/
Enabling Provisioning Policies

Enabling Provisioning Policies

Users can create provisioning policies for joiner, mover, and leaver events. Policies are composed of three configurable elements that drive the overall workflow.

  • Users: Configure which users this policy will apply to (for example, Users in Engineering Department)

  • Prerequisites: Configure which actions need to take place first and in sequence (for example, Wait for Account in Active Directory then Create Account in Okta)

  • Actions: Configure which actions can take place concurrently after all prerequisites have been fulfilled (for example, Provision Birthright Access)

This article covers the following topics:

Prerequisites to Create a Provisioning Policy

  • Admin permissions in Zilla

  • Provisioning has been enabled in your Zilla Tenant

Create a Provisioning Policy

  1. Log into your Zilla tenant as an administrator.

  2. Expand the Provisioning option on the left side of the page and click Policies.

zilla provision policies.png

  1. Click Create Policy, give the new policy a Name, Description (optional), and select an Event. The list below defines each possible event.

Event Definitions

  • New User: Joiner

  • User Transfer: Mover

  • User Terminated: Leaver

  1. Click Next.

  1. Configure the policy with conditions, prerequisites, and actions. The example below displays a general Joiner policy for all employees that provisions an account in Azure Active Directory first, and then then provisions birthright access based on the user’s matching Zilla Profiles.

Prerequisite Options

  • Create Account (Joiner): Create an account in a target application.

  • Disable Account (Leaver): Disable a user account in a target application.

  • Wait for Account (Joiner, Mover): Wait for existing inbound customer provisioning steps to complete before proceeding with outbound provisioning.

  • Request Additional Access (Joiner, Mover): Request additional access for an employee during the onboarding process, and any requested permissions that are part of profiles will automatically be approved.

Actions

  • Provision Birthright Access (Joiner, Mover): Provision access based on activated birthright-level profile grants for profiles matching the user attributes.

  • Disable User Accounts (Leaver): Disable all user accounts for a given terminated user.

  1. Click Next.

create policy wizard 2.png

  1. Toggle to Enable the policy to use it immediately. Alternately, keep it Disabled to save the policy and review it with other stakeholders prior to enabling it.

  2. Click Submit.

create policy wizard 3.png

The new policy appears in the Policies list.

create policy finished.png