Identity Provisioning Policies Tab

Identity Provisioning Policies are used to define identity attributes that must be set when creating an identity from a Lifecycle Manager request.

The following types of Identity Provisioning Policies are available:

Create Identity
Update identity
Self-service Registration

Note: If an Update provisioning policy is defined, that policy overwrites the Create policy.

You must include the criteria required by the provisioning policy in the generated form before the request can be completed. Use the Provisioning Policy Editor to customize the look and function of the form fields generated from the provisioning policy.

Name

The name of your provisioning policy.

Description

A brief description of the provisioning policy.

Provisioning Policy Editor

Use the Edit Provisioning Policy Fields panel to customize the look and function of the form fields generated from the provisioning policy.

Attribute

Select the attribute field from the dropdown list to display on the form generated from the provisioning policy.

Display Name

The name displayed for the field in the form generated by the provisioning policy.

Help Text

The text you wish to appear when hovering the mouse over the help icon.

Type

Select the type of field from the dropdown list. Choose from the following:
Boolean – true or false values field
Date – calendar date field
Integer – only numerical values field
Long – similar to integer but is used for large numerical values
Identity – specific identity in IdentityIQ field
Secret – hidden text field
String – text field

Multi Valued

Choose this to have more than one selectable value in this field of the generated form. Click the plus sign to add another value.

Read Only

Determine how the read only value is derived:
Value – value based on the selection from the dropdown list
Rule – value is based on a specified rule
Script – value is determined by the execution of a script

Hidden

Determine how the hidden value is derived:
Value – value based on the selection from the dropdown list
Rule – value is based on a specified rule
Script – value is determined by the execution of a script

Owner

The owner of the provisioning policy. This is determined by selecting from the following:
None – no owner is assigned to this provisioning policy.
Application Owner – identity assigned as owner of the application in which the provisioning policy resides.
Role Owner – identity assigned as owner of the role in which the provisioning policy resides.
Rule – use a rule to determine the owner of this provisioning policy.
Script – use a script to determine the owner of this provisioning policy

Required

Choose whether or not to have the completion of this field a requirement for submitting the form.

Refresh Form on Change

Select this option to have the form associated with this policy refresh to reflex changes to this policy.

Display Only

Set this field as display only.

Authoritative

Boolean that specifies whether the field value should completely replace the current value rather than be merged with it; applicable only for multi-valued attributes

Value

Determine how the value is derived. Select from the following:
Literal – value is based on the information you provide
Rule – value is based on a specified rule
Script – value is determined by the execution of a script

Allowed Values

The value(s) which can be displayed in the field of the generated form. Choose from the following:
None – the field is blank
Literal – value is based on the information you provide
Rule – value is based on a specified rule
Script – value is determined by the execution of a script

Validation

Gives the ability to specify a script or rule for validating the user's value. For example, a script that validates that a password is 8 characters or longer.