Sailpoint ISC after prov rule

Badebaji · August 13, 2025, 5:19pm

Hi Team,

I am new to SailPoint ISC.

where do we configure after provisioning rule on AD source source to trigger a PowerShell script on IQ server when AD object is created in ISC?

smukhija · August 13, 2025, 5:33pm

Welcome to Sailpoint ISC!! you need to use the following APIs:

Create a Rule: First, you need to create a rule using the Rule API. The rule should be of type “ConnectorAfterCreate” for an after provisioning scenario.
create-connector-rule | SailPoint Developer Community
Configure the Source: After creating the rule, you need to update the Active Directory source configuration to include the newly created rule. This is done by adding the rule name to the “nativeRules” attribute under the Attributes map of the source.

The exact API endpoints and methods would be: PATCH /v3/sources/{sourceId} - To update the source configuration with the new rule When creating the rule, ensure that you set the following attributes:

“language” should be set to “beanshell”
“name” should follow the format “SourceName AfterCreate”
“type” should be set to “ConnectorAfterCreate”

The Source of the rule should contain your PowerShell script that will be executed on the IQService server.

Remember to properly configure Transport Layer Security (TLS) along with client authentication to secure the communication channels involving IQService before implementing these scripts.

suresh4iam · August 13, 2025, 8:55pm

Hi @Badebaji Below are the details on connector rule by assuming you already have the successful IQServices setup.

To understand the Connector Rule, refer the following link Connector executed Rules | SailPoint Developer Community
To create the various AD connector rule(s) and to understand on how it calls the PS scripts, you can refer Before and after operations on source account Rule | SailPoint Developer Community
To Attach a connector rule to a source, refer the following link Connector executed Rules | SailPoint Developer Community . You can also attach the rule in UI by navigating to Admin > Sources > Select a Source > Source Setup > Additional Settings. Enter the connector rule name in the text field under “Native Rules“ section and press enter to attach it and click on save at the bottom.

On your scenario, basically it is going to be 2 step process.

Develop and create a AfterCreate connector rule, refer #2 above
Attach it to a AD source, Refer #3 above

Badebaji · August 20, 2025, 12:22pm

Thanks, team, for the updates

system · October 19, 2025, 12:23pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Execute Powershell Script after creating AD Account ISC Discussion and Questions rules , identity-security-cloud , provisioning , access-requests	2	272	March 11, 2025
Aftercreate Rule and Powershell script to generate password and send email to user's manager ISC Discussion and Questions rules , identity-security-cloud , provisioning , connectors	5	415	March 15, 2025
Unable to trigger the Power shell script using Custom connector Rule (AfterCreate Rule) ISC Discussion and Questions rules , identity-security-cloud	8	131	August 16, 2025
Aftercreate/Aftermodify script/Rules is not triggering ISC Discussion and Questions rules , identity-security-cloud	2	48	December 9, 2025
AfterCreate Rule - how to upload using API ISC Discussion and Questions rules , identity-security-cloud , provisioning	4	198	January 24, 2025

Sailpoint ISC after prov rule

Related topics