Version 8.3
Hi Team,
I have to written one rule in which I can assign application to user but I don’t want to pass attribute values through attribute request, I want that it should called provisioning policy of that application.
If it possible, can you please share some sample.
Hi Aman,
Sure - it’s quite easy . Actualy what you need is at least 1 attribute which should not be null. Usually it is eg. status.
With that you can just create an IT Role and assign “entitlement” as status.notNull()
This will result in CREATE provisioning transaction whenever identity which got this IT Role does not have at least account with not null status attribute. And than in CREATE provisioning policy you can set all neccesary attributes.
@kjakubiak, Thank you for your reply.
I have below rule in which two attributes I want to passthrough via AttributeRequest as mentioned in code and other Attributes I want through provisioning policy.
If this is a possible scenario then please guide me
type or paste code here
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.Identity;
import java.util.List;
import java.util.ArrayList;
ProvisioningPlan plan = new ProvisioningPlan();
String identityName="NQABC123";
Identity identityObject = context.getObjectByName(Identity.class, identityName);
log.debug("Employee... Create plan.");
List accreqs = new ArrayList();
//create AD account
AccountRequest acctReq = new AccountRequest();
acctReq.setOperation(AccountRequest.Operation.Create);
acctReq.setApplication("AD");
acctReq.add(new AttributeRequest("sAMAccountName",identityName));
acctReq.add(new AttributeRequest("*password*","newP@$$word"));
accreqs.add(acctReq);
plan.setAccountRequests(accreqs);
plan.setIdentity(identityObject);
System.out.println("Plan = " + plan.toXml());
return plan;
You can just define them in the provisioning policy or add to the provisioning plan in the before provisioning rule I would say.
here is a sample rule that you refer
import sailpoint.object.*;
import sailpoint.object.Filter;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
import sailpoint.object.ManagedAttribute;
import sailpoint.object.QueryOptions;
List accReqs = plan.getAccountRequests();
if ((accReqs != null) && (accReqs.size() > 0)) {
for(AccountRequest accReq : accReqs) {
String val1 = "TestLDAPAttribute";
System.out.println("val1 = " + val1);
List attrReqs = accReq.getAttributeRequests();
if ((attrReqs != null) && (attrReqs.size() > 0)) {
for(AttributeRequest attrReq : attrReqs) {
System.out.println("In the for loop");
String val = attrReq.getName();
System.out.println("val = " + val);
if(val.equalsIgnoreCase(val1)){
System.out.println("Found " + val1);
AttributeRequest newAttReq = new AttributeRequest();
newAttReq.setOperation(ProvisioningPlan.Operation.Add);
newAttReq.setName("objectClass");
newAttReq.setValue("TestLDAPobjectClass");
accReq.add(newAttReq);
}
break;
}
}
}
}
Hi @amanKsingh
Based on what I understand from your requirement is that.
I don’t think you will be able to pass it to the plan directly. Instead you can create a beforeProvisioning Rule and pass the attributes there
You can also try using the dummy entitlement , When you trying add the dummy entailment either through role / access request page . automatically system will use provisioning policy and will try to populate all the required value and ppulate the attribute request and then in before provisioning rule you can remove added dummy entitlement .