IDN: Provisioning Policies

mdraheim · November 30, 2023, 7:53pm

Hello, all. I have a question on which provisioning policy usageType correlates to the removal of an entitlement. I have reviewed the documentation here create-provisioning-policy | SailPoint Developer Community which lists out the usageType options, but I am having a hard time discerning which usageType is utilized when an entitlement is removed.

As context for my question, I am working to integrate an application that was built in-house as a web services connector, and I need to pass along the user’s manager’s email when deprovisioning an entitlement so that some logic inside the application can run as expected.

I have tried several usageTypes and cannot seem to land on the right one. An example of the provisioning policy I am using:

{
    "name": "Update",
    "description": null,
    "usageType": "UPDATE",
    "fields": [
        {
            "name": "userName",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "email"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "managerEmail",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "managerEmail"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        }
    ]
}

Hopefully this one isn’t too difficult! Appreciate any insight.

sharvari · December 1, 2023, 6:18am

Here’s a list of all possible values for usageTypes:

Usage Types: [CREATE, UPDATE, ENABLE, DISABLE, DELETE, ASSIGN, UNASSIGN, CREATE_GROUP, UPDATE_GROUP, DELETE_GROUP, REGISTER, CREATE_IDENTITY, UPDATE_IDENTITY, EDIT_GROUP, UNLOCK, CHANGE_PASSWORD]

mdraheim · December 1, 2023, 7:19pm

Thanks Sharvari. I appreciate your response. I did see that on the documentation page I linked. What I do not know - and can’t figure out from the documentation - is which usage type is used when an entitlement is added or an entitlement is removed.

sharvari · December 4, 2023, 6:39am

If you’re looking for usageType used when a group is added/removed to/from a user, it would be UPDATE.

system · February 2, 2024, 6:39am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Combination of Two Entitlement Attribute Provisioning - Webservice Connector ISC Discussion and Questions webservice-connector , identity-security-cloud , provisioning , entitlements	4	679	July 19, 2023
Provisioning Policies IIQ Discussion and Questions aggregation , identityiq , provisioning	4	845	December 25, 2023
IDN - Question about Provisioning Policies for Active Directory Connector ISC Discussion and Questions	5	2230	July 19, 2023
Blank Attribute in Provisioning Policy ISC Discussion and Questions identity-security-cloud , provisioning	3	326	December 31, 2023
Provisioning Policy Role to add a AD group and remove another IIQ Discussion and Questions rules , identityiq , provisioning	11	261	December 22, 2024

IDN: Provisioning Policies

Related topics