Application and Role Provisioning Policy

Application provisioning policies are specified as <Form> within the <Application> definition. Role provisioning polices are <Form> within the <Bundle> definition. Applications might have more than one provisioning policy form – one for (account) creation, update, and delete provisioning activities plus additional policies for group creation and update. Roles might only have one for role assignment to an Identity.

This sample <Form> definition provides examples of fields slotted into separate sections, assigned to different owners by value or by script, with an permitted values set, and with a validation script. Application provisioning policies are specified within a <Forms> element that wraps all of the specified provisioning policy forms together.

Copy 
<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE Form PUBLIC "spt.dtd" "spt.dtd">
<Form name="New Acct Policy" type="Create">
  <Field displayName="Name" name="name" required="true" reviewRequired="true" type="string">
    <OwnerDefinition value="IIQApplicationOwner"/>
  </Field>
  <Field displayName="Phone" name="phone" required="true" section="Extra Info" type="string">
    <OwnerDefinition value="IIQApplicationOwner"/>
  </Field>
  <Field displayName="Office Number" name="off_no" required="true" section="" type="integer">
    <OwnerDefinition>
      <Script>
        <Source>return identity.getManager();</Source>
      </Script>
    </OwnerDefinition>
    <ValidationScript>
      <Source>
   try {
int number=Integer.parseInt(value);
if (number &lt; 100) {
return "Office numbers are all 100 or greater.";
} else{
return null;
}
} catch (NumberFormatException e) {
return "Non-numeric value provided; must be numeric.";
}
</Source>
    </ValidationScript>
  </Field>
  <Field displayName="Region" name="region" required="true" type="string">
    <AllowedValues>
      <String>Americas</String>
      <String>EMEA</String>
      <String>APAC</String>
    </AllowedValues>
  </Field>

Application Provisioning Policies can render on multiple forms, depending on the field Owners. Multiple provisioning policy forms can be combined into one form if a request spans multiple applications or roles that each need to gather additional data from the same user.