From 7faa48cf0cb989556c452f7269cf4dbe6ded3c58 Mon Sep 17 00:00:00 2001 From: tyler-mairose-sp Date: Wed, 3 May 2023 14:44:51 -0400 Subject: [PATCH 1/3] work in progress for provisioning policy transforms --- .../guides/provisioning-policy-transform.md | 171 ++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md diff --git a/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md b/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md new file mode 100644 index 000000000..d825dac58 --- /dev/null +++ b/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md @@ -0,0 +1,171 @@ +--- +id: transforms-in-provisioning-policies +title: Transforms in Provisioning Policies +pagination_label: Transforms in Provisioning Policies +sidebar_label: Transforms in Provisioning Policies +sidebar_class_name: transformsInProvisioningPolicies +keywords: ['transforms', 'guides', 'provisioning', 'policies'] +description: Learn how to use transforms in your provisioning policies! +sidebar_position: 1 +slug: /docs/transforms/guides/transforms-in-provisioning-policies +tags: ['Transforms', 'Guides', 'Provisioning', 'Policies'] +--- + +## Overview + +In this guide, you will learn how to use [IdentityNow's Transforms](/idn/api/v3/transforms) in a provisioning policy to a source. This could be useful if you need to hide the attribute in your identity attribute list but still need the attribute during provisioning. + +## Create Provisioning Policy + +First, lets call the [GET Provisioning Profile API](/idn/api/v3/get-provisioning-policy) for the source you would like to add your transform to. + +An example response for the CREATE provisioning policy of a source. + +```json +{ + "name": "Account", + "description": null, + "usageType": "CREATE", + "fields": [ + { + "name": "email", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "email" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "displayName", + "transform": { + "type": "lower", + "attributes": { + "input": { + "type": "identityAttribute", + "attributes": { + "name": "displayName" + } + } + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "firstName", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "firstName" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "lastName", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "lastName" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "hireDate", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "hireDate" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "enabled", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "enabled" + } + }, + "attributes": {}, + "isRequired": false, + "type": "boolean", + "isMultiValued": false + }, + { + "name": "locked", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "locked" + } + }, + "attributes": {}, + "isRequired": false, + "type": "boolean", + "isMultiValued": false + } + ] +} +``` + +# The Transform to Add to CREATE Policy + +```json +{ + "name": "temporaryPassword", + "transform": { + "type": "concat", + "attributes": { + "values": [ + { + "type": "identityAttribute", + "attributes": { + "name": "firstName" + } + }, + { + "type": "identityAttribute", + "attributes": { + "name": "lastName" + } + }, + { + "type": "substring", + "attributes": { + "input": { + "type": "identityAttribute", + "attributes": { + "name": "hireDate" + } + }, + "start": 3, + "end": 5 + } + }] + } + }, + "attributes": {}, + "isRequired": false, + "type": "boolean", + "isMultiValued": false +} +``` From e8d63c7c8f6efabec2eae68711605a3476748dae Mon Sep 17 00:00:00 2001 From: tyler-mairose-sp Date: Fri, 5 May 2023 11:00:57 -0400 Subject: [PATCH 2/3] Add example of how to use transforms in provisioning policies --- .../guides/provisioning-policy-transform.md | 230 ++++++++++++++++-- 1 file changed, 207 insertions(+), 23 deletions(-) diff --git a/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md b/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md index d825dac58..170d30977 100644 --- a/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md +++ b/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md @@ -6,7 +6,7 @@ sidebar_label: Transforms in Provisioning Policies sidebar_class_name: transformsInProvisioningPolicies keywords: ['transforms', 'guides', 'provisioning', 'policies'] description: Learn how to use transforms in your provisioning policies! -sidebar_position: 1 +sidebar_position: 3 slug: /docs/transforms/guides/transforms-in-provisioning-policies tags: ['Transforms', 'Guides', 'Provisioning', 'Policies'] --- @@ -17,7 +17,9 @@ In this guide, you will learn how to use [IdentityNow's Transforms](/idn/api/v3/ ## Create Provisioning Policy -First, lets call the [GET Provisioning Profile API](/idn/api/v3/get-provisioning-policy) for the source you would like to add your transform to. +The create provisioning policy is used when a new user is granted access to a source and needs to be provisioned on that source. You can define your custom attributes that you wish to be created during the provisioning process. You can use transforms to modify the data before sending it to the source. + +First, lets call the [GET Provisioning Policy API](/idn/api/v3/get-provisioning-policy) for the source you would like to add your transform to. An example response for the CREATE provisioning policy of a source. @@ -127,7 +129,13 @@ An example response for the CREATE provisioning policy of a source. } ``` -# The Transform to Add to CREATE Policy +## The Transform to Add to CREATE Policy + +This transform concatenates the identityAttributes `firstName`, `lastName`, the two digit month of the `hireDate` and the static string `Rt4e!` to form a temporaryPassword. + +:::caution +You must use the identityAttribute type when writing transforms in provisioning policies. The accountAttribute type will not work during provisioning. +::: ```json { @@ -137,30 +145,37 @@ An example response for the CREATE provisioning policy of a source. "attributes": { "values": [ { - "type": "identityAttribute", - "attributes": { - "name": "firstName" - } + "type": "identityAttribute", + "attributes": { + "name": "firstName" + } }, { - "type": "identityAttribute", - "attributes": { - "name": "lastName" - } + "type": "identityAttribute", + "attributes": { + "name": "lastName" + } }, { - "type": "substring", - "attributes": { - "input": { - "type": "identityAttribute", - "attributes": { - "name": "hireDate" - } - }, - "start": 3, - "end": 5 - } - }] + "type": "substring", + "attributes": { + "input": { + "type": "identityAttribute", + "attributes": { + "name": "hireDate" + } + }, + "start": 5, + "end": 7 + } + }, + { + "type": "static", + "attributes": { + "value": "Rt4e!" + } + } + ] } }, "attributes": {}, @@ -169,3 +184,172 @@ An example response for the CREATE provisioning policy of a source. "isMultiValued": false } ``` + +Lets assume the following values for the given attributes, this would create the temporaryPassword attribute as `johndoe12Rt4e!`. + +| Identity Attribute | Value | +| ------------------ | ---------- | +| firstName | john | +| lastName | doe | +| hireDate | 2023-12-13 | + +## Adding the transform to your existing policy + +Upload your complete CREATE provisioning policy using the [CREATE Provisioning Policy API](/idn/api/v3/create-provisioning-policy) or use the [UPDATE Provisioning Policy API](/idn/api/v3/put-provisioning-policy) to update an existing provisioning policy. + +The full policy with the new attribute added. + +```json +{ + "name": "Account", + "description": null, + "usageType": "CREATE", + "fields": [ + { + "name": "email", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "email" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "displayName", + "transform": { + "type": "lower", + "attributes": { + "input": { + "type": "identityAttribute", + "attributes": { + "name": "displayName" + } + } + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "firstName", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "firstName" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "lastName", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "lastName" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "hireDate", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "hireDate" + } + }, + "attributes": {}, + "isRequired": false, + "type": "string", + "isMultiValued": false + }, + { + "name": "temporaryPassword", + "transform": { + "type": "concat", + "attributes": { + "values": [ + { + "type": "identityAttribute", + "attributes": { + "name": "firstName" + } + }, + { + "type": "identityAttribute", + "attributes": { + "name": "lastName" + } + }, + { + "type": "substring", + "attributes": { + "input": { + "type": "identityAttribute", + "attributes": { + "name": "hireDate" + } + }, + "start": 5, + "end": 7 + } + }, + { + "type": "static", + "attributes": { + "value": "Rt4e!" + } + } + ] + } + }, + "attributes": {}, + "isRequired": false, + "type": "boolean", + "isMultiValued": false + }, + { + "name": "enabled", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "enabled" + } + }, + "attributes": {}, + "isRequired": false, + "type": "boolean", + "isMultiValued": false + }, + { + "name": "locked", + "transform": { + "type": "identityAttribute", + "attributes": { + "name": "locked" + } + }, + "attributes": {}, + "isRequired": false, + "type": "boolean", + "isMultiValued": false + } + ] +} +``` + +## Next Steps + +For more information on all available transforms, see [Transform Operations](/idn/docs/transforms/operations). If you are having trouble with creating your transform in provisioning policies, reach out to us with your question in the [Developer Community Forum](https://developer.sailpoint.com/discuss/)! From 03242bf4a0f33151e416083776ab633f7837d87e Mon Sep 17 00:00:00 2001 From: "james.haytko" Date: Fri, 5 May 2023 10:23:18 -0500 Subject: [PATCH 3/3] Edits --- .../guides/provisioning-policy-transform.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md b/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md index 170d30977..b04033b68 100644 --- a/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md +++ b/products/idn/docs/identity-now/transforms/guides/provisioning-policy-transform.md @@ -13,15 +13,15 @@ tags: ['Transforms', 'Guides', 'Provisioning', 'Policies'] ## Overview -In this guide, you will learn how to use [IdentityNow's Transforms](/idn/api/v3/transforms) in a provisioning policy to a source. This could be useful if you need to hide the attribute in your identity attribute list but still need the attribute during provisioning. +In this guide, you will learn how to use [IdentityNow's Transforms](/idn/api/v3/transforms) in a provisioning policy for a source. This can be useful if you need to hide the attribute in your identity attribute list but still need the attribute during provisioning. -## Create Provisioning Policy +## Create provisioning policy -The create provisioning policy is used when a new user is granted access to a source and needs to be provisioned on that source. You can define your custom attributes that you wish to be created during the provisioning process. You can use transforms to modify the data before sending it to the source. +Use the Create provisioning policy for new users who have been granted access to a source and need to be provisioned on that source. You can define the custom attributes you want to create during the provisioning process. You can use transforms to modify the data before sending it to the source. -First, lets call the [GET Provisioning Policy API](/idn/api/v3/get-provisioning-policy) for the source you would like to add your transform to. +First, call the [Get Provisioning Policy API](/idn/api/v3/get-provisioning-policy) for the source you want to add your transform to. -An example response for the CREATE provisioning policy of a source. +This is an example create provisioning policy response for a source: ```json { @@ -129,12 +129,12 @@ An example response for the CREATE provisioning policy of a source. } ``` -## The Transform to Add to CREATE Policy +## Add to the Create policy This transform concatenates the identityAttributes `firstName`, `lastName`, the two digit month of the `hireDate` and the static string `Rt4e!` to form a temporaryPassword. :::caution -You must use the identityAttribute type when writing transforms in provisioning policies. The accountAttribute type will not work during provisioning. +You must use the `identityAttribute` type when you're writing transforms in provisioning policies. The `accountAttribute` type won't work during provisioning. ::: ```json @@ -185,7 +185,7 @@ You must use the identityAttribute type when writing transforms in provisioning } ``` -Lets assume the following values for the given attributes, this would create the temporaryPassword attribute as `johndoe12Rt4e!`. +If you assume the given attributes have the following values, this transform would create the temporaryPassword attribute as `johndoe12Rt4e!`. | Identity Attribute | Value | | ------------------ | ---------- | @@ -193,11 +193,11 @@ Lets assume the following values for the given attributes, this would create the | lastName | doe | | hireDate | 2023-12-13 | -## Adding the transform to your existing policy +## Add the transform to your existing policy -Upload your complete CREATE provisioning policy using the [CREATE Provisioning Policy API](/idn/api/v3/create-provisioning-policy) or use the [UPDATE Provisioning Policy API](/idn/api/v3/put-provisioning-policy) to update an existing provisioning policy. +Upload your complete CREATE provisioning policy by using the [Create Provisioning Policy API](/idn/api/v3/create-provisioning-policy), or use the [Update Provisioning Policy API](/idn/api/v3/put-provisioning-policy) to update an existing provisioning policy. -The full policy with the new attribute added. +This is the example response with the full policy, along with the new attribute: ```json { @@ -352,4 +352,4 @@ The full policy with the new attribute added. ## Next Steps -For more information on all available transforms, see [Transform Operations](/idn/docs/transforms/operations). If you are having trouble with creating your transform in provisioning policies, reach out to us with your question in the [Developer Community Forum](https://developer.sailpoint.com/discuss/)! +For more information on all available transforms, refer to [Transform Operations](/idn/docs/transforms/operations). If you're having trouble creating your transform in provisioning policies, reach out with your question in the [Developer Community Forum](https://developer.sailpoint.com/discuss/)!