Workflow :
import sailpoint.object.Identity;
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
log.error("=== [Joiner Workflow] Entered 'Create Provisioning Plan' step ===");
Identity identity = context.getObjectByName(Identity.class, identityName);
log.error("Triggering policy-based provisioning for: " + identityName);
String department = identity.getAttribute("department");
String empType = identity.getAttribute("employeetype");
// Initialize empty plan
ProvisioningPlan plan = new ProvisioningPlan();
plan.setIdentity(identity);
// Log the plan before adding AccountRequest
log.error("Plan BEFORE adding AccountRequest: " + plan.toXml());
// Create and configure AccountRequest
AccountRequest accReq = new AccountRequest();
accReq.setApplication("Active_Directory");
accReq.setOperation(AccountRequest.Operation.Create);
String cn = identity.getDisplayName();
String department = identity.getAttribute("department");
String empty = identity.getAttribute("employeetype");
String dn = "CN=" + cn + ",OU="+empty+",OU=" + department + ",DC=AK,DC=local";
log.error("Generated DN for Native Identity: " + dn);
accReq.setNativeIdentity(dn);
log.error("Using native identity: " + dn);
// Add AccountRequest to plan
plan.add(accReq);
// Return the plan to next step
return plan;
log.error("Plan AFTER adding AccountRequest: " + plan.toXml());
[xml version.docx|attachment](upload://358zwasY1MtSXj5uD2sSTPURv5a.docx) (23.5 KB)
Provisioning policy AD :
<ProvisioningForms>
<Form name="Account" objectType="account" type="Create">
<Attributes>
<Map>
<entry key="pageTitle" value="Account"/>
</Map>
</Attributes>
<Section label="Account" name="Account">
<Field displayName="Object Type" name="objectType" type="string" value="User"/>
<Field displayName="Distinguished Name" name="distinguishedName" required="true" type="string">
<RuleRef>
<Reference class="sailpoint.object.Rule" id="c0a8380197f31cc88197f7f7ef2f2de3" name="Distinguished Name"/>
</RuleRef>
</Field>
</Section>
<Section label="User Details" name="User Details">
<Field displayName="SAM Account Name" name="sAMAccountName" required="true" type="string">
<RuleRef>
<Reference class="sailpoint.object.Rule" id="c0a8380197b61f858197bd217eb10fb4" name="genrate samaccount"/>
</RuleRef>
</Field>
<Field displayName="Password" name="password" type="secret">
<Script>
<Source>
return "Welcome@123"; // Must meet AD complexity
</Source>
</Script>
</Field>
<Field displayName="Account Control" name="userAccountControl" required="true" type="string">
<Script>
<Source>
return "512"; </Source>
</Script>
</Field>
</Section>
<Section label="General" name="General">
<Field displayName="Given Name" name="givenName" required="true" type="string">
<Script>
<Source>
return identity.getAttribute("firstname");
</Source>
</Script>
</Field>
<Field displayName="Surname" name="sn" required="true" type="string">
<Script>
<Source>
return identity.getAttribute("lastname");
</Source>
</Script>
</Field>
<Field displayName="Display Name" name="displayName" required="true" type="string">
<Script>
<Source>
return identity.getAttribute("firstname") + " " + identity.getAttribute("lastname");
</Source>
</Script>
</Field>
<Field displayName="Mail" name="mail" required="true" type="string">
<Script>
<Source>
return identity.getAttribute("firstname") + "." + identity.getAttribute("lastname") + "@rnstechnology.com";
</Source>
</Script>
</Field>
<Field displayName="User Principal Name" name="userPrincipalName" required="true" type="string">
<Script>
<Source>
return identity.getAttribute("firstname") + "." + identity.getAttribute("lastname") + "@AK.local";
</Source>
</Script>
</Field>
<Field displayName="Department" name="department" required="true" type="string">
<Script>
<Source>return identity.getAttribute("department");</Source>
</Script>
</Field>
<Field displayName="Description" name="description" required="true" type="string">
<Script>
<Source>return identity.getAttribute("employeetype");</Source>
</Script>
</Field>
</Section>
</Form>
</ProvisioningForms>