Guest Account Creation in Azure AD

DharshiniB · December 4, 2024, 3:29pm

Which IIQ version are you inquiring about?

IdentityIQ 8.2

Share all details about your problem, including any error messages you may have received.

Hi All,

I am trying to create guest account from Sailpoint to Azure AD, Im trying with the below plan , is there anything needs to be added or changed?

ProvisioningPlan plan = new ProvisioningPlan();
plan.setTargetIntegration(“Azure AD”);

String azureApp = “Azure AD”;

// Prepare the account request for the guest user
ProvisioningPlan.AccountRequest aR = new ProvisioningPlan.AccountRequest();
aR.setApplication(azureApp);
aR.setOp(ProvisioningPlan.ObjectOperation.Create);

aR.add(new ProvisioningPlan.AttributeRequest(“accountType”, ProvisioningPlan.Operation.Set,“Guest”));
aR.add(new ProvisioningPlan.AttributeRequest(“invitedUserEmailAddress”, ProvisioningPlan.Operation.Set,"guestuser@example.com"));
aR.add(new ProvisioningPlan.AttributeRequest(“inviteRedirectUrl”, ProvisioningPlan.Operation.Set,“https://myapp.example.com”));
aR.add(new ProvisioningPlan.AttributeRequest(“sendInvitationMessage”, ProvisioningPlan.Operation.Set,true));
aR.add(new ProvisioningPlan.AttributeRequest(“invitedUserDisplayName”, ProvisioningPlan.Operation.Set,“Dharshini Guest”));

log.error(“After Attribute Requests”);
plan.add(aR);

// Execute the provisioning plan
try {
Provisioner provisioner = new Provisioner(context);
provisioner.execute(plan);
log.info(“Guest user provisioning completed successfully.”);
} catch (GeneralException e) {
log.error("Error during guest user provisioning: " + e.getMessage(), e);
}

enistri_devo · December 4, 2024, 3:48pm

Hi @DharshiniB,

what happens if you do the plan? do you have any error?

DharshiniB · December 4, 2024, 4:43pm

Hi @enistri_devo ,
I was getting error “Error due to Missing identity”. i was testing in rule.

enistri_devo · December 4, 2024, 5:35pm

You must set the identity on the plan and the native identity on account request

plan.setIdentity(identityName) → he identity you want to create the new account in
aR.setNativeIdentity(accountName) → the unique name of account that you are creating

atmann · December 4, 2024, 7:31pm

Your plan to create a guest account from SailPoint to Azure AD looks solid overall. Your approach is generally correct. Primarily ensure that you’re handling Azure AD attributes properly, checking permissions, and including some additional error handling/logging. Make sure to test thoroughly, especially around invitation sending and any required Azure AD attributes.

system · February 2, 2025, 7:31pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Azure AD Connector Error IIQ Discussion and Questions identityiq , provisioning	7	81	May 6, 2025
Permission Issue on Azure IIQ Discussion and Questions identityiq , provisioning	8	68	April 19, 2025
AzureAD Provisioning IIQ Discussion and Questions identityiq , provisioning	3	51	May 11, 2025
Azure AD Provisioning ISC Discussion and Questions	2	2480	July 19, 2023
Provisioning Active directory account (Account Creation) using a rule IIQ Discussion and Questions rules , identityiq , provisioning	6	2494	December 22, 2023

Guest Account Creation in Azure AD

Which IIQ version are you inquiring about?

Share all details about your problem, including any error messages you may have received.

Related topics