Share all details related to your problem, including any error messages you may have received.
Hi,
We recently added ‘Update Provisioning Policy’ and ‘After Provisioning Rule’ in one of our applications and we saw a behaviour which we were not aware of.
After we updated the application, and after the refresh task ran, SailPoint started updating the user account based on the update provisioning policy form and triggered the after provisioning rule.
Can anyone please explain us how this behaviour works? Do SailPoint automatically checks the newly created update provisioning policy and sends the provisioning request for the users?
Every operation the connector is doing he is updating this attributes you guys sett up. even if they don’t change.
to avoid that use attribute sync , that way the changes will be propagated
Hi Ivan, thank you for your response. We check the events tab under the identities that were impacted with this issue. And we do not see any request been submitted for that user during that particular time.
I checked the target mapping and saw there were three attributes from that application. So, even if the attributes does not change on the identities, does it still create a provisioning transaction and triggers the after provisioning rule?
Also, unfortunately we are only capturing failed provisioning transactions in the administrator console.
You can control in After Provisioning Rule by multiple ways like
You will get requestlist by plan.getObjectRequests() Or plan.getAccountRequests()
for(ProvisioningPlan.ObjectRequest request : requestList) {
if(ProvisioningPlan.ObjectOperation.Create.equals(request.getOp()) && "group".request.getType())
// do you code here
}
I gave example of groups but you can do same for account too.
Also, in refresh what options you checked ?