IdentityNow Rule Guide - Before Provisioning Rule

Purpose

This rule is used to modify a provisioning plan as provisioning is sent out. This rule should not be used to create new attributes, instead an account creation profile (provisioning policy) should be used.

Execution

• Cloud Execution - This rule executes in the IdentityNow cloud, and has read-only access to IdentityNow data models, however it doesn't have access to on-premise sources or connectors.

Input

Note: logs are not supported for BeforeProvisioning rules. 

Output

Template

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="Example Rule" type="BeforeProvisioning">
  <Description>Describe your rule here.</Description>
  <Source><![CDATA[

  // Add your logic here.

  ]]></Source>
</Rule>

Example

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule name="Example Rule" type="BeforeProvisioning">
  <Description>Before Provisioning Rule which changes disables and enables to a modify.</Description>
  <Source><![CDATA[
import sailpoint.object.*;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AccountRequest.Operation;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.Operation;

for ( AccountRequest accountRequest : plan.getAccountRequests() ) {   
  if ( accountRequest.getOp().equals( ProvisioningPlan.ObjectOperation.Disable ) ) {
    accountRequest.setOp( ProvisioningPlan.ObjectOperation.Modify );
  }
  if ( accountRequest.getOp().equals( ProvisioningPlan.ObjectOperation.Enable ) ) {
    accountRequest.setOp( ProvisioningPlan.ObjectOperation.Modify );
  }
}

  ]]></Source>
</Rule>