Page Comparison

Provisioning Policies allow you to automate the provisioning, moving, disabling, and de-provisioning of resources

for users based on their

roles, memberships and locations within your organization.

This topic demonstrates

the following:

• How to create a

• provisioning policy that provisions Salesforce

• user accounts

• How to assign the provisioning policy to an EmpowerID actor type

How to create a provisioning policy

for Salesforce

User Accounts

1. n the

1. navbar, expand Identity Lifecycle and click Provisioning Policies (

1. RETs).

1. On the

1. Policies

1. page, click

1. the Add button at the top of the grid.

   Image Added

    

2. Under Choose Type, select Salesforce Account from the Object Type To Provision drop-down.

   Image Added

3. In the General section of the form

1. fill in the following fields:

1. 1. Name — Enter a name

1. 1. for the policy.

   2. Description — Enter a description for the policy.

   3. Directory — Select the inventoried directory for your Salesforce account.

2. In the Throttling Settings section of the form, specify the provisioning and deprovisioning thresholds for the policy. These settings are as follows:

   • All Provisions Require Approval

1. • — If this option is selected, the provisioning of each RET specified by the policy will need to be approved by a user delegated access to the Resource Entitlement Inbox.

   • All Deprovisions Require Approval

1. • — If this option is selected, the deprovisioning of each RET specified by the policy will need to be approved by a user delegated access to the Resource Entitlement Inbox.

   • Require Approval if Provision Batch Larger Than Threshold

1. • — This field allows you to set a numeric value that needs to be reached by a single run of the Resource Entitlement Inbox before an approver needs to approve the provisions. If the threshold is reached, EmpowerID will not provision any of the Salesforce user accounts until approval is granted.

   • Require Approval if Deprovision Batch Larger Than Threshold

1. • — This field allows you to set a numeric value that needs to be reached by a single run of the Resource Entitlement Inbox before an approver needs to approve the deprovisions. If the threshold is reached, EmpowerID will not deprovision any of the Salesforce user accounts until approval is granted.

1. In the Advanced section of the form, do the following:

   1. Select a desired option from the On Claim Action drop-down. You have the following options:

      • Do Nothing — No action occurs. This tells EmpowerID to simply mark any previous resources assigned to the user that match this policy as RET-managed resources. For example, if the user already has a Salesforce user account and is placed in a Management Role targeted by the RET policy, EmpowerID marks that user's Salesforce account as RET managed.

      • Delete and Recreate — The user account is deleted and recreated.

      • Move — Marks any previous resources assigned to the user that match the RET as RET-managed resources and moves the user object to the OU specified by the RET policy.

      • Publish Workflow Event — Executes custom workflow code.

   2. Select a desired option from the On Transform Action drop-down. You have the following options:

      • Do Nothing — No action occurs.

      • Delete and Recreate — The user account is deleted and recreated.

      • Move — Marks this resource with the new RET policy number and moves the user object to the OU specified by the RET policy

      • Publish Workflow Event — Executes custom workflow code.

   3. Select a desired option from the On Revoke Action drop-down.

1. 1. You have the following options:

      • Do Nothing — No action occurs.

      • Deprovision — The Salesforce user account is deleted if the person no longer meets the criteria to receive the resource from the RET

1. 1. • .

      • Disable and move — The Salesforce user account is disabled if the person no longer meets the criteria to receive the resource from the RET.

      • Publish Workflow Event — Executes custom workflow code.

2. Click Save to create the policy.

3. After EmpowerID creates the policy, you should be directed to the completed Policy Details page for the policy.

   Image Added

Next, assign the policy you just created to one or more targets as demonstrated below.

How to assign the provisioning policy

1. On the Policy Details page, click the Find Policies breadcrumb. 

   Image Added

   
   

2. Search for the policy you just created and then click

1. the Display Name link for it.

1. Image Added

   This

1. directs you to the

1. View

1. page for the policy.

1. This page allows you to

1. manage the policy as needed. 

   Image Added

   
   

2. On the View page, click the

1. Assignees accordion to expand it

1. . This accordion allows you to assign the policy to any or the following EmpowerID actor types:

   • Business Roles and Locations — All people in the selected Business Role and Location combinations receive the resource granted by the policy.

   • Management Roles — All people in the selected Management Roles receive the resource granted by the policy.

   • Management Role Definitions — All Management Roles that are children of the selected Management Role Definition receive the resource granted by the policy.

   • Query-Based Collections (SetGroup) — All people in the selected collection receive the resource granted by the policy.

   • Groups — All people in the selected groups receive the resource granted by the policy.

   • People — All people selected receive the resource granted by the policy.

2. From the Assignees accordion, click the Add button above the assignee type to which you are making the assignment.

3. In the Add Entry pane that appears, search for and select the appropriate assignee.

4. Enter a number to specify the priority for the RET policy in the Priority field. This value is used to determine the priority of the RET if the user qualifies for the same RET

1. via another assignment, such as being a member of a group that has the same policy. The lower the number, the higher the priority. 

   Image Added

2. Click Save.

2. Back in the main form, click Save.