Before Provisioning Rule Application Object

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

I am looking to perform some validation on the application associated with a before provisioning rule in real time.

I believe the application object passed into the rule contains the credentials for the application, but looking at another forum post, it appears they need to be decrypted using the context object.

Are they encrypted in a before provisioning rule, and if so, is that context instance available?

Thanks

2

I am not sure what exactly are you trying to achieve here, but just FYI

  1. You are not supposed to make any API call from cloud rules
  2. Use of context object has been discontiued by SailPoint, meaning you cannot use context object in any of the cloud rules you are going to submit in the future

Here is a quick read on cloud rule guidelines:

3

HI @iamnithesh
I received confirmation from support that source credentials are not encrypted.

With respect to api calls, we need to ensure that username generation performed in a before provisioning rule is known to be valid (as best as SailPoint can accommodate) by checking multiple external integrations.

Other platforms offer the concept of reservations and connector initiated verifications, since ISC does not support the later in any but LDAP based connectors, we don’t have much choice.

The alternative is to guess oir assume and hope for the best, which is not optimal.