I have a requirement to have an account created within an AD domain that is not our primary domain. This would show as an application link on the identity. The account creation would stem from an attribute on the identity. If this attribute is populated with a certain value (will be the same for all identities), then an account in this AD gets created.
I already have the application to the second domain created, connected, and aggregated.
You can use SailPoint role with assignment criteria to create the account. Do you have any group that should be provisioned on account creation. You can configure role with the default group. The assignment criteria will check for the identity attribute with a certain value.
It can be done via Birthright role assignment , but you would need one entitlement for that .
If there is some restriction with that , you can achieve this via Lifecycle event as well . Put a rule with the condition to check the attribute and on the basis of that in workflow , simply create a plan and execute it via provisioner or you can generate the access request as well . whatever fits your requirement.