Create Profile / Provisioning Policy

When Identity Security Cloud provisions new accounts to an AIX source, it uses the attributes on the Create Profile page as instructions or a template for what to include in the account. This page is also referred to as the provisioning policy.

Important
This page describes the configuration of the default Create Profile. However, SailPoint recommends that you work with Services to define a Create Profile specific to your company's needs.

Account Attributes

Generator

Description

 

username

Create Unique Account ID

This generator uses the value in the Pattern Used field to generate a unique user name for the new account.

password

Create Password

This generator creates an initial password for the new account that matches the password policy assigned to the associated AIX source in Identity Security Cloud.

id

Disable

The identity of the user

pgrp

Disable

The primary group of the user

home

Disable

The home directory of the user

shell

Disable

The default shell of the user

gecos

Disable

The General Electric Comprehensive Operating System (GECOS) information for the user. The user's name, phone numbers, and other generic personal information are stored here.

login

Disable

Indicates whether the user can log in to the system with the login command. Possible values are:

  • true (default) – The user can log in to the system.

  • false – The user cannot log in to the system.
rlogin Disable

Permits access to the account from a remote location with the telnet or rlogin commands. Possible values are:

  • true (default) – The user account can be accessed remotely.

  • false – The user account cannot be accessed remotely.

su

Disable

Indicates whether another user can switch to the specified user account with the su command. Possible values are:

  • true (default) – Another user can switch to the specified account.

  • false – Another user cannot switch to the specified account.

admin

Disable

Defines the administrative status of the user. Possible values are:

  • true – The user is an administrator. Only the root user can change the attributes of users defined as administrators.

  • false (default) – The user is not an administrator.

sugroups

Disable

Lists the groups that can use the su command to switch to the specified user account. The Value parameter is a comma-separated list of group names, or a value of ALL to indicate all groups. An ! (exclamation point) in front of a group name excludes that group. If this attribute is not specified, all groups can switch to this user account with the su command.

admgroups

Disable

Lists the groups the user administrates. The Value parameter is a comma-separated list of group names.

umask

Disable

Determines file permissions. This value, along with the permissions of the creating process, determines a file's permissions when the file is created. The default is 022.

default_roles

Disable

Specifies the default roles for the user. The Value parameter, a comma-separated list of valid role names, can only contain roles assigned to the user in the roles attribute. You can use the ALL keyword to signify that the default roles for the user are all their assigned roles.