I’m hoping someone can point me in the right direction and tell me if Rapid Setup Joiner is appropriate for what I’m trying to do, or if I should be taking a different approach. Here are my very high level joiner requirements:
Joiner will trigger when a new user is added to the authoritative source and aggregated into SailPoint.
The identity should be set inactive at this point.
A work item is assigned to the manager for them to provide a little more information.
Once the manager completes and submits (approves) the work item:
A disabled account is created in Active Directory
An active account is created in ServieNow
An approval work item is created for our security team for them to review and approve
Once the security team approves the work item
The active directory account is enabled
User’s initial AD password is set
SailPoint identity is set to inactive false
Is this something I can accomplish with Rapid Setup Joiner? Or should I be looking at the LCM Joiner workflows? The Rapid Setup documentation is very light and is really no help at all even with the basic configuration so I’m struggling here in figuring out if I’m even heading in the right direction, or if I should shift gears to a new approach.
We cannot achieve your requirement using Rapid Setup. We recommend implementing a Custom Lifecycle Event (LCM Joiner Workflow), as it provides significantly more flexibility to accommodate your business requirements and future customizations.
Please refer to the comparison below:
Requirement
Rapid Setup
LCM Joiner Workflow
Trigger on new identity aggregation
✓
✓
Set identity inactive on creation
Limited
✓
Manager work item with custom form
✗
✓ Approval step with custom form
Create disabled AD account on manager approval
✗
✓ Provisioning plan with disabled flag
Multi-target provisioning (AD + ServiceNow)
✗
✓
Chained security team approval (Stage 2)
✗
✓
Enable AD account post-approval
✗
✓ Post-approval provisioning step
Set initial AD password
✗
✓ Using setPassword / passwordExpiration attributes
Set inactive = false on identity after approval
✗
✓ Identity update step
Custom business logic and workflow extensions
Limited
✓ Fully customizable
Based on the above comparison, the Custom Lifecycle Event (LCM Workflow) is the recommended approach because it supports the complete end-to-end process, including approvals, custom forms, staged provisioning, account enablement, password initialization, and identity status updates.
@karen_delucia
I am wondering why do you still need 2 different level of review/approvals for a new joiner to have accounts created?
If User has been onboarded legally in Authoritative source that means manager approved the hiring. HR complete background checks and hired the person.
Why would you want to have manual work items created for review/approvals?
Thank you for this comparison! This is very helpful! I feel better having a direction I know will work even if it takes me some time to figure it all out