Qodex.ai

Create Provisioning Policy

POST {{baseUrl}}/sources/:sourceId/provisioning-policies

This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types. Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to Transforms in Provisioning Policies for more information. A token with ORG_ADMIN authority is required to call this API.

Request Body

{"name"=>"Account", "description"=>"Account Provisioning Policy", "usageType"=>"CREATE", "fields"=>[{"name"=>"displayName", "transform"=>{"type"=>"identityAttribute", "attributes"=>{"name"=>"displayName"}}, "isRequired"=>false, "type"=>"string", "isMultiValued"=>false}, {"name"=>"distinguishedName", "transform"=>{"type"=>"usernameGenerator", "attributes"=>{"sourceCheck"=>true, "patterns"=>["CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com", "CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com", "CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com", "CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"], "fn"=>{"type"=>"identityAttribute", "attributes"=>{"name"=>"firstname"}}, "ln"=>{"type"=>"identityAttribute", "attributes"=>{"name"=>"lastname"}}, "fi"=>{"type"=>"substring", "attributes"=>{"input"=>{"type"=>"identityAttribute", "attributes"=>{"name"=>"firstname"}}, "begin"=>0, "end"=>1}}, "fti"=>{"type"=>"substring", "attributes"=>{"input"=>{"type"=>"identityAttribute", "attributes"=>{"name"=>"firstname"}}, "begin"=>0, "end"=>2}}}}, "attributes"=>{"cloudMaxUniqueChecks"=>"5", "cloudMaxSize"=>"100", "cloudRequired"=>"true"}, "isRequired"=>false, "type"=>"", "isMultiValued"=>false}, {"name"=>"description", "transform"=>{"type"=>"static", "attributes"=>{"value"=>""}}, "isRequired"=>false, "type"=>"string", "isMultiValued"=>false}]}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
Acceptstring

RESPONSES

status: Created

{"name":"example provisioning policy for inactive identities","description":"this provisioning policy creates access based on an identity going inactive","usageType":"CREATE","fields":[{"name":"userName","transform":{"type":"rule","attributes":{"name":"Create Unique LDAP Attribute"}},"attributes":{"template":"${firstname}.${lastname}${uniqueCounter}","cloudMaxUniqueChecks":"50","cloudMaxSize":"20","cloudRequired":"true"},"isRequired":false,"type":"string","isMultiValued":false},{"name":"userName","transform":{"type":"rule","attributes":{"name":"Create Unique LDAP Attribute"}},"attributes":{"template":"${firstname}.${lastname}${uniqueCounter}","cloudMaxUniqueChecks":"50","cloudMaxSize":"20","cloudRequired":"true"},"isRequired":false,"type":"string","isMultiValued":false}]}