Use an xml provisioning plan to add the same role to different identities

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

I am trying to use an xml provisioning plan like the one in the following example (launch-workflow | SailPoint Developer Community) to add the same role to different users. I am not able to understand how to structure the xml. Is there any documentation that can explain the AccountRequest Attributes Map Key-pairs, and the AttributeRequest?

Hi Ivan,
I would suggest to start with JavaDoc for this objects - I mean ProvisioningPlan, AccountRequest and AttributeRequest - this should already give you good insights how this objects are built. Then in the whitepaper about birthright provisioning - you will find example of Beanshell rule how to create provisioning plan from scratch
https://community.sailpoint.com/t5/Technical-White-Papers/Birthright-provisioning-pdf/ta-p/72041

finally - there’s whole whitepaper about provisioning which also might be usefull for you

Hello Kamil

thank you for your help. I had already read the documentation in the following link ( Provisioning (sailpoint.com)) that i think it’s the same as the one you provided me. Nevertheless i couldn’t find anything realted to the elements i am trying to understand from the xml file to POST to the https:///identityiq/scim/v2/LaunchedWorkflows.
I also tried to read the LaunchedWorkflows but also from that it’s unclear.

This is the XML i am trying to send to the endpoint:

 {
    "schemas": [
        "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow",
        "urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult"
      ],
      "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow": {
        "workflowName": "LCM Provisioning",
        "input": [
            {
              "key": "plan",
              "value": "<ProvisioningPlan>
                <AccountRequest application=\"IIQ\" op=\"Modify\" targetIntegration=\"IIQ\">
                <Attributes>
                <Map>
                <entry key=\"attachmentConfigList\"/>
                <entry key=\"attachments\"/>
                <entry key=\"flow\" value=\"AccessRequest\"/>
                <entry key=\"id\" value=\"<ROLE_ID>\"/>
                <entry key=\"interface\" value=\"LCM\"/>
                <entry key=\"operation\" value=\"RoleAdd\"/>
                </Map>
                </Attributes>
                <AttributeRequest assignmentId=\"<DO-NOT-KNOW-WHATS-THIS-IS-FOR>\" name=\"assignedRoles\" op=\"Add\" value=\"<NAME-OF-THE-ROLE>\"/>
                </AccountRequest>
                <Attributes>
                <Map>
                <entry key=\"identityRequestId\" value=\"0000000001\"/>
                <entry key=\"requester\" value=\"<ACCOUNT_NAME_THAT_MAKES_REQUEST>\"/>
                <entry key=\"source\" value=\"LCM\"/>
                </Map>
                </Attributes>
                <Requesters>
                <Reference class=\"sailpoint.object.Identity\" id=\"<ACCOUNT_ID_THAT_MAKES_REQUEST>\" name=\"ACCOUNT_NAME_THAT_MAKES_REQUEST\"/>
                </Requesters>
                </ProvisioningPlan>",
              "type": "application/xml"
            }
        ]
    }    
}

This is from the example link i posted in the question.

the response i get from the endpoint is “Missing required variable: identityName”, but nowhere i can find in the documentation where and how to define that in the xml file.
At the beginning I thought it was the assignmentId of the Attributes.
Is there any docuementation specific on how to preapare these XML?
Sorry i am new to SailPoint.

you are missing one of the mandatory key value pair . Check below sample
“key”: “identityName”,
“value”: “david.fox”

{
     "schemas": [
     "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow",
     "urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult"
     ],
     "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow": {
           "workflowName": "LCM Provisioning",
           "input": [
                {
                     "key": "plan",
                     "value": "<ProvisioningPlan nativeIdentity=\"david.fox\" targetIntegration=\"Active Directory\"><AccountRequest application=\"Active Directory\" nativeIdentity=\"CN=david.fox,OU=Demo,DC=test,DC=demo,DC=com\" op=\"Create\"><Attributes><Map><entry key=\"flow\" value=\"AccountsRequest\"/><entry key=\"interface\" value=\"LCM\"/><entry key=\"operation\" value=\"Create\"/><entry key=\"requester\" value=\"tedd.tyler\"/></Map></Attributes></AccountRequest><Attributes><Map><entry key=\"requester\" value=\"tedd.tyler\"/><entry key=\"source\" value=\"LCM\"/></Map></Attributes><Requesters><Reference class=\"sailpoint.object.Identity\" name=\"tedd.tyler\"/></Requesters></ProvisioningPlan>",
                     "type": "application\/xml"
                },
                {
                     "key": "identityName",
                     "value": "david.fox"
                }
           ]
     }
}