Provisioning Policies Tab
Provisioning Policies are used to define application object attributes that must be managed due to a Lifecycle Manager request. With a provisioning policy in place, when a role or entitlement is requested the user must input specified criteria into a generated form before the request can be completed. A policy can be attached to an IdentityIQ application object or role and is used as part of the provisioning process.
For applications that support multiple application objects, each object is displayed in a separate table containing the provisioning policies those objects support. Not all application objects support all of the provisioning policies listed below.
To provision a DN with a backslash(\):
In order to be able to provision to a DN with a backslash (\) to an Active Directory application through the Cloud Gateway you will need to set the following properties in catalina.sh or catalina.bat on the Cloud Gateway instance:
set CATALINA_OPTS=%CATALINA_OPTS%
-Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
set CATALINA_OPTS=%CATALINA_OPTS%
-Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=trueNote
Setting the dependencies between applications and accounts implies ordering in provisioning.
IdentityIQ includes the following types of provisioning policies:
Object Type: account:
-
Create
-
Update
-
Delete
-
Enable Account
-
Disable Account
-
Unlock Account
-
Change Password
Object Type: group
-
CreateGroup
-
UpdateGroup
Select an existing provisioning policy or select Add Policy to create a new one using the Provisioning Policy Editor or to reference an existing policy. Only one of each policy types is supported.
Use the Application Dependencies drop-down list to create the list of applications where this application is dependent for provisioning. If no account is detected on an application where this application is dependent, an account request is added to the provisioning plan and the provision policy for this application is processed as expected.