Open in app

Sign in

Write

Sign in

Writing a custom Provisioning Plan in Java

Amit Kumar Gupta
3 min readJan 25, 2023

--

In this article, we are going to discuss How you can write your own custom provisioning plan in Java. Before you continue, make sure you read our last blog about Deconstructing a Provisioning Plan in Sailpoint.

So let’s start.

Consider a scenario — You want to write up a plan for Provisioning a new user account to Active Directory.

Here in the above requirement, we need to notice a couple of important information

  1. Native Identity of the user — The user on which we perform the provisioning operation.
  2. Native Identifier for the Account — How we can distinguish/identify the user account in the target system. For LDAP Servers — We generally use DN(distinguished Name) as a unique Identifier.
  3. Application — On which target system the user needs to be provisioned, in our case, it’s Active Directory.
  4. Operation — What Operation needs to be performed? Here it is Create Account.
  5. Supporting Attributes — In order to create a user Account in Active Directory we need to pass a couple of mandatory attributes like — sn, givenName, mail, password, userPrincipalName, sAMAccountName, etc.

Writing up the code — Step by Step

Provisioning plan [high-Level design]
Provisioning plan [high-Level design] posted by Identityclasses on Sailpoint Training for beginner

1. Import the mandatory packages in our Java class

import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.Identity;

Here ProvisioningPlan Class is used to maintain a complex provisioning request involving several applications.
ProvisioningPlan.AccountRequest Class represents a request for one application account.
ProvisioningPlan.AttributeRequest Class represents an operation on a single account attribute.
Identity Class is the core class representing the Identity Cube.

2. Create a new empty plan Object and a list to hold the Account requests.

import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.Identity;
ProvisioningPlan plan = new ProvisioningPlan(); 
ArrayList accountrequests=new ArrayList();

3. Create a new AccountRequest and set Operation, Target App and Native Identifier for the Account

import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.Identity;
ProvisioningPlan plan = new ProvisioningPlan(); 
ArrayList accountrequests=new ArrayList();
AccountRequest adAccount=new AccountRequest();
adAccount.setApplication("Active Directory");
adAccount.setOperation(ProvisioningPlan.AccountRequest.Operation.Create);
adAccount.setNativeIdentity("cn=1c,OU=activeUsers,OU=people,DC=acme,DC=local");

So far we have imported all the mandatory packages, created an empty plan, created an ArrayList which will hold the list of Account Requests, created an AccountRequest Object, and set the Target Application, Operation & Native Identifier for the Account.

4. Next, we will create a couple of AttributeRequest Objects where we will set the mandatory attributes which are required for Creating the account.

import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.Identity;
ProvisioningPlan plan = new ProvisioningPlan(); 
ArrayList accountrequests=new ArrayList();
AccountRequest adAccount=new AccountRequest();
adAccount.setApplication("Active Directory");
adAccount.setOperation(ProvisioningPlan.AccountRequest.Operation.Create);
adAccount.setNativeIdentity("cn=1c,OU=activeUsers,OU=people,DC=acme,DC=local");
AttributeRequest objType=new AttributeRequest("objectType",ProvisioningPlan.Operation.Set,"User");
AttributeRequest givenName=new AttributeRequest("givenName",ProvisioningPlan.Operation.Set,"Aaron");
AttributeRequest lastName=new AttributeRequest("sn",ProvisioningPlan.Operation.Set,"Nichols");
AttributeRequest samAccountName=new AttributeRequest("sAMAccountName",ProvisioningPlan.Operation.Set,"1c");
AttributeRequest password=new AttributeRequest("password",ProvisioningPlan.Operation.Set,"Oracle123");
AttributeRequest email=new AttributeRequest("mail",ProvisioningPlan.Operation.Set,"Aaron.Nichols@demoexample.com");

5. It’s time to link the attributes to AccountRequest Object, so that system can understand these attributes belongs to this account.

import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.Identity;
ProvisioningPlan plan = new ProvisioningPlan(); 
ArrayList accountrequests=new ArrayList();
AccountRequest adAccount=new AccountRequest();
adAccount.setApplication("Active Directory");
adAccount.setOperation(ProvisioningPlan.AccountRequest.Operation.Create);
adAccount.setNativeIdentity("cn=1c,OU=activeUsers,OU=people,DC=acme,DC=local");
AttributeRequest objType=new AttributeRequest("objectType",ProvisioningPlan.Operation.Set,"User");
AttributeRequest givenName=new AttributeRequest("givenName",ProvisioningPlan.Operation.Set,"Aaron");
AttributeRequest lastName=new AttributeRequest("sn",ProvisioningPlan.Operation.Set,"Nichols");
AttributeRequest samAccountName=new AttributeRequest("sAMAccountName",ProvisioningPlan.Operation.Set,"1c");
AttributeRequest password=new AttributeRequest("password",ProvisioningPlan.Operation.Set,"Oracle123");
AttributeRequest email=new AttributeRequest("mail",ProvisioningPlan.Operation.Set,"Aaron.Nichols@demoexample.com");
adAccount.add(objType);
adAccount.add(givenName);
adAccount.add(lastName);
adAccount.add(samAccountName);
adAccount.add(password);
adAccount.add(email);

6. At last, we need to add the AccountRequest Object to the List and attach the AccountRequest list to the plan.

import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.Identity;
ProvisioningPlan plan = new ProvisioningPlan(); // Create a new empty plan object
ArrayList accountrequests=new ArrayList(); // Create a List to hold account requests
AccountRequest adAccount=new AccountRequest(); // Create a new account request Object
adAccount.setApplication("Active Directory"); // Set target app to Active Directory
adAccount.setOperation(ProvisioningPlan.AccountRequest.Operation.Create); // Set operation to Create
adAccount.setNativeIdentity("cn=1c,OU=activeUsers,OU=people,DC=acme,DC=local"); // Set native Identifier for the account
AttributeRequest objType=new AttributeRequest("objectType",ProvisioningPlan.Operation.Set,"User"); // Create an Attribute Request Object for a single Attribute with Operation
AttributeRequest givenName=new AttributeRequest("givenName",ProvisioningPlan.Operation.Set,"Aaron");
AttributeRequest lastName=new AttributeRequest("sn",ProvisioningPlan.Operation.Set,"Nichols");
AttributeRequest samAccountName=new AttributeRequest("sAMAccountName",ProvisioningPlan.Operation.Set,"1c");
AttributeRequest password=new AttributeRequest("password",ProvisioningPlan.Operation.Set,"Oracle123");
AttributeRequest email=new AttributeRequest("mail",ProvisioningPlan.Operation.Set,"Aaron.Nichols@demoexample.com");
adAccount.add(objType); // Add Attribute Request to Account Request
adAccount.add(givenName);
adAccount.add(lastName);
adAccount.add(samAccountName);
adAccount.add(password);
adAccount.add(email);
accountrequests.add(adAccount); // Add Account request to List
plan.setAccountRequests(accountrequests); // Add list of Account Request to plan
plan.setNativeIdentity(“1c”); // Set native Identity of the plan

This is How we write up a custom provisioning plan in Java. Watch out for the below video for more clarification.

If you are serious about learning Sailpoint IIQ? Don’t know where to start. Then we are here to help you learn Identity and access management.
For the Sailpoint demo videos, Kindly visit the link -https://www.identityclasses.com/courses/sailpoint-iiq-demos/
Feel free to ping us if you need any information from our end. You may call us or Whatsapp us at +917029522558

Sailpoint
Sailpoint Identityiq
Sailpoint Certification
Sailpoint Training
Provisioning Plan

--

--

Amit Kumar Gupta

Written by Amit Kumar Gupta

24 Followers

🎖️ Founder of identityclasses | 👨‍💻 IAM Expert — Saviynt, SailPoint, OKTA, OIM, OIG, OUD | Professional Trainer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams