LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-06 04:19:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #245 from sailpoint-oss/devrel-643

Browse Source 
Devrel 643
This commit is contained in:
Tyler Mairose
2023-05-05 11:36:54 -04:00
committed by GitHub
parent 24b983ca83 03242bf4a0
commit eca2662f9d
1 changed files with 355 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

355
products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md Normal file
View File

@@ -0,0 +1,355 @@
---
id: transforms-in-provisioning-policies
title: Transforms in Provisioning Policies
pagination_label: Transforms in Provisioning Policies
sidebar_label: Transforms in Provisioning Policies
sidebar_class_name: transformsInProvisioningPolicies
keywords: ['transforms', 'guides', 'provisioning', 'policies']
description: Learn how to use transforms in your provisioning policies!
sidebar_position: 3
slug: /docs/transforms/guides/transforms-in-provisioning-policies
tags: ['Transforms', 'Guides', 'Provisioning', 'Policies']
---
## Overview
In this guide, you will learn how to use [IdentityNow's Transforms](/idn/api/v3/transforms) in a provisioning policy for a source. This can be useful if you need to hide the attribute in your identity attribute list but still need the attribute during provisioning.
## Create provisioning policy
Use the Create provisioning policy for new users who have been granted access to a source and need to be provisioned on that source. You can define the custom attributes you want to create during the provisioning process. You can use transforms to modify the data before sending it to the source.
First, call the [Get Provisioning Policy API](/idn/api/v3/get-provisioning-policy) for the source you want to add your transform to.
This is an example create provisioning policy response for a source:
```json
{
"name": "Account",
"description": null,
"usageType": "CREATE",
"fields": [
{
"name": "email",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "email"
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "displayName",
"transform": {
"type": "lower",
"attributes": {
"input": {
"type": "identityAttribute",
"attributes": {
"name": "displayName"
}
}
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "firstName",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "firstName"
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "lastName",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "lastName"
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "hireDate",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "hireDate"
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "enabled",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "enabled"
}
},
"attributes": {},
"isRequired": false,
"type": "boolean",
"isMultiValued": false
},
{
"name": "locked",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "locked"
}
},
"attributes": {},
"isRequired": false,
"type": "boolean",
"isMultiValued": false
}
]
}
```
## Add to the Create policy
This transform concatenates the identityAttributes `firstName`, `lastName`, the two digit month of the `hireDate` and the static string `Rt4e!` to form a temporaryPassword.
:::caution
You must use the `identityAttribute` type when you're writing transforms in provisioning policies. The `accountAttribute` type won't work during provisioning.
:::
```json
{
"name": "temporaryPassword",
"transform": {
"type": "concat",
"attributes": {
"values": [
{
"type": "identityAttribute",
"attributes": {
"name": "firstName"
}
},
{
"type": "identityAttribute",
"attributes": {
"name": "lastName"
}
},
{
"type": "substring",
"attributes": {
"input": {
"type": "identityAttribute",
"attributes": {
"name": "hireDate"
}
},
"start": 5,
"end": 7
}
},
{
"type": "static",
"attributes": {
"value": "Rt4e!"
}
}
]
}
},
"attributes": {},
"isRequired": false,
"type": "boolean",
"isMultiValued": false
}
```
If you assume the given attributes have the following values, this transform would create the temporaryPassword attribute as `johndoe12Rt4e!`.
| Identity Attribute | Value |
| ------------------ | ---------- |
| firstName | john |
| lastName | doe |
| hireDate | 2023-12-13 |
## Add the transform to your existing policy
Upload your complete CREATE provisioning policy by using the [Create Provisioning Policy API](/idn/api/v3/create-provisioning-policy), or use the [Update Provisioning Policy API](/idn/api/v3/put-provisioning-policy) to update an existing provisioning policy.
This is the example response with the full policy, along with the new attribute:
```json
{
"name": "Account",
"description": null,
"usageType": "CREATE",
"fields": [
{
"name": "email",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "email"
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "displayName",
"transform": {
"type": "lower",
"attributes": {
"input": {
"type": "identityAttribute",
"attributes": {
"name": "displayName"
}
}
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "firstName",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "firstName"
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "lastName",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "lastName"
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "hireDate",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "hireDate"
}
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "temporaryPassword",
"transform": {
"type": "concat",
"attributes": {
"values": [
{
"type": "identityAttribute",
"attributes": {
"name": "firstName"
}
},
{
"type": "identityAttribute",
"attributes": {
"name": "lastName"
}
},
{
"type": "substring",
"attributes": {
"input": {
"type": "identityAttribute",
"attributes": {
"name": "hireDate"
}
},
"start": 5,
"end": 7
}
},
{
"type": "static",
"attributes": {
"value": "Rt4e!"
}
}
]
}
},
"attributes": {},
"isRequired": false,
"type": "boolean",
"isMultiValued": false
},
{
"name": "enabled",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "enabled"
}
},
"attributes": {},
"isRequired": false,
"type": "boolean",
"isMultiValued": false
},
{
"name": "locked",
"transform": {
"type": "identityAttribute",
"attributes": {
"name": "locked"
}
},
"attributes": {},
"isRequired": false,
"type": "boolean",
"isMultiValued": false
}
]
}
```
## Next Steps
For more information on all available transforms, refer to [Transform Operations](/idn/docs/transforms/operations). If you're having trouble creating your transform in provisioning policies, reach out with your question in the [Developer Community Forum](https://developer.sailpoint.com/discuss/)!