Azure PIM Integration with ISC

Hi, I have to integrate Azure PIM with ISC. I went through connector document for Azure AD connector. It is mentioned in the document that:
“There is no requirement of addition/removal of the existing Create Profile (Provisioning Policy). However, while assigning/removing Azure /Microsoft Entra ID Eligible/Active Role assignment, additional request details can be provided through additional attributes such as the following: duration, startDateTime, endDateTime and justification”.

I wanted to know where do i need to add these attributes? (In existing create policy or create a new policy)
And, is it possible to provide different values for these attributes during each request?

Thanks!

Hi @praveen_singh,

The additional attributes (duration, startDateTime, endDateTime and justification) can be added to the Create Account Policy under your source in Accounts > Create Account.
Ensure these attributes also exist in your source account schema.

image1831×566 36.3 KB

To do so, use the update-provisioning-policy | SailPoint Developer Community API to update the specific policy type (in this case, it is CREATE).

Yes, you can use the Apache Velocity Template syntax to allocate dynamic values. The expression can vary from an if-else conditional to value references from Identity attributes.

Hope this helps!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.