Deconstructing a Provisioning Plan in SailPoint
In this article, we will see all the information present inside a provisioning plan. Before we start, make sure you have read our last article about what is Provisioning Plan in Sailpoint.
So let’s begin.
At a high level, the provisioning plan contains two things -
- Identity
- List of Account Requests
Here Identity is the subject on which all the operations will be performed.
In addition, A provisioning plan further contains a list of Account requests.
AccountRequest Object in Sailpoint
The account request object contains fundamental information required for provisioning Operations.
In simple words, it answers — On which application what operation needs to be performed. To support the operation, If any data is required then it needs to be passed using AttributeRequest Object.
As you can see in the above picture, AccountRequest Object Primarily contains —
- Native Identifier of the account
- Operation — Here AccountRequest Obj also contains the operation that needs to be performed. It can be Create Account, Modify Account, Lock Account, and so on.
- AttributeRequest Objects — Depending upon the operation type, some additional information may be required. For example — If we want to create a user in Active Directory, We need to pass userPrincipalName, sAMAccountName, givenName, sn, mail, and other mandatory attributes. All these data need to be passed using AttributeRequest Objects.
AttributeRequest Object in SailPoint
An AttributeRequest contains an operation and a name/value pair.
Let’s say you wanted to create a user account in Active Directory, as mentioned above we need to pass the mandatory attribute in order to create the account. These attributes will be passed using AttributeRequest Object.
<AttributeRequest name="objectType" op="Set" value="User"/>
<AttributeRequest name="sAMAccountName" op="Set" value="1c"/>
<AttributeRequest name="password" op="Set" value="Oracle@123">Watch out for the below video for more clarification.
