How to deploy and test before provisioning and after provisioning rule in identityNow

Hi Team,

I’ve written before provisioning rule to move the user to different OU and remove groups as needed. I’ve some use case to write after provisioning rule. Is these rules can be tested locally, before we sending it to Sailpoint for review, how we can test these rules?

Welcome to the community @seemarani1 ,

You cannot test connector rules locally. You have to upload the rule to your connector in IDN and then use the log files on the VA to debug. If you populate your connector rule with log statements, they will appear in the VA log files. Please see What is the correct way of debugging connector rules for more information about debugging connector rules.

1 Like

Hi Colin,

Piggbacking off @seemarani1’s post which is focused on after provisioning rule. I believe Before Provisioning rules are cloud rules and not connector rules. How can we test those prior to submitting them for the cloud review process since they aren’t connector rules? Are there general templates for a cloud rule related to moving an account to a different OU or being able to update the provisioning plan to delete an AD account?

If I look at matt_totty’s post on https://community.sailpoint.com/t5/IdentityNow-Forum/Remove-AD-Groups-Upon-Account-Termination-Through-IDN/td-p/189606 he shared how to remove groups. It almost looks like if I were to use the IIQ JavaDocs I could use that for writing my rules and potentially testing it there.

Thanks!

Yes, you are correct @pmartinezclango. I mistook @seemarani1’s question for connector rules, but yes, provisioning rules are cloud based.

I spoke to professional services, and they said that it’s best to engage them for provisioning rules, especially if it is complex. They mentioned ways to test using IIQ, but that can get complicated.

1 Like

Thanks for getting back to me @colin_mckibben and for checking with PS on what they’d recommend.

@colin_mckibben We just wanted to avoid back and forth with Sailpoint, so it would be best if we have some option at our end to test as well and send it to for deployment

1 Like

@colin_mckibben can you please elaborate on testing IDN rules using IIQ?

1 Like

I’ve actually have tested some Rules on local IIQ, but as Sailpoint states, if it works on IIQ it does not means will work on IDN.

Especyally with the new IDNRuleUtil that it’s not available on IIQ.