provisioning in SailPoint is a Software that automatically provisions access for new employees and manages the existing access of existing employees.
There are different types of sailpoint provisioning:
before provisioning rule in sailpoint: This rule is called before a provisioning event is triggered on a managed application. Any code in this rule will be executed before the target application is accessed. The results of this execution are not returned. This rule is only available to Advanced Integration Modules.
role based provisioning in sailpoint is used to create new roles and assign existing roles to a user or group. Automatically creates and manages the entitlements on which the new role is based.
provisioning plan in sailpoint is a plan that executes during the certification process to ensure that requested access is granted. A provisioning plan in sailpoint is a set of instructions used to create or update target objects within IdentityIQ. A provisioning plan can update IdentityIQ accounts, roles and entitlements, or the objects contained in external systems.
A sailpoint provisioning plan contains rules which are used to apply the changes to the applications during the process of provisioning. This plan can be created as part of the application setup or be created later and applied during the provisioning process.
lcm provisioning workflow in SailPoint is used to link LCM Provisioning task and Identity Provisioning task. We can write a custom LCM provisioning workflow to manage the Lifecycle Manager provisioning request. This workflow must be triggered by an LCM provisioning request in LCM. The workflow can be written in Java or BeanShell. LCM provisioning request is a multi-step process with multiple approval steps. For example, LCM provisioning request starts with an approval step to approve the request for the specified user. If the request is approved, the next step is configured to trigger a refresh of the IdentityIQ User Account to retrieve the information needed to generate the request to Lifecycle Manager. The final step generates a Lifecycle Manager provisioning request for the specified Lifecycle Manager target object. The provisioning workflow is triggered by the final step, which launches the workflow and passes it the Lifecycle Manager provisioning request.
A provisioning policy in sailpoint defines which attributes on a user account control access through IdentityIQ. A provisioning policy can be associated with a role or assigned directly to a user. A provisioning policy includes a set of entitlements and a set of controls. Entitlements define the specific entitlements that control access. Controls define the specific actions that control access. Controls are generally used to control access in a more granular way than entitlements. Controls are generally used in situations where entitlements do not control access
sailpoint user provisioning automates user lifecycle management by facilitating user account creation, password management, and user provisioning. User Provisioning automates the process of creating and managing the lifecycle of user accounts for an organization’s applications. User Provisioning automates the creation and management of user accounts for an organization’s applications. These applications may be on-premises or in the cloud.
The different types of provisioning in sailpoint are as follows:
Rule based provisioning
Account Group Entitlement Aggregation
Account Group Member Entitlement Aggregation