before provisioning rule in sailpoint runs right before the provisioning step runs and is intended for any clean-up work that needs to be done around a pending request. For example, if a user is in the process of being added to a group and the group is in the process of being assigned a role, and the role is in the process of being added to a target application, the before provisioning rule can remove any of the intermediate steps as they are no longer needed. This rule is only called when there is a pending request, and it is executed in serial.
The lcm provisioning workflow in SailPoint is a rule-based update workflow that uses Lifecycle Manager to provision objects. The LCM provisioning workflow is designed to move objects through their lifecycle, creating the identity records, entitlements, and other associated components. The LCM provisioning workflow is also used to update objects existing on a target system. The LCM provisioning workflow is used to complete most tasks in your enterprise.
provisioning in sailpoint Automated processes that request and receive access to resources through a request or entitlement model; usually refer to requests for new access, changes to existing access, or removal of access to resources.
Sailpoint provisioning comes in three types:
Software used for managing users’ access to the applications or data is called provisioning in sailpoint. It is the process of granting access and privileges to a user through a set of the business process.
A provisioning plan in sailpoint is a JSON object that defines the steps to provision the targets specified in the plan. A plan can be constructed in the sailpoint or in code and then run-on demand or scheduled. A plan is a sequence of steps. Each step is a simple procedure that is executed in isolation, with no visibility into any state that was set up in earlier steps.
There are four stages in SailPoint provisioning plan:
The sailpoint user provisioning application enables managing the lifecycle of user accounts across all the applications in an enterprise. It streamlines the process of adding, changing or deleting user accounts across multiple applications. It automates the creation, update, and termination of user accounts, enabling businesses to reduce the costs associated with these processes.
A provisioning policy in sailpoint is used to set the target application’s account status to enable or disabled, and to apply any required entitlement changes when a user is added to an target application.
The following are the types of provisioning in sailpoint.
role based provisioning in sailpoint is used for managing access of users on different applications. It uses the concept of roles and entitlements. Roles are used to grouping a similar set of access. Entitlement is used to manage specific access for a user on an application.