Create Profile Account Attributes
When Identity Security Cloud provisions new accounts to a Linux direct connect source, it uses the attributes on the Create Profile page as instructions or a template for what to include in the account. This page is also referred to as the provisioning policy.
Important
This section describes the configuration of the default Create Profile. However, SailPoint recommends that you work with Services to define a Create Profile specific to your company's needs.
The following generators create required information for a new Linux account. You might need to edit the contents.
username
Provided by the user when they log in
This is an Account ID which must not be changed.
Note
You must change the OU in the Pattern Used field in the distinguishedName attribute.
uid
Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for the root. UIDs 1-99 are reserved for other predefined accounts. Further, UIDs 100-999 are reserved by the system for administrative and system accounts.
home
The absolute path to the directory the user will be in when they log in.
pwdlastchg
Number of days since Jan 1, 1970 that password was last changed
pwdmin
The minimum number of days required between password changes. In other words, this is the number of days left before the user is allowed to change their password.
pwdmax
The maximum number of days the password is valid, after which the user is forced to change their password
pwdwarn
The number of days before a password is to expire that user is warned that their password must be changed
comment
General text field where you can provide a description
expiration
Days since Jan 1, 1970 that account is disabled
This is an absolute date specifying when the login may no longer be used.
inactive
The number of days after a password expires that account becomes disabled
lastlogin
Last login date and time of the account
primgrp
Name of the user's primary group
groups
Secondary groups of user
shell
User’s shell
crthomedir
Connection to home directory
lastlog
The last login details
dupuid
The duplicate user ID
forcepwdchg
Specify if user has to be forced to change password on next login
password
This generator creates an initial password for the new account adhering to the password policy assigned to the associated Linux source in Identity Security Cloud.