Manage Provision Policy
Provision policies define the list of resources to be provisioned or deprovisioned to accounts in the target applications. They are used to automate the provisioning of objects such as accounts, groups and group membership to identities based on a set of rules or conditions in the target application. For example, you can add accounts, groups and roles to identities who are associated to specific locations and department. You can also set priorities to these policies so that the conflicts between provisioning policies of similar will be overridden by higher priority policy.
To create a provision policy:
On the IAG menu, click the Administration tab and then click Governance on the sub-menu.
On the Governance page, click the Provision Policy tile. The Provision Policy page appears.
Click the Create New button.
Provide the following information and then click Save.
| Field | Description |
|---|---|
| Name of Policy | Enter the provision policy name. |
| Priority | Enter the priority for the policy. |
| Policy Type | Select the policy type from the dropdown list, whether you want to use this policy for provisioning, deprovisioning or both. Based on these types selection, the Add or Remove tabs for each object in the other info section will be enabled or disabled. |
| Equal Priority Override | Select this checkbox if you want to make this policy to override the other policy which as the same priority and conditions. |
| Enforce on Existing Users | Select this checkbox, if you want to make this policy applicable to both existing and new identities. |
| Query | Click the drop-down in the Query Builder section, select the parameter based on which you would like to group the identities and provision/deprovision them in the target application. You can also add more rules or group them using add group button. After you define the conditions/rules, click Save button. |
| Description | Add the detailed description or any added information for the provision policy |
After clicking Save, the below tabs appear under the Basic Information section. The Targets tab is the active tab.
5. On the Targets tab, you can add or remove target application accounts to the identities. Add or remove the accounts in the respective tabs.
6. Click the Groups tab to add or remove group membership to the identities. Add or remove the groups in the respective tabs.
7. Click the Roles tab to add or remove role membership to the identities. Add or remove the roles in the respective tabs.
8. Click the Entitlements tab to add or remove entitlement membership to the identities. Add or remove the entitlements in the respective tabs.