IdentityNow Rule Guide - Before Provisioning Rule
Purpose
This rule is used to modify a provisioning plan as provisioning is sent out. This rule should not be used to create new attributes, instead an account creation profile (provisioning policy) should be used.
Execution
- Cloud Execution - This rule executes in the IdentityNow cloud, and has read-only access to IdentityNow data models, however it doesn't have access to on-premise sources or connectors.
Input
Argument | Type | Purpose |
idn | sailpoint.server.IdnRuleUtil |
Provides a read-only starting point for using the SailPoint API. From this passed reference, the rule can interrogate the IdentityNow data model including identities or account information via helper methods as described here. |
plan | sailpoint.object.ProvisioningPlan | A set of provisioning instructions which are sent to the source connectors. |
application | sailpoint.object.Application | A representation of the configured source, and its configuration attributes. |
Note: logs are not supported for BeforeProvisioning rules.
Output
Argument | Type | Purpose |
Template
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd"> <Rule name="Example Rule" type="BeforeProvisioning"> <Description>Describe your rule here.</Description> <Source><![CDATA[ // Add your logic here. ]]></Source> </Rule>
Example
<?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd"> <Rule name="Example Rule" type="BeforeProvisioning"> <Description>Before Provisioning Rule which changes disables and enables to a modify.</Description> <Source><![CDATA[ import sailpoint.object.*; import sailpoint.object.ProvisioningPlan.AccountRequest; import sailpoint.object.ProvisioningPlan.AccountRequest.Operation; import sailpoint.object.ProvisioningPlan.AttributeRequest; import sailpoint.object.ProvisioningPlan; import sailpoint.object.ProvisioningPlan.Operation; for ( AccountRequest accountRequest : plan.getAccountRequests() ) { if ( accountRequest.getOp().equals( ProvisioningPlan.ObjectOperation.Disable ) ) { accountRequest.setOp( ProvisioningPlan.ObjectOperation.Modify ); } if ( accountRequest.getOp().equals( ProvisioningPlan.ObjectOperation.Enable ) ) { accountRequest.setOp( ProvisioningPlan.ObjectOperation.Modify ); } } ]]></Source> </Rule>
Version history