Provisioning Policy Attributes

Important
This page describes the configuration of the default Create Profile. However, SailPoint recommends that you work with SailPoint Services to define a Create Profile specific to your company's needs.

Most of the fields on the default provisioning policy are generated and all fields are marked "review required". Customize the provisioning policy attributes to meet your requirements.

Note
The Generator default is Disabled.

(Required)

Eight-character alias

By default, it generates a value based on the lastname and firstname in the field's inline script. It takes first seven characters from the last name and prefixes it with the first character of the first name.

Indicates the active status of the account.

Defaults to true, meaning the account is active.

Defaults to the account's username.

Defaults to the account's email address.

Defaults to the account’s first name.

Defaults to the account's last name

Nickname defaults to account's full name.

The user's timezone, it uses a display name defined by Salesforce. Only a few timezones are defined in the policy drop down and this will need to be customized for each deployment.

Defaults to America/Los_Angeles

The user's locale

Defaults to UTF-8

The email encoding key

There are several selections to choose from in from the web interface. The encoding keys are customizable.

Defaults to UTF-8

The language locale key

There are several selections to choose from in from the web interface. The locale keys are customizable.

Defaults to en_US

A Federation ID is an identifier that is unique within a Salesforce organization.

For the Salesforce source, the PermissionSetLicense is added as an entitlement while provisioning an account. For existing sources, you must add the PermissionSetLicense object (String type) to the account schema.

The Attribute Request priority is:

  1. Add PermissionSetLicense Object

  2. Add/Remove PermissionSet

  3. Remove PermissionSetLicense

Through the certification process, the PermissionSetLicense object cannot be removed until the associated Permission sets are removed.

The Salesforce source supports ManagedPackage entitlement.

Object Type Description
ManagedPackage String Managed Package assigned to a user.

The Salesforce source aggregates the ManagedPackage object. The new Salesforce sources, by default, have ManagedPackage as an entitlement attribute while provisioning an account. For the existing sources, you must manually add the ManagedPackage attribute to schema.

Used for defining Portal or Partner Users. Portal and Partner Users must be assigned to a Salesforce account using the Account Name provisioning policy attribute. If not configured, then the default STANDARD user will be created.

PORTAL

PARTNER

An Salesforce account name to assign it to a new Portal or Partner User. If left blank, the system creates a new Salesforce account and assigns it to the new Portal or Partner User.