IDN - Question about Provisioning Policies for Active Directory Connector

Hey sailors,

I make updates to my Active Directory source create profile through the API by publishing updates to the CREATE provisioning policy. However, for custom transforms within the Create Profile, the attribute that has a custom transform and is not directly connected to an Identity Attribute cannot be configured for Account Sync; This results in the Account Attribute not updating when the Identity Attributes involve change.

I see in the API documentation for provisioning policies that there are multiple usageTypes:

Is there any documentation available for what each of these usageTypes do? Also, is one of these usageTypes equivalent to the “Account Sync” function, where I can calculate values based on the account being updated? This would be very valuable.

Thanks :slight_smile:

Hi @brennenscott ,
As of now, only CREATE works.
I think the only way is to add an identity attribute on the profile so you can sync it.
Therefore, you can use the same identity attribute for the provisioning policy and the synchronization.

@colin_mckibben, I have a similar question as Brennen related to documentation of the different usageType options. Is CREATE the only usageType implemented in IDNow?


The only option you have here is have identity attribute transform(use your complex transform here from create profile) and provide this identity attribute in both create profile and also on attribute sync config.

Do note you just want to sync and not pass attribute on create , you can remove the attribute from create profile after you have configured it for sync and it’s possible but not the ideal thing to do.

Currently you can use CREATE, ENABLE and DISABLE.