Updated


When creating a workflow, you start by selecting a workflow trigger. The trigger defines criteria that will be evaluated against Torii the next time data is synced with external sources (integrations). If an entity meets the criteria, the workflow will trigger and run through its actions sequentially.

The following workflows are available:

  1. User meets criteria

  2. User joins

  3. User left

  4. App meets criteria

  5. New app discovered

  6. Closed app in use

  7. License Count Threshold

  8. Contract meets criteria

See below for descriptions and examples for each workflow trigger.


User meets criteria

This is the most powerful trigger, which allows you to define a combination of criteria per user. You can tie criteria to user attributes that are Torii-specific (e.g. number of apps used by a user), or to attributes related to an application that is integrated with Torii (e.g. user status in Okta, user hire date in BambooHR, user license type in Zoom and many more). You can also combine different criteria, by adding several filters, to set up a highly specific trigger for unique scenarios in your organization.

Two scenarios where this trigger is especially useful are handling user onboarding and offboarding. You can define a unique set of criteria (e.g. active BambooHR users who belong to the Sales department and are located in Germany) and run onboarding actions when such users are first discovered (e.g. to create a Salesforce user, and users in other applications that the new employees will need).


User joins

Use it to tie your workflow to user creation or hire date in your source of truth for the user lifecycle.

If your source of truth is an SSO (Google Workspace, Azure AD, Okta, OneLogin, or Jumpcloud), the workflow will be triggered each time Torii discovers a new user in these IDP providers.

If your source of truth is an HRMS, the workflow will be triggered each time Torii discovers a new user who has a future hire date.

This trigger will help you to handle onboarding processes in your organization.

You can define to run various actions for the newly hired employees, e.g. to create users in various applications, to send emails to new employee managers, and many more.

User left

This trigger is the opposite of the one above Use it to tie your workflow to user removal or deactivation in your source of truth for the user lifecycle.

Triggering workflows with "User left" will help you to handle offboarding processes. For example, if your source of truth is Google Workspace, you can define that when a user is deactivated in Google Workspace, you delete the user from various applications used in your organization.

App meets criteria

Similar to the "User meets criteria" trigger, the "App meets criteria" trigger allows to create a dynamic set of criteria, but in the context of applications. See below examples of scenarios in which the trigger can be especially useful:

  1. Budget management facilitation. You can notify budget owners or department heads when an application in their purview goes over a certain expense threshold. Pay attention - expenses in Torii represent the last 12 months.

2. Identifying new apps which are gaining popularity. You can send notifications about a new app once the number of its users goes over a certain threshold, to immediately draw IT attention to popular apps. You can also decide to automatically move this app to In Review state or Sanctioned state.

3. Keeping your SAAS stack secure. You can send notifications about newly discovered apps with high-security risks, that were connected to Google Workspace, Azure AD or Slack. Read more about how Torii calculates application risk levels here.

New app discovered

Use this trigger to initiate the workflow when Torii discovers a new app. The workflow will be triggered when an app is discovered through any connected data source - Torii browser extension, direct integration, your IDP provider, or expense data.


You might be interested to use this trigger for the initiation of application approval procedures. For example, use "New app discovered" to send a security questionnaire for new applications.

License not in use

Use this trigger to identify employees who have not used applications they are assigned a license for, during a fixed period of time. You can select which applications and which type of licenses to monitor. The inactivity period is configurable and can vary from 30 to 180 days.


Triggering workflows by "License, not in use" might be especially useful if you want to remove wasted licenses and optimize your license spending. For example, you can trigger the workflow when Torii identifies inactive pro Zoom licenses, and then deactivate these.

Closed app in use

The trigger will identify logins to applications whose status was set to Close in Torii.

You can use it to monitor new sign-ups for decommissioned apps and take actions like notifying users about org policies.

License Count Threshold

You can set up thresholds for a number of licenses, per each app license type and license status. A workflow will run whenever its threshold is reached.

Using this trigger can help you optimize your license management processes to remove wasted licenses or, on the contrary, to buy licenses in advance. For example, you can define a workflow to trigger when Torii identifies 5 and more Zoom basic licenses that have not been used recently and remove these.

Contract meets criteria

This trigger allows you to set up a flexible combination of criteria to be applied to contracts within Torii.

It can be especially helpful for effective renewal management. For example, you can trigger a workflow when a contract with more than 5 licenses that was planned to be renewed is approaching its end date, and to send yourself a reminder to renew it.




Understand How Workflows Work

Manually Run Workflows


Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request