Creating Profile / Provisioning Policy

Prerequisite: The Provisioning feature must have already been turned on and set up for your organization.

When SailPoint provisions new accounts to an AWS direct connect source, it uses the attributes on the Create Profile page as instructions or a template for what to include in the account. This page is also referred to as the provisioning policy.

Important
This page describes the configuration of the default Create Profile, however, SailPoint recommends that you work with Services to define a Create Profile specific to your company's needs.

The following generators create required information for a new AWS account. You may need to edit the contents.

Account Attribute	Generator	Description
UserName	Identity Attribute	The user name as taken from the SailPoint user name.
password	Create Password	This generator creates an initial password for the new AWS account that matches the password policy assigned to the associated AWS source.
AccountId	Disabled	The Account ID or ARN of the AWS Account under which the IAM user is to be created. Note By default, this attribute is 'Disabled', you can set it as per your requirement. For example, you can set it to 'Static' and provide the AWS Account ID or ARN in which you want to create an IAM user.
AccessKey	Static	The Access key associated with a user.
PasswordResetRequired	Static	Indication for user to create a new password. Note Users automatically get the IAMUserChangePassword policy to allow them to change their own password.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Creating Profile / Provisioning Policy

Documentation Feedback