<?xml version='1.0' encoding='UTF-8'?

>
<!DOCTYPE Configuration PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Configuration created="1590001158574" id="0a000001723313f38172337449ad00ed"
modified="1654567963821" name="ConnectorRegistry">
<Attributes>
<Map>
<entry key="applicationTemplates">
<value>
<List>
<Application connector="sailpoint.connector.DelimitedFileConnector"
featuresString="DIRECT_PERMISSIONS, NO_RANDOM_ACCESS, DISCOVER_SCHEMA"
icon="enterpriseIcon" name="DelimitedFile Template" type="DelimitedFile">
<Attributes>
<Map>
<entry key="formPath" value="delimitedAttributesForm.xhtml"/>
<entry key="formPathRules" value="delimitedRulesForm.xhtml"/>
<entry key="sftpAuthMethod" value="password"/>
</Map>
</Attributes>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, ENABLE, PASSWORD, DISCOVER_SCHEMA"
icon="enterpriseIcon" name="PeopleSoft Template" type="PeopleSoft - Direct">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.PeopleSoftConnector"/>
<entry key="encrypted" value="domainConnPassword"/>
<entry key="formPath" value="PeopleSoftAttributesForm.xhtml"/>
<entry key="useConnectorClassloader" value="true"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_UserID"
helpKey="help_con_prov_policy_UserID" name="UserID" required="true"
reviewRequired="true" section="User Information" type="string">
<Script>
<Source>
import sailpoint.tools.Util;

String userID = identity.getName();

String first = identity.getFirstname();
String last = identity.getLastname();
if ((null != Util.getString(first)) &amp;&amp; (null !=
Util.getString(last))) {
userID = first.toLowerCase().charAt(0) +
last.toLowerCase();
}
return userID;

</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_Description"
helpKey="help_con_prov_policy_Description" name="UserDescription" required="true"
reviewRequired="true" section="User Information" type="string">
<Script>
<Source>return identity.getDisplayableName();</Source>
 </Script>
</Field>
<Field displayName="con_prov_policy_SymbolicID"
helpKey="help_con_prov_policy_SymbolicID" name="SymbolicID" reviewRequired="true"
section="Logon Information" type="string" value="SYSADM1"/>
<Field displayName="con_prov_policy_Password"
helpKey="help_con_prov_policy_Password" name="password" required="true"
reviewRequired="true" section="Logon Information" type="secret"/>
<Field displayName="con_prov_policy_PasswordExpired"
helpKey="help_prov_policy_PasswordExpired" name="PasswordExpired"
reviewRequired="true" section="Logon Information" type="boolean" value="false"/>
<Field displayName="con_prov_policy_IDTypeNone"
helpKey="help_con_prov_policy_IDTypeNone" name="IDTypes_NON" reviewRequired="true"
section="ID Types" type="boolean" value="true"/>
<Field displayName="con_prov_policy_EmployeeID"
helpKey="help_con_prov_policy_EmployeeID" name="IDTypes_EMP_Empl ID"
reviewRequired="true" section="ID Types" type="string"/>
<Field displayName="con_prov_policy_CustomerSetID"
helpKey="help_con_prov_policy_CustomerSetID" name="IDTypes_CST_SetID"
reviewRequired="true" section="ID Types" type="string"/>
<Field displayName="con_prov_policy_CustomerContactSetID"
helpKey="help_con_prov_policy_CustomerContactSetID" name="IDTypes_CNT_SetID"
reviewRequired="true" section="ID Types" type="string"/>
<Field displayName="con_prov_policy_VendorSetID"
helpKey="help_con_prov_policy_VendorSetID" name="IDTypes_VND_SetID"
reviewRequired="true" section="ID Types" type="string"/>
<Field displayName="con_prov_policy_VendorID"
helpKey="help_con_prov_policy_VendorID" name="IDTypes_VND_Vendor ID"
reviewRequired="true" section="ID Types" type="string"/>
<Field displayName="con_prov_policy_Business_Email"
helpKey="help_con_prov_policy_Business_Email" name="EmailAddresses_BUS"
reviewRequired="true" section="General Attributes" type="string"/>
<Field displayName="con_prov_policy_Business_Email_Primary"
helpKey="help_con_prov_policy_Business_Email_Primary"
name="EmailAddresses_BUS_primary" reviewRequired="true" section="General
Attributes" type="boolean" value="true"/>
<Field displayName="con_prov_policy_Home_Email"
helpKey="help_con_prov_policy_Home_Email" name="EmailAddresses_HOME"
reviewRequired="true" section="General Attributes" type="string"/>
<Field displayName="con_prov_policy_Home_Email_Primary"
helpKey="help_con_prov_policy_Home_Email_Primary"
name="EmailAddresses_HOME_primary" reviewRequired="true" section="General
Attributes" type="boolean" value="false"/>
<Field displayName="con_prov_policy_LanguageCode"
helpKey="help_con_prov_policy_LanguageCode" name="LanguageCode"
reviewRequired="true" section="General Attributes" type="string" value="ENG"/>
<Field displayName="con_prov_policy_Currency_Code"
helpKey="help_con_prov_policy_Currency_Code" name="CurrencyCode"
reviewRequired="true" section="General Attributes" type="string" value="USD"/>
<Field displayName="con_prov_policy_Enable_Expert_Entry"
helpKey="help_con_prov_policy_Enable_Expert_Entry" name="ExpertEntry"
reviewRequired="true" section="General Attributes" type="boolean" value="false"/>
<Field displayName="con_prov_policy_Default_Mobile_page"
helpKey="help_con_prov_policy_Default_Mobile_page" name="DefaultMobilePage"
reviewRequired="true" section="General Attributes" type="string"/>
<Field displayName="con_prov_policy_Navigator_Homepage"
helpKey="help_con_prov_policy_Navigator_Homepage"
name="NavigatorHomePermissionList" reviewRequired="true" section="Permission Lists"
type="string"/>
 <Field displayName="con_prov_policy_Primary_Permission_List"
helpKey="help_con_prov_policy_Primary_Permission_List" name="PrimaryPermissionList"
reviewRequired="true" section="Permission Lists" type="string"/>
<Field displayName="con_prov_policy_Process_Profile"
helpKey="help_con_prov_policy_Process_Profile" name="ProcessProfilePermissionList"
reviewRequired="true" section="Permission Lists" type="string"/>
<Field displayName="con_prov_policy_Row_Security"
helpKey="help_con_prov_policy_Row_Security" name="RowSecurityPermissionList"
reviewRequired="true" section="Permission Lists" type="string"/>
<Field displayName="con_prov_policy_Alternate_UserID"
helpKey="help_con_prov_policy_Alternate_UserID" name="AlternateUserID"
reviewRequired="true" section="Workflow: Attributes" type="string"/>
<Field displayName="con_prov_policy_From_Date"
helpKey="help_con_prov_policy_From_Date" name="EffectiveDateFrom"
reviewRequired="true" section="Workflow: Attributes" type="date"/>
<Field displayName="con_prov_policy_To_Date"
helpKey="help_con_prov_policy_To_Date" name="EffectiveDateTo" reviewRequired="true"
section="Workflow: Attributes" type="date"/>
<Field displayName="con_prov_policy_Reassign_Work"
helpKey="help_con_prov_policy_Reassign_Work" name="ReassignWork"
reviewRequired="true" section="Workflow: Attributes" type="boolean" value="false"/>
<Field displayName="con_prov_policy_Reassign_Work_To"
helpKey="help_con_prov_policy_Reassign_Work_To" name="ReassignUserID"
reviewRequired="true" section="Workflow: Attributes" type="string"/>
<Field displayName="con_prov_policy_Worklist_User"
helpKey="help_con_prov_policy_Worklist_User" name="WorklistUser"
reviewRequired="true" section="Workflow: Attributes" type="boolean" value="true"/>
<Field displayName="con_prov_policy_Email_User"
helpKey="help_con_prov_policy_Email_User" name="EmailUser" reviewRequired="true"
section="Workflow: Attributes" type="boolean" value="true"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="UserID" identityAttribute="UserID"
objectType="account">
<AttributeDefinition name="AccountLocked"
remediationModificationType="None" type="int">
<Description>Used to deactivate a user profile.The user cannot
sign in until you have deselected this option.</Description>
</AttributeDefinition>
<AttributeDefinition name="AllowSwitchUser"
remediationModificationType="None" type="string">
<Description>Indicate that the individual user is permitted to
change identities within a PeopleSoft session.</Description>
</AttributeDefinition>
<AttributeDefinition name="AlternateUserID"
remediationModificationType="None" type="string">
<Description> Alternate role user</Description>
</AttributeDefinition>
<AttributeDefinition name="CurrencyCode"
remediationModificationType="None" type="string">
<Description>Currency code</Description>
</AttributeDefinition>
<AttributeDefinition name="DefaultMobilePage"
remediationModificationType="None" type="string">
<Description>Default mobile page that appear after users sign
in to their mobile device.</Description>
</AttributeDefinition>
<AttributeDefinition name="EffectiveDateFrom"
remediationModificationType="None" type="string">
<Description>Workflow attribute - from date</Description>
</AttributeDefinition>
<AttributeDefinition name="EffectiveDateTo"
remediationModificationType="None" type="string">
<Description>Workflow attribute to date</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="EmailAddresses"
remediationModificationType="None" type="string">
<Description>Email addresses of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="EmailUser"
remediationModificationType="None" type="string">
<Description>Routing preferences - email user</Description>
</AttributeDefinition>
<AttributeDefinition name="Encrypted"
remediationModificationType="None" type="string">
<Description>Encrypted</Description>
</AttributeDefinition>
<AttributeDefinition name="ExpertEntry"
remediationModificationType="None" type="int">
<Description>Select to specify that some users, such as expert
or power users, can defer all processing of the data that they enter.</Description>
</AttributeDefinition>
<AttributeDefinition name="FailedLogins"
remediationModificationType="None" type="int">
<Description>Maximum number of failed sign in attempts to
allow</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="IDTypes"
remediationModificationType="None" type="string">
<Description>User ID types and values</Description>
</AttributeDefinition>
<AttributeDefinition name="LanguageCode"
remediationModificationType="None" type="string">
<Description>Language code</Description>
</AttributeDefinition>
<AttributeDefinition name="LastUpdateDateTime"
remediationModificationType="None" type="string">
<Description>Last update date/time</Description>
</AttributeDefinition>
<AttributeDefinition name="LastUpdateUserID"
remediationModificationType="None" type="string">
<Description>Last update user ID</Description>
</AttributeDefinition>
<AttributeDefinition name="MultiLanguageEnabled"
remediationModificationType="None" type="string">
<Description>Multi-language enabled</Description>
</AttributeDefinition>
<AttributeDefinition name="NavigatorHomePermissionList"
remediationModificationType="None" type="string">
<Description>Default navigator home page permission
list</Description>
</AttributeDefinition>
<AttributeDefinition name="Opertype"
remediationModificationType="None" type="int">
<Description>Use external authentication</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordExpired"
remediationModificationType="None" type="string">
<Description>Enable the PeopleSoft password expiration.
</Description>
</AttributeDefinition>
<AttributeDefinition name="PrimaryEmailAddress"
remediationModificationType="None" type="string">
<Description>Primary email address associated with user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="PrimaryPermissionList"
remediationModificationType="None" type="string">
<Description>Primary permission list require to grant data
permissions to user</Description>
</AttributeDefinition>
<AttributeDefinition name="ProcessProfilePermissionList"
remediationModificationType="None" type="string">
<Description>Contains the permissions that a user requires for
running batch processes through PeopleSoft Process Scheduler.</Description>
</AttributeDefinition>
<AttributeDefinition name="ReassignWork"
remediationModificationType="None" type="string">
<Description>Use to reassign pending work for this role user if
positions change or a user is temporarily out.</Description>
</AttributeDefinition>
<AttributeDefinition name="ReassignUserID"
remediationModificationType="None" type="string">
<Description>User to whom work is reassigned</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Roles"
remediationModificationType="None" type="string">
<Description>Roles and Roles along with Routecontrols assigned
to the user - detailed</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roleNames" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Roles and Roles along with Routecontrols assigned
to the user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="RowSecurityPermissionList"
remediationModificationType="None" type="string">
<Description>Row security permission list to grant data
permissions to user</Description>
</AttributeDefinition>
<AttributeDefinition name="SupervisingUserID"
remediationModificationType="None" type="string">
<Description>User ID of the user's supervisor </Description>
</AttributeDefinition>
<AttributeDefinition name="SymbolicID"
remediationModificationType="None" type="string">
<Description>Use to retrieve the appropriate encrypted access
ID and access password.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserDescription"
remediationModificationType="None" type="string">
<Description>Description about user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="UserID"
remediationModificationType="None" type="string">
 <Description>User ID</Description>
</AttributeDefinition>
<AttributeDefinition name="UserIDAlias"
remediationModificationType="None" type="string">
<Description>Fully qualified email ID</Description>
</AttributeDefinition>
<AttributeDefinition name="WorkListEntriesCount"
remediationModificationType="None" type="long">
<Description>Worklist items that require a user's
attention.</Description>
</AttributeDefinition>
<AttributeDefinition name="WorklistUser"
remediationModificationType="None" type="string">
<Description>Routing preferences - worklist user</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="DESCR" displayAttribute="ROLENAME"
identityAttribute="ROLENAME" objectType="group">
<AttributeDefinition name="ALLOWNOTIFY"
remediationModificationType="None" type="string">
<Description>Workflow routing - allow
notifications</Description>
</AttributeDefinition>
<AttributeDefinition name="ALLOWLOOKUP"
remediationModificationType="None" type="string">
<Description>Workflow routing - allow recipient
lookup</Description>
</AttributeDefinition>
<AttributeDefinition name="DESCR"
remediationModificationType="None" type="string">
<Description>Description</Description>
</AttributeDefinition>
<AttributeDefinition name="DESCRLONG"
remediationModificationType="None" type="string">
<Description>Long description</Description>
</AttributeDefinition>
<AttributeDefinition name="LASTUPDDTTM"
remediationModificationType="None" type="string">
<Description>Last update date/time</Description>
</AttributeDefinition>
<AttributeDefinition name="LASTUPDOPERID"
remediationModificationType="None" type="string">
<Description>Last update user ID</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="RolePermissionLists"
remediationModificationType="None" type="string">
<Description>Permission lists for the role</Description>
</AttributeDefinition>
<AttributeDefinition name="ROLENAME"
remediationModificationType="None" type="string">
<Description>Roles and Roles along with
Routecontrols</Description>
</AttributeDefinition>
<AttributeDefinition name="ROLETYPE"
remediationModificationType="None" type="string">
<Description>Role type</Description>
</AttributeDefinition>
<AttributeDefinition name="RouteControl"
remediationModificationType="None" type="string">
 <Description>Route Control name</Description>
</AttributeDefinition>
<AttributeDefinition name="RouteControlDescription"
remediationModificationType="None" type="string">
<Description>Route Control description</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Roles that can be
granted" remediationModificationType="None" type="string">
<Description>Roles that can be granted by this
role</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Roles that can grant"
remediationModificationType="None" type="string">
<Description>Roles that can grant this role</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, UNLOCK, ENABLE, SEARCH, PASSWORD"
icon="internetIcon" name="ServiceNow" type="ServiceNow">
<Attributes>
<Map>
<entry key="ManageRolesforGroup" value="true"/>
<entry key="connectorClass"
value="openconnector.connector.servicenow.ServiceNowConnector"/>
<entry key="encrypted"
value="clientSecret,refreshToken,access_token"/>
<entry key="formPath" value="ServiceNowConnector.xhtml"/>
<entry key="requestParamMap">
<value>
<Map>
<entry key="sysparm_display_value" value="true"/>
</Map>
</value>
</entry>
<entry key="restEndPointMap">
<value>
<Map>
<entry key="oauth_token" value="/oauth_token.do"/>
<entry key="sys_group_has_role"
value="sys_group_has_role"/>
<entry key="sys_user" value="sys_user"/>
<entry key="sys_user_grmember" value="sys_user_grmember"/>
<entry key="sys_user_group" value="sys_user_group"/>
<entry key="sys_user_has_role" value="sys_user_has_role"/>
<entry key="sys_user_role" value="sys_user_role"/>
<entry key="sys_user_role_contains"
value="sys_user_role_contains"/>
<entry key="x_sapo_iiq_connect_sysgrouphasrole"
value="x_sapo_iiq_connect_sysgrouphasrole"/>
<entry key="x_sapo_iiq_connect_sysgrouphasrole_d"
value="x_sapo_iiq_connect_sysgrouphasrole_d"/>
<entry key="x_sapo_iiq_connect_sysuser"
value="x_sapo_iiq_connect_sysuser"/>
<entry key="x_sapo_iiq_connect_sysuser_d"
value="x_sapo_iiq_connect_sysuser_d"/>
<entry key="x_sapo_iiq_connect_sysusergrmember"
value="x_sapo_iiq_connect_sysusergrmember"/>
 <entry key="x_sapo_iiq_connect_sysusergrmember_d"
value="x_sapo_iiq_connect_sysusergrmember_d"/>
<entry key="x_sapo_iiq_connect_sysusergroup"
value="x_sapo_iiq_connect_sysusergroup"/>
<entry key="x_sapo_iiq_connect_sysusergroup_d"
value="x_sapo_iiq_connect_sysusergroup_d"/>
<entry key="x_sapo_iiq_connect_sysuserhasrole"
value="x_sapo_iiq_connect_sysuserhasrole"/>
<entry key="x_sapo_iiq_connect_sysuserhasrole_d"
value="x_sapo_iiq_connect_sysuserhasrole_d"/>
</Map>
</value>
</entry>
<entry key="retryableErrors">
<value>
<List>
<String>Unknown Host</String>
<String>Service Unavailable</String>
</List>
</value>
</entry>
<entry key="serviceNowContextUrl" value="/api/now/"/>
<entry key="serviceNowRestTableApi" value="/table/"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_servicenow_userID"
name="user_name" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_first_name"
name="first_name" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_last_name"
name="last_name" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_department"
name="department" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_title"
name="title" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_password"
name="password" reviewRequired="true" section="" type="secret"/>
<Field
displayName="con_prov_policy_servicenow_password_need_reset"
name="password_needs_reset" reviewRequired="true" section="" type="boolean"/>
<Field displayName="con_prov_policy_servicenow_locked_out"
name="locked_out" reviewRequired="true" section="" type="boolean"/>
<Field displayName="con_prov_policy_servicenow_active"
name="active" reviewRequired="true" section="" type="boolean"/>
<Field displayName="con_prov_policy_servicenow_notifications"
name="notification" reviewRequired="true" section="" type="string">
<AllowedValues>
<String>Disable</String>
<String>Enable</String>
</AllowedValues>
</Field>
<Field
displayName="con_prov_policy_servicenow_calender_integration"
name="calendar_integration" reviewRequired="true" section="" type="string">
<AllowedValues>
<String>-- None --</String>
<String>Outlook</String>
 </AllowedValues>
</Field>
<Field displayName="con_prov_policy_servicenow_time_zone"
name="time_zone" reviewRequired="true" section="" type="string">
<AllowedValues>
<String>System (Americas/Los Angeles)</String>
<String>Canada/Atlantic</String>
<String>Canada/Central</String>
<String>Canada/Eastern</String>
<String>Canada/Mountain</String>
<String>Canada/Pacific</String>
<String>Europe/Amsterdam</String>
<String>Europe/Berlin</String>
<String>Europe/Brussels</String>
<String>Europe/Copenhagen</String>
<String>Europe/Dublin</String>
<String>Europe/London</String>
<String>Europe/Madrid</String>
<String>Europe/Paris</String>
<String>Europe/Rome</String>
<String>Europe/Stockhome</String>
<String>Europe/Zuric</String>
<String>GMT</String>
<String>HongKong</String>
<String>US/Arizona</String>
<String>US/Eastern</String>
<String>US/Certral</String>
<String>US/Hawaii</String>
<String>US/Mountain</String>
<String>US/Pacific</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_servicenow_email"
name="email" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_mobile_phone"
name="mobile_phone" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_business_phone"
name="phone" reviewRequired="true" section="" type="string"/>
</Form>
<Form name="create group" objectType="group" type="Create">
<Field displayName="con_prov_policy_servicenow_group_name"
name="name" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_groupr_email"
name="email" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_manager"
name="manager" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_roles"
filterString="type == &quot;role&quot;" multi="true" name="roles"
reviewRequired="true" section="" type="ManagedAttribute"/>
<Field displayName="con_prov_policy_servicenow_parent"
name="parent" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_group_active"
name="active" reviewRequired="true" section="" type="boolean"/>
<Field displayName="con_prov_policy_servicenow_cost_centre"
name="cost_center" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_default_asignee"
name="default_assignee" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_description"
name="description" reviewRequired="true" section="" type="string"/>
 <Field displayName="con_prov_policy_servicenow_exclude_manager"
name="exclude_manager" reviewRequired="true" section="" type="boolean"/>
</Form>
<Form name="update group" objectType="group" type="Update">
<Field displayName="con_prov_policy_servicenow_group_name"
name="name" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_groupr_email"
name="email" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_manager"
name="manager" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_roles"
filterString="type == &quot;role&quot;" multi="true" name="roles"
reviewRequired="true" section="" type="ManagedAttribute"/>
<Field displayName="con_prov_policy_servicenow_parent"
name="parent" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_group_active"
name="active" reviewRequired="true" section="" type="boolean"/>
<Field displayName="con_prov_policy_servicenow_cost_centre"
name="cost_center" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_default_asignee"
name="default_assignee" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_description"
name="description" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_servicenow_exclude_manager"
name="exclude_manager" reviewRequired="true" section="" type="boolean"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="user_name" groupAttribute="role"
identityAttribute="sys_id" nativeObjectType="account" objectType="account">
<AttributeDefinition name="first_name"
remediationModificationType="None" required="true" type="string">
<Description>First name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="last_name"
remediationModificationType="None" required="true" type="string">
<Description>Last name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="email"
remediationModificationType="None" required="true" type="string">
<Description>Email ID of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="user_name"
remediationModificationType="None" required="true" type="string">
<Description>Name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="department"
remediationModificationType="None" required="true" type="string">
<Description>The user's department name</Description>
</AttributeDefinition>
<AttributeDefinition name="title"
remediationModificationType="None" required="true" type="string">
<Description>Title(designation) of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_id"
remediationModificationType="None" required="true" type="string">
<Description>Unique ID generated by system for
user</Description>
</AttributeDefinition>
 <AttributeDefinition name="phone"
remediationModificationType="None" required="true" type="string">
<Description>Phone number of user</Description>
</AttributeDefinition>
<AttributeDefinition name="calendar_integration"
remediationModificationType="None" required="true" type="string">
<Description>Determines whether change requests assigned to
that user are sent to their Outlook calendar</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_class_name"
remediationModificationType="None" required="true" type="string">
<Description>Class name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="company"
remediationModificationType="None" required="true" type="string">
<Description>The user's company</Description>
</AttributeDefinition>
<AttributeDefinition name="cost_center"
remediationModificationType="None" required="true" type="string">
<Description>Cost centre of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_created_on"
remediationModificationType="None" required="true" type="string">
<Description>Date this user is created in
ServiceNow</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_created_by"
remediationModificationType="None" required="true" type="string">
<Description>Administrator who created the user in
ServiceNow</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>List of groups the user is part of</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" remediationModificationType="None"
schemaObjectType="role" type="string">
<Description>List of roles the user is part of</Description>
</AttributeDefinition>
<AttributeDefinition name="active"
remediationModificationType="None" required="true" type="string">
<Description>Determines whether the user account has been
staged for use</Description>
</AttributeDefinition>
<AttributeDefinition name="building"
remediationModificationType="None" required="true" type="string">
<Description>The building of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="city"
remediationModificationType="None" required="true" type="string">
<Description>The city of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="country"
remediationModificationType="None" required="true" type="string">
<Description>The country of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="location"
remediationModificationType="None" required="true" type="string">
<Description>The location of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="manager"
remediationModificationType="None" required="true" type="string">
<Description>The manager of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="middle_name"
remediationModificationType="None" type="string">
<Description>Middle name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="name"
remediationModificationType="None" required="true" type="string">
<Description>Name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="password_needs_reset"
remediationModificationType="None" required="true" type="string">
<Description>Determines should the user be prompted to change
password at next login</Description>
</AttributeDefinition>
<AttributeDefinition name="default_perspective"
remediationModificationType="None" required="true" type="string">
<Description>Default perspective for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_domain"
remediationModificationType="None" required="true" type="string">
<Description>Domain of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="employee_number"
remediationModificationType="None" required="true" type="string">
<Description>Employee number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="failed_attempts"
remediationModificationType="None" required="true" type="string">
<Description>Number of login failed attempts</Description>
</AttributeDefinition>
<AttributeDefinition name="gender"
remediationModificationType="None" required="true" type="string">
<Description>Gender of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="home_phone"
remediationModificationType="None" required="true" type="string">
<Description>Home phone number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="ldap_server"
remediationModificationType="None" required="true" type="string">
<Description>LDAP server the user has an account. Identifies
which LDAP server authenticates the user when there are multiple LDAP
servers</Description>
</AttributeDefinition>
<AttributeDefinition name="preferred_language"
remediationModificationType="None" required="true" type="string">
<Description>Language spoken by the user</Description>
</AttributeDefinition>
<AttributeDefinition name="last_login"
remediationModificationType="None" required="true" type="string">
<Description>Last login date of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="last_login_time"
remediationModificationType="None" required="true" type="string">
<Description>Time of the last login time for the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="locked_out"
remediationModificationType="None" required="true" type="string">
<Description>Determines if user account is locked</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile_phone"
remediationModificationType="None" required="true" type="string">
<Description>Mobile number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="notification"
remediationModificationType="None" required="true" type="string">
<Description>Determines if the user should be notified for any
changes made on his account.</Description>
</AttributeDefinition>
<AttributeDefinition name="schedule"
remediationModificationType="None" required="true" type="string">
<Description>Schedule of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="state"
remediationModificationType="None" required="true" type="string">
<Description>The state for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="source"
remediationModificationType="None" required="true" type="string">
<Description>Identifies whether LDAP is used to validate a
user. If the Source field starts with ldap, then the user is validated via LDAP. If
the Source field does not start with ldap, then the password on the user record is
used to validate the user upon login</Description>
</AttributeDefinition>
<AttributeDefinition name="street"
remediationModificationType="None" required="true" type="string">
<Description>The street for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="time_format"
remediationModificationType="None" required="true" type="string">
<Description>Time format selected for user to display time
fields</Description>
</AttributeDefinition>
<AttributeDefinition name="time_zone"
remediationModificationType="None" required="true" type="string">
<Description>The timezone for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_updated_on"
remediationModificationType="None" required="true" type="string">
<Description>Last updated time for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_updated_by"
remediationModificationType="None" required="true" type="string">
<Description>The last update for the user occurred
from</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_mod_count"
remediationModificationType="None" required="true" type="string">
<Description>Number of updates for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="vip"
remediationModificationType="None" required="true" type="string">
<Description>Determines if the user is treated as
VIP</Description>
</AttributeDefinition>
<AttributeDefinition name="zip"
remediationModificationType="None" required="true" type="string">
<Description>Zip for the user</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="name"
featuresString="PROVISIONING" identityAttribute="sys_id" nativeObjectType="group"
objectType="group">
<AttributeDefinition name="name"
remediationModificationType="None" required="true" type="string">
<Description>Name of the user group</Description>
</AttributeDefinition>
<AttributeDefinition name="email"
remediationModificationType="None" required="true" type="string">
<Description>Email of the user group</Description>
</AttributeDefinition>
<AttributeDefinition name="manager"
remediationModificationType="None" required="true" type="string">
<Description>Manager of the user group</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true" name="roles"
remediationModificationType="None" required="true" type="role">
<Description>Roles the user group is having</Description>
</AttributeDefinition>
<AttributeDefinition name="parent"
remediationModificationType="None" required="true" type="string">
<Description>Parent group of this user group</Description>
</AttributeDefinition>
<AttributeDefinition name="active"
remediationModificationType="None" required="true" type="boolean">
<Description>Determines whether the user account has been
staged for use</Description>
</AttributeDefinition>
<AttributeDefinition name="cost_center"
remediationModificationType="None" required="true" type="string">
<Description>Cost centre of the user group</Description>
</AttributeDefinition>
<AttributeDefinition name="default_assignee"
remediationModificationType="None" required="true" type="string">
<Description>Default assignee for the user group</Description>
</AttributeDefinition>
<AttributeDefinition name="description"
remediationModificationType="None" required="true" type="string">
<Description>Description of the user group</Description>
</AttributeDefinition>
<AttributeDefinition name="exclude_manager"
remediationModificationType="None" required="true" type="boolean">
<Description>Determines if the manager should be excluded for
the user group</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_created_on"
remediationModificationType="None" required="true" type="string">
<Description>Date the user group is created in
ServiceNow</Description>
</AttributeDefinition>
 <AttributeDefinition name="sys_created_by"
remediationModificationType="None" required="true" type="string">
<Description>Administrator who created the user in
ServiceNow</Description>
</AttributeDefinition>
<AttributeDefinition name="source"
remediationModificationType="None" required="true" type="string">
<Description>Source of the user group</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_id"
remediationModificationType="None" required="true" type="string">
<Description>Unique ID generated by system for user
group</Description>
</AttributeDefinition>
<AttributeDefinition name="type"
remediationModificationType="None" required="true" type="string">
<Description>Type of the user group</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_updated_on"
remediationModificationType="None" required="true" type="string">
<Description>Last updated time for the user group</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_updated_by"
remediationModificationType="None" required="true" type="string">
<Description>The last update for the user group occurred
from</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_mod_count"
remediationModificationType="None" required="true" type="string">
<Description>Number of updates for the user group</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="name"
identityAttribute="sys_id" nativeObjectType="role" objectType="role">
<AttributeDefinition name="sys_replace_on_upgrade"
remediationModificationType="None" required="true" type="string">
<Description>Replace to out of box version during next
upgrade</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_name"
remediationModificationType="None" required="true" type="string">
<Description>System name of the Role</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_updated_on"
remediationModificationType="None" required="true" type="string">
<Description>Last updated</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_id"
remediationModificationType="None" required="true" type="string">
<Description>Unique ID generated by system for
role</Description>
</AttributeDefinition>
<AttributeDefinition name="grantable"
remediationModificationType="None" required="true" type="string">
<Description>Can be granted independently</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_created_on"
remediationModificationType="None" required="true" type="string">
<Description>Created date and time</Description>
 </AttributeDefinition>
<AttributeDefinition name="suffix"
remediationModificationType="None" required="true" type="string">
<Description>Application scope</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_created_by"
remediationModificationType="None" required="true" type="string">
<Description>Created by</Description>
</AttributeDefinition>
<AttributeDefinition name="can_delegate"
remediationModificationType="None" required="true" type="string">
<Description>Can be delegated</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_policy"
remediationModificationType="None" required="true" type="string">
<Description>Determines how application files are protected
when downloaded or installed</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_updated_by"
remediationModificationType="None" required="true" type="string">
<Description>Updated by</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_tags"
remediationModificationType="None" required="true" type="string">
<Description>Tags</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_package"
remediationModificationType="None" required="true" type="string">
<Description>Application name</Description>
</AttributeDefinition>
<AttributeDefinition name="description"
remediationModificationType="None" required="true" type="string">
<Description>Description of the role</Description>
</AttributeDefinition>
<AttributeDefinition name="name"
remediationModificationType="None" required="true" type="string">
<Description>Name of the role</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_class_name"
remediationModificationType="None" required="true" type="string">
<Description>Class name of the role</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_update_name"
remediationModificationType="None" required="true" type="string">
<Description>System updated name</Description>
</AttributeDefinition>
<AttributeDefinition name="elevated_privilege"
remediationModificationType="None" required="true" type="string">
<Description>This role is an elevated privilege</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_mod_count"
remediationModificationType="None" required="true" type="string">
<Description>Number of updates for the role</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_customer_update"
remediationModificationType="None" required="true" type="string">
<Description>Added or modified by customer</Description>
</AttributeDefinition>
<AttributeDefinition name="sys_scope"
remediationModificationType="None" required="true" type="string">
<Description>Scope Name</Description>
</AttributeDefinition>
<AttributeDefinition name="includes_roles"
remediationModificationType="None" required="true" type="string">
<Description>Includes roles</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true" name="roles"
remediationModificationType="None" required="true" type="role">
<Description>Contained roles</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, PASSWORD, ENABLE, SEARCH"
icon="internetIcon" name="G Suite" type="G Suite">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.GoogleAppsDirect"/>
<entry key="encrypted" value="refreshToken,clientSecret"/>
<entry key="formPath" value="GoogleAppsDirect.xhtml"/>
<entry key="isSkipAlias" value="true"/>
<entry key="pageSize" value="100"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_form_GAR_last_name"
helpKey="help_con_form_GAR_family_name" name="familyName" required="true"
section="" type="string"/>
<Field displayName="con_form_GAR_first_name"
helpKey="help_con_form_GAR_given_name" name="givenName" required="true" section=""
type="string"/>
<Field displayName="con_form_GAR_password"
helpKey="help_con_form_GAR_password_user" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_form_GAR_primary_email"
helpKey="help_con_form_GAR_primary_user_email" name="primaryEmail" required="true"
section="" type="string"/>
</Form>
<Form name="group" objectType="group" type="Create">
<Field displayName="con_form_GAR_group_email"
helpKey="help_con_form_GAR_primary_group_email" name="Email" required="true"
section="" type="string"/>
<Field displayName="con_form_GAR_group_name"
helpKey="help_con_form_GAR_primary_group_name" name="name" reviewRequired="true"
section="" type="string"/>
</Form>
<Form name="role" objectType="Role" type="Create">
<Field displayName="con_form_GAR_role_name"
helpKey="help_con_form_GAR_role_name" name="roleName" required="true" section=""
type="string"/>
<Field displayName="con_form_GAR_role_privileges"
helpKey="help_con_form_GAR_role_privileges" multi="true" name="rolePrivileges"
required="true" section="" type="string"/>
<Field displayName="con_form_GAR_role_discription"
helpKey="help_con_form_GAR_role_description" name="roleDescription"
reviewRequired="true" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="primaryEmail"
identityAttribute="objectID" nativeObjectType="account" objectType="account">
<AttributeDefinition name="objectID"
remediationModificationType="None" required="true" type="string">
<Description>Unique ID of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="primaryEmail"
remediationModificationType="None" required="true" type="string">
<Description>Primary E-mail ID of user.</Description>
</AttributeDefinition>
<AttributeDefinition name="name"
remediationModificationType="None" required="true" type="string">
<Description>Full name of the user in JSON
format.</Description>
</AttributeDefinition>
<AttributeDefinition name="isAdmin"
remediationModificationType="None" required="true" type="string">
<Description>Is user an administrator.</Description>
</AttributeDefinition>
<AttributeDefinition name="isDelegatedAdmin"
remediationModificationType="None" required="true" type="string">
<Description>Is user a delegated administrator.</Description>
</AttributeDefinition>
<AttributeDefinition name="lastLoginTime"
remediationModificationType="None" required="true" type="string">
<Description>Last login time of user.</Description>
</AttributeDefinition>
<AttributeDefinition name="suspended"
remediationModificationType="None" required="true" type="string">
<Description>Is user suspended.</Description>
</AttributeDefinition>
<AttributeDefinition name="suspensionReason"
remediationModificationType="None" required="true" type="string">
<Description>Reason for suspension.</Description>
</AttributeDefinition>
<AttributeDefinition name="changePasswordAtNextLogin"
remediationModificationType="None" required="true" type="string">
<Description>Indicates if the user is forced to change password
at next login.</Description>
</AttributeDefinition>
<AttributeDefinition name="ipWhitelisted"
remediationModificationType="None" required="true" type="string">
<Description>Indicate if user's IP address is white
listed.</Description>
</AttributeDefinition>
<AttributeDefinition name="ims"
remediationModificationType="None" required="true" type="string">
<Description>The user's Instant Messenger (IM)
accounts.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails"
remediationModificationType="None" required="true" type="string">
<Description>A list of the user's E-mail
addresses.</Description>
</AttributeDefinition>
 <AttributeDefinition name="externalIds"
remediationModificationType="None" required="true" type="string">
<Description>A list of external IDs for the user, such as an
employee or network ID.</Description>
</AttributeDefinition>
<AttributeDefinition name="relations"
remediationModificationType="None" required="true" type="string">
<Description>A list of the user's relationships to other
users.</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses"
remediationModificationType="None" required="true" type="string">
<Description>A list of the user's addresses.</Description>
</AttributeDefinition>
<AttributeDefinition name="organizations"
remediationModificationType="None" required="true" type="string">
<Description>List of organizations the user belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="phones"
remediationModificationType="None" required="true" type="string">
<Description>A list of the user's phone numbers.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="aliases"
remediationModificationType="None" required="true" type="string">
<Description>List of the user's alias E-mail
addresses.</Description>
</AttributeDefinition>
<AttributeDefinition name="nonEditableAliases"
remediationModificationType="None" required="true" type="string">
<Description>List of the user's non-editable alias E-mail
addresses.</Description>
</AttributeDefinition>
<AttributeDefinition name="customerId"
remediationModificationType="None" required="true" type="string">
<Description>The customer ID to retrieve all account
users.</Description>
</AttributeDefinition>
<AttributeDefinition name="orgUnitPath"
remediationModificationType="None" required="true" type="string">
<Description>The full path of the parent organization
associated with the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="isMailboxSetup"
remediationModificationType="None" required="true" type="string">
<Description>Indicates if the user's Google mailbox is
created.</Description>
</AttributeDefinition>
<AttributeDefinition name="includeInGlobalAddressList"
remediationModificationType="None" required="true" type="string">
<Description>Indicates if the user's profile is visible in
Global Address List when the contact sharing feature is enabled for the
domain.</Description>
</AttributeDefinition>
<AttributeDefinition name="thumbnailPhotoUrl"
remediationModificationType="None" required="true" type="string">
<Description>Photo Url of the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="contacts"
remediationModificationType="None" required="true" type="string">
<Description>Contacts</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Groups" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Groups connected to the user.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Roles" remediationModificationType="None"
schemaObjectType="Role" type="string">
<Description>Roles assigned to the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="fullName"
remediationModificationType="None" required="true" type="string">
<Description>Full Name of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName"
remediationModificationType="None" required="true" type="string">
<Description>First Name of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="familyName"
remediationModificationType="None" required="true" type="string">
<Description>Last Name of the user.</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group"
descriptionAttribute="roleDescription" displayAttribute="roleName"
featuresString="PROVISIONING" identityAttribute="objectID" instanceAttribute=""
nativeObjectType="role" objectType="Role">
<AttributeDefinition name="objectID"
remediationModificationType="None" required="true" type="string">
<Description>roleId of role</Description>
</AttributeDefinition>
<AttributeDefinition name="roleName"
remediationModificationType="None" required="true" type="string">
<Description>Name of the role.</Description>
</AttributeDefinition>
<AttributeDefinition name="roleDescription"
remediationModificationType="None" required="true" type="string">
<Description>Description of role</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="rolePrivileges"
remediationModificationType="None" required="true" type="string">
<Description>Privileges of the role</Description>
</AttributeDefinition>
<AttributeDefinition name="isSystemRole"
remediationModificationType="None" required="true" type="string">
<Description>isSystemRole</Description>
</AttributeDefinition>
<AttributeDefinition name="isSuperAdminRole"
remediationModificationType="None" required="true" type="string">
<Description>isSuperAdminRole</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="name"
featuresString="PROVISIONING" identityAttribute="objectID" nativeObjectType="group"
objectType="group">
<AttributeDefinition name="name"
remediationModificationType="None" required="true" type="string">
<Description>Name of the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="nonEditableAliases"
remediationModificationType="None" required="true" type="string">
<Description>List of the group's non-editable alias E-mail
addresses that are outside of the account's primary domain or sub domains. These
are functioning E-mail addresses used by the group. This is a read-only
property.</Description>
</AttributeDefinition>
<AttributeDefinition name="objectID"
remediationModificationType="None" required="true" type="string">
<Description>ID of group</Description>
</AttributeDefinition>
<AttributeDefinition name="description"
remediationModificationType="None" required="true" type="string">
<Description>Description of the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="adminCreated"
remediationModificationType="None" required="true" type="string">
<Description>Whether it is created by
administrator.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="aliases"
remediationModificationType="None" required="true" type="string">
<Description>Group aliases.</Description>
</AttributeDefinition>
<AttributeDefinition name="email"
remediationModificationType="None" required="true" type="string">
<Description>Group E-mail address.</Description>
</AttributeDefinition>
<AttributeDefinition name="directMembersCount"
remediationModificationType="None" required="true" type="string">
<Description>Number of group members.</Description>
</AttributeDefinition>
<AttributeDefinition name="whoCanJoin"
remediationModificationType="None" required="true" type="string">
<Description>Permissions to join the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="whoCanViewMembership"
remediationModificationType="None" required="true" type="string">
<Description>Permissions to view membership.</Description>
</AttributeDefinition>
<AttributeDefinition name="whoCanViewGroup"
remediationModificationType="None" required="true" type="string">
<Description>Permissions to view group.</Description>
</AttributeDefinition>
<AttributeDefinition name="whoCanInvite"
remediationModificationType="None" required="true" type="string">
<Description>Permissions to invite members.</Description>
</AttributeDefinition>
<AttributeDefinition name="allowExternalMembers"
remediationModificationType="None" required="true" type="string">
<Description>A Boolean indicating if Google Apps users external
to your account can view or become members of this group.</Description>
</AttributeDefinition>
<AttributeDefinition name="whoCanPostMessage"
remediationModificationType="None" required="true" type="string">
<Description>Permissions to post messages to the
group.</Description>
</AttributeDefinition>
<AttributeDefinition name="allowWebPosting"
remediationModificationType="None" required="true" type="string">
<Description>A Boolean indicating if any member allowed to post
to the group web forum.</Description>
</AttributeDefinition>
<AttributeDefinition name="primaryLanguage"
remediationModificationType="None" required="true" type="string">
<Description>Language tag for a group's primary
language.</Description>
</AttributeDefinition>
<AttributeDefinition name="maxMessageBytes"
remediationModificationType="None" required="true" type="string">
<Description>The maximum size of a message.</Description>
</AttributeDefinition>
<AttributeDefinition name="isArchived"
remediationModificationType="None" required="true" type="string">
<Description>A Boolean indicating if the contents of the group
to be archived.</Description>
</AttributeDefinition>
<AttributeDefinition name="archiveOnly"
remediationModificationType="None" required="true" type="string">
<Description>A Boolean indicating if the group to be only
archived.</Description>
</AttributeDefinition>
<AttributeDefinition name="messageModerationLevel"
remediationModificationType="None" required="true" type="string">
<Description>Moderation level for messages.</Description>
</AttributeDefinition>
<AttributeDefinition name="spamModerationLevel"
remediationModificationType="None" required="true" type="string">
<Description>Moderation levels for messages detected as
spam.</Description>
</AttributeDefinition>
<AttributeDefinition name="replyTo"
remediationModificationType="None" required="true" type="string">
<Description>The default reply to a message is sent
here.</Description>
</AttributeDefinition>
<AttributeDefinition name="customReplyTo"
remediationModificationType="None" required="true" type="string">
<Description>An E-mail address used when replying to a
message.</Description>
</AttributeDefinition>
<AttributeDefinition name="sendMessageDenyNotification"
remediationModificationType="None" required="true" type="string">
<Description>A Boolean indicating if the members are notified
if his message is denied by owner.</Description>
</AttributeDefinition>
<AttributeDefinition name="defaultMessageDenyNotificationText"
remediationModificationType="None" required="true" type="string">
<Description>Text sent to the message's author as part of
rejection notification.</Description>
</AttributeDefinition>
<AttributeDefinition name="showInGroupDirectory"
remediationModificationType="None" required="true" type="string">
<Description>A Boolean indicating if group is listed in the
Groups directory.</Description>
 </AttributeDefinition>
<AttributeDefinition name="allowGoogleCommunication"
remediationModificationType="None" required="true" type="string">
<Description>A Boolean allowing Google to contact group
administrators.</Description>
</AttributeDefinition>
<AttributeDefinition name="membersCanPostAsTheGroup"
remediationModificationType="None" required="true" type="string">
<Description>A Boolean indicating if members can post using the
group E-mail address.</Description>
</AttributeDefinition>
<AttributeDefinition name="messageDisplayFont"
remediationModificationType="None" required="true" type="string">
<Description>Default message's display font.</Description>
</AttributeDefinition>
<AttributeDefinition name="includeInGlobalAddressList"
remediationModificationType="None" required="true" type="string">
<Description>A Boolean indicating if group is included in the
Global Address List</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.PeopleSoftHRMSConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING, SEARCH, MANAGER_LOOKUP, ENABLE"
icon="enterpriseIcon" name="PeopleSoft HR/HCM" type="PeopleSoft HCM Database">
<Attributes>
<Map>
<entry key="encrypted" value="domainConnPassword,pspassword"/>
<entry key="formPath" value="PeopleSoftHRMS.xhtml"/>
<entry key="formPathRules" value="PeopleSoftRuleForm.xhtml"/>
<entry key="useConnectorClassloader" value="true"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="NAME" identityAttribute="EMPLID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="EMPLID" type="string">
<Description>ID of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="NAME_PREFIX" type="string">
<Description>Prefix of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="NAME_TITLE" type="string">
<Description>Title of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="NAME_SUFFIX" type="string">
<Description>Suffix of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="FIRST_NAME" type="string">
<Description>First Name of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="PREF_FIRST_NAME" type="string">
<Description>Preferred first name of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="MIDDLE_NAME" type="string">
<Description>Middle Name of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_NAME" type="string">
 <Description>Last Name of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="NAME" type="string">
<Description>Name of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="BIRTHDATE" type="string">
<Description>BirthDate of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="EMAIL_ADDR" type="string">
<Description>Email Address of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="PHONE" type="string">
<Description>Personal Phone of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDRESS1" type="string">
<Description>Postal address1 of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDRESS2" type="string">
<Description>Postal address2 of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDRESS3" type="string">
<Description>Postal address3 of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="CITY" type="string">
<Description>City of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="STATE" type="string">
<Description>State of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="POSTAL" type="string">
<Description>Postal pincode of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="COUNTRY" type="string">
<Description>Country of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="EMPL_RCD" type="string">
<Description>Job employee record</Description>
</AttributeDefinition>
<AttributeDefinition name="PER_ORG" type="string">
<Description>Organization of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="EFFDT" type="string">
<Description>Effective date of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="EMPL_STATUS" type="string">
<Description>Employee status of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="DEPTID" type="string">
<Description>Department ID of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="COMPANY" type="string">
<Description>Company of the employee for current
job</Description>
</AttributeDefinition>
<AttributeDefinition name="JOBCODE" type="string">
<Description>Job Code of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="HR_STATUS" type="string">
<Description>HR status of the job</Description>
 </AttributeDefinition>
<AttributeDefinition name="ACTION" type="string">
<Description>Action code of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="ACTION_REASON" type="string">
<Description>Action reason of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="LOCATION" type="string">
<Description>Location of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="POSITION_NBR" type="string">
<Description>Position number of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="SUPERVISOR_ID" type="string">
<Description>Supervisior ID of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="FULL_PART_TIME" type="string">
<Description>Full part time of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="EMPL_TYPE" type="string">
<Description>Employee type of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="OFFICER_CD" type="string">
<Description>Officer Code of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="EMPL_CLASS" type="string">
<Description>Employee class of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="ACCT_CD" type="string">
<Description>Account code of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="BUSINESS_UNIT" type="string">
<Description>Business unit of the job</Description>
</AttributeDefinition>
<AttributeDefinition name="HR_RESPONSIBLE_ID" type="string">
<Description>HR Responsible ID of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="HIRE_DT" type="string">
<Description>Hiring date of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="TERMINATION_DT" type="string">
<Description>Termination date of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="REPORTS_TO" type="string">
<Description>Reporting to of the employee</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.RACFConnector"
featuresString="DIRECT_PERMISSIONS, NO_RANDOM_ACCESS, DISCOVER_SCHEMA"
icon="mainframeIcon" name="RACF Template" type="RACF">
<PasswordPolicies>
<PasswordPolicyHolder name="default">
<PolicyRef>
<Reference class="sailpoint.object.PasswordPolicy"
id="0a000001723313f381723374464400ec" name="RACF Default Password Policy"/>
</PolicyRef>
</PasswordPolicyHolder>
 </PasswordPolicies>
<Schemas>
<Schema displayAttribute="NAME" identityAttribute="NAME"
includePermissions="true" nativeObjectType="USER" objectType="account">
<AttributeDefinition multi="true" name="CLASSES" type="string"/>
<AttributeDefinition multi="true" name="CATEGORIES"
type="string"/>
<AttributeDefinition name="KERB_NAME" type="string"/>
<AttributeDefinition name="KERB_MAXLIFE" type="string"/>
<AttributeDefinition name="KERB_KEY_VER" type="string"/>
<AttributeDefinition name="KERB_ENCRYPT_DES" type="boolean"/>
<AttributeDefinition name="KERB_ENCRYPT_DES3" type="boolean"/>
<AttributeDefinition name="KERB_ENCRYPT_DESD" type="boolean"/>
<AttributeDefinition name="KERB_ENCRYPT_A128" type="boolean"/>
<AttributeDefinition name="KERB_ENCRYPT_A256" type="boolean"/>
<AttributeDefinition name="KERB_KEY_FROM" type="string"/>
<AttributeDefinition name="NAME" type="string"/>
<AttributeDefinition name="CREATE_DATE" type="string"/>
<AttributeDefinition name="OWNER_ID" type="string"/>
<AttributeDefinition name="ADSP" type="boolean"/>
<AttributeDefinition name="SPECIAL" type="boolean"/>
<AttributeDefinition name="OPER" type="boolean"/>
<AttributeDefinition name="REVOKE" type="boolean"/>
<AttributeDefinition name="GRPACC" type="boolean"/>
<AttributeDefinition name="PWD_INTERVAL" type="string"/>
<AttributeDefinition name="PWD_DATE" type="string"/>
<AttributeDefinition name="PROGRAMMER" type="string"/>
<AttributeDefinition name="DEFGRP_ID" type="string"/>
<AttributeDefinition name="LASTJOB_TIME" type="string"/>
<AttributeDefinition name="LASTJOB_DATE" type="string"/>
<AttributeDefinition name="INSTALL_DATA" type="string"/>
<AttributeDefinition name="UAUDIT" type="boolean"/>
<AttributeDefinition name="AUDITOR" type="boolean"/>
<AttributeDefinition name="NOPWD" type="boolean"/>
<AttributeDefinition name="OIDCARD" type="boolean"/>
<AttributeDefinition name="PWD_GEN" type="string"/>
<AttributeDefinition name="REVOKE_CNT" type="string"/>
<AttributeDefinition name="MODEL" type="string"/>
<AttributeDefinition name="SECLEVEL" type="string"/>
<AttributeDefinition name="REVOKE_DATE" type="string"/>
<AttributeDefinition name="RESUME_DATE" type="string"/>
<AttributeDefinition name="ACCESS_SUN" type="boolean"/>
<AttributeDefinition name="ACCESS_MON" type="boolean"/>
<AttributeDefinition name="ACCESS_TUE" type="boolean"/>
<AttributeDefinition name="ACCESS_WED" type="boolean"/>
<AttributeDefinition name="ACCESS_THU" type="boolean"/>
<AttributeDefinition name="ACCESS_FRI" type="boolean"/>
<AttributeDefinition name="ACCESS_SAT" type="boolean"/>
<AttributeDefinition name="START_TIME" type="string"/>
<AttributeDefinition name="END_TIME" type="string"/>
<AttributeDefinition name="SEC_LABELS" type="string"/>
<AttributeDefinition name="ATTRIBS" type="string"/>
<AttributeDefinition name="PWDENV_EXISTS" type="boolean"/>
<AttributeDefinition name="PWD_ASIS" type="boolean"/>
<AttributeDefinition name="PHR_DATE" type="string"/>
<AttributeDefinition name="PHR_GEN" type="string"/>
<AttributeDefinition name="CERT_SEQN" type="string"/>
<AttributeDefinition name="PPHENV_EXISTS" type="boolean"/>
<AttributeDefinition multi="true" name="ASSOCIATED_MAPPING"
type="string"/>
<AttributeDefinition multi="true" name="CSDATA_CUSTOM"
type="string"/>
<AttributeDefinition name="LNOTES_SHORTNAME" type="string"/>
<AttributeDefinition multi="true" name="CICS_OP_CLASSES"
type="string"/>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="GROUPS" schemaObjectType="group" type="string"/>
<AttributeDefinition name="OVM_UID" type="string"/>
<AttributeDefinition name="OVM_HOME_PATH" type="string"/>
<AttributeDefinition name="OVM_PROGRAM" type="string"/>
<AttributeDefinition name="OVM_FSROOT" type="string"/>
<AttributeDefinition name="PRIMARY_LANGUAGE" type="string"/>
<AttributeDefinition name="SECONDARY_LANGUAGE" type="string"/>
<AttributeDefinition multi="true" name="CICS_RSL_KEY"
type="string"/>
<AttributeDefinition name="LDAP_HOST" type="string"/>
<AttributeDefinition name="LDAP_BIND_DN" type="string"/>
<AttributeDefinition name="NETVIEW_IC" type="string"/>
<AttributeDefinition name="NETVIEW_CONSOLE_NAME" type="string"/>
<AttributeDefinition name="NETVIEW_CTL" type="string"/>
<AttributeDefinition name="NETVIEW_MSGRECVR" type="boolean"/>
<AttributeDefinition name="NETVIEW_NGMFADMN" type="boolean"/>
<AttributeDefinition name="NETVIEW_NGMFVSPN" type="string"/>
<AttributeDefinition name="NDS_UNAME" type="string"/>
<AttributeDefinition name="CICS_OPIDENT" type="string"/>
<AttributeDefinition name="CICS_OPPRTY" type="string"/>
<AttributeDefinition name="CICS_NOFORCE" type="boolean"/>
<AttributeDefinition name="CICS_TIMEOUT" type="string"/>
<AttributeDefinition name="DCE_UUID" type="string"/>
<AttributeDefinition name="DCE_NAME" type="string"/>
<AttributeDefinition name="DCE_HOMECELL" type="string"/>
<AttributeDefinition name="DCE_HOMEUUID" type="string"/>
<AttributeDefinition name="DCE_AUTOLOGIN" type="boolean"/>
<AttributeDefinition multi="true" name="CERTIFICATE"
type="string"/>
<AttributeDefinition multi="true" name="CICS_TSL_KEY"
type="string"/>
<AttributeDefinition name="TSO_ACCOUNT_NAME" type="string"/>
<AttributeDefinition name="TSO_COMMAND" type="string"/>
<AttributeDefinition name="TSO_DEST" type="string"/>
<AttributeDefinition name="TSO_HOLD_CLASS" type="string"/>
<AttributeDefinition name="TSO_JOB_CLASS" type="string"/>
<AttributeDefinition name="TSO_LOGIN_PROC" type="string"/>
<AttributeDefinition name="TSO_LOGIN_SIZE" type="string"/>
<AttributeDefinition name="TSO_MSG_CLASS" type="string"/>
<AttributeDefinition name="TSO_LOGON_MAX" type="string"/>
<AttributeDefinition name="TSO_PERF_GROUP" type="string"/>
<AttributeDefinition name="TSO_SYSOUT_CLASS" type="string"/>
<AttributeDefinition name="TSO_USER_DATA" type="string"/>
<AttributeDefinition name="TSO_UNIT_NAME" type="string"/>
<AttributeDefinition name="TSO_SECLABEL" type="string"/>
<AttributeDefinition multi="true" name="DFP_DATA_RECORDS"
type="string"/>
<AttributeDefinition name="AREA_NAME" type="string"/>
<AttributeDefinition name="BUILDING" type="string"/>
<AttributeDefinition name="DEPARTMENT" type="string"/>
<AttributeDefinition name="ROOM" type="string"/>
<AttributeDefinition name="ADDRESS1" type="string"/>
 <AttributeDefinition name="ADDRESS2" type="string"/>
<AttributeDefinition name="ADDRESS3" type="string"/>
<AttributeDefinition name="ADDRESS4" type="string"/>
<AttributeDefinition name="ACCOUNT_NUMBER" type="string"/>
<AttributeDefinition name="MVS_UID" type="string"/>
<AttributeDefinition name="MVS_HOME_PATH" type="string"/>
<AttributeDefinition name="MVS_PROGRAM" type="string"/>
<AttributeDefinition name="MVS_MAX_CPUTIME" type="string"/>
<AttributeDefinition name="MVS_MAX_ASSSIZE" type="string"/>
<AttributeDefinition name="MVS_MAX_FILEPROC" type="string"/>
<AttributeDefinition name="MVS_MAX_PROC" type="string"/>
<AttributeDefinition name="MVS_MAX_THREADS" type="string"/>
<AttributeDefinition name="MVS_MAX_MAP_STORAGE" type="string"/>
<AttributeDefinition name="MVS_MEM_LIMIT" type="string"/>
<AttributeDefinition name="MVS_SHMEM_LIMIT" type="string"/>
<AttributeDefinition name="NETVIEW_OPCLASS" type="string"/>
<AttributeDefinition name="EIM_LDAPPROFFILE" type="string"/>
</Schema>
<Schema displayAttribute="NAME" identityAttribute="NAME"
includePermissions="true" nativeObjectType="GROUP" objectType="group">
<AttributeDefinition multi="true" name="SUBGROUPNAME"
type="string"/>
<AttributeDefinition multi="true" name="OMVS_GID" type="string"/>
<AttributeDefinition multi="true" name="CSDATA_CUSTOM"
type="string"/>
<AttributeDefinition multi="true" name="MEMBERS" type="string"/>
<AttributeDefinition name="NAME" type="string"/>
<AttributeDefinition name="SUPERIOR_GROUP" type="string"/>
<AttributeDefinition name="CREATE_DATE" type="string"/>
<AttributeDefinition name="OWNER_ID" type="string"/>
<AttributeDefinition name="UACC" type="string"/>
<AttributeDefinition name="NOTERMUACC" type="boolean"/>
<AttributeDefinition name="INSTALL_DATA" type="string"/>
<AttributeDefinition name="GROUP_MODEL" type="string"/>
<AttributeDefinition name="UNIVERSAL" type="boolean"/>
<AttributeDefinition multi="true" name="OVM_GID" type="string"/>
<AttributeDefinition multi="true" name="TME_ROLE" type="string"/>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, AUTHENTICATE, ENABLE, SEARCH, CURRENT_PASSWORD,
PASSWORD" icon="internetIcon" name="BMC Remedy - Direct" type="BMC Remedy -
Direct">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.RemedyITSMConnector"/>
<entry key="formPath" value="RemedyITSMConnector.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="create" objectType="account" type="Create">
<Field displayName="con_form_RIC_login_name"
helpKey="help_con_form_RIC_login_name" name="LoginName" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_form_RIC_full_name"
helpKey="help_con_form_RIC_full_name" name="FullName" required="true"
reviewRequired="true" type="string"/>
 <Field displayName="con_form_RIC_password_change"
helpKey="help_con_form_RIC_password_change" name="ForcePasswordChangeOnLogin"
required="true" reviewRequired="true" type="string" value="No">
<AllowedValues>
<String>Yes</String>
<String>No</String>
</AllowedValues>
</Field>
<Field displayName="con_form_RIC_license_type"
helpKey="help_con_form_RIC_license_type" name="LicenseType" required="true"
reviewRequired="true" type="string" value="Read">
<AllowedValues>
<String>Read</String>
<String>Fixed</String>
<String>Floating</String>
</AllowedValues>
</Field>
<Field displayName="con_form_RIC_password"
helpKey="help_con_form_RIC_password" name="102" required="true"
reviewRequired="true" type="secret"/>
</Form>
<Form name="update" objectType="group" type="Update">
<Field displayName="con_form_RIC_group_name"
helpKey="help_con_form_RIC_group_name" name="GroupName" required="true"
type="string"/>
<Field displayName="con_form_RIC_group_id"
helpKey="help_con_form_RIC_group_id" name="GroupID" required="true" type="string"/>
<Field displayName="con_form_RIC_group_type"
helpKey="help_con_form_RIC_group_type" name="GroupType" required="true"
type="string" value="None">
<AllowedValues>
<String>None</String>
<String>View</String>
<String>Change</String>
</AllowedValues>
</Field>
<Field displayName="con_form_RIC_long_group_name"
helpKey="help_con_form_RIC_long_group_name" name="LongGroupName" required="true"
type="string"/>
<Field displayName="con_form_RIC_group_category"
helpKey="help_con_form_RIC_group_category" name="GroupCategory" required="true"
type="string" value="Regular">
<AllowedValues>
<String>Regular</String>
<String>Dynamic</String>
<String>Computed</String>
</AllowedValues>
</Field>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="LoginName" identityAttribute="RequestID"
nativeObjectType="account" objectType="account">
<AttributeDefinition internalName="101" name="LoginName"
remediationModificationType="None" required="true" type="string">
<Description>Remedy login name</Description>
</AttributeDefinition>
<AttributeDefinition internalName="124"
name="ForcePasswordChangeOnLogin" remediationModificationType="None"
required="true" type="string">
<Description>Set to 'Yes' if the user should be asked to change
his password on next login else set to 'No'</Description>
</AttributeDefinition>
<AttributeDefinition internalName="8" name="FullName"
remediationModificationType="None" required="true" type="string">
<Description>Full name of the user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="7" name="Status"
remediationModificationType="None" type="string">
<Description>Status of the user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="130"
name="AccountDisabledDate" remediationModificationType="None" type="string">
<Description>Account disabled date of the user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="122" name="ApplicationLicense"
remediationModificationType="None" required="true" type="string">
<Description>Application license of the user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="301628563"
name="AppliedDaysAfterExpirationUntilDisablement"
remediationModificationType="None" required="true" type="string">
<Description>Applied Days after expiration until disablement of
the user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="301628564"
name="AppliedNewUserMustChangePassword" remediationModificationType="None"
required="true" type="string">
<Description>Set to 'Yes' if the new user must change
password</Description>
</AttributeDefinition>
<AttributeDefinition internalName="301628562"
name="AppliedNo.DaysbeforeExpiration" remediationModificationType="None"
required="true" type="string">
<Description>Number of days before expiration</Description>
</AttributeDefinition>
<AttributeDefinition internalName="301628561"
name="AppliedNumberofWarningDays" remediationModificationType="None"
required="true" type="string">
<Description>Number of warning days</Description>
</AttributeDefinition>
<AttributeDefinition internalName="301628560"
name="AppliedPasswordEnforcementEnabled" remediationModificationType="None"
type="string">
<Description>Set to 'Yes' if password enforcement is
enabled</Description>
</AttributeDefinition>
<AttributeDefinition internalName="2" name="Creator"
remediationModificationType="None" required="true" type="string">
<Description>Creator of the user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="5" name="LastModifiedBy"
remediationModificationType="None" required="true" type="string">
<Description>Name of the user who last modified the
user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="109" name="LicenseType"
remediationModificationType="None" type="string">
 <Description>License type of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1" name="RequestID"
remediationModificationType="None" required="true" type="string">
<Description>RequestID of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="179" name="UniqueIdentifier"
remediationModificationType="None" required="true" type="string">
<Description>Unique identifier of the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" internalName="104"
managed="true" name="Groups" remediationModificationType="None" required="true"
schemaObjectType="group" type="string">
<Description>Groups connected to the user</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="GroupName" featuresString="PROVISIONING"
identityAttribute="RequestID" nativeObjectType="group" objectType="group">
<AttributeDefinition internalName="9" name="Comments"
remediationModificationType="None" type="string">
<Description>Comments about the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="2" name="Creator"
remediationModificationType="None" required="true" type="string">
<Description>Creator of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="120" name="GroupCategory"
remediationModificationType="None" required="true" type="string">
<Description>Category of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="106" name="GroupID"
remediationModificationType="None" type="string">
<Description>ID of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="105" name="GroupName"
remediationModificationType="None" required="true" type="string">
<Description>Name of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="107" name="GroupType"
remediationModificationType="None" required="true" type="string">
<Description>Type of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="5" name="LastModifiedBy"
remediationModificationType="None" required="true" type="string">
<Description>Name of the user who last modified the
group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="8" name="LongGroupName"
remediationModificationType="None" type="string">
<Description>Long name of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="134" name="ParentGroup"
remediationModificationType="None" required="true" type="string">
<Description>Parent group of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1" name="RequestID"
remediationModificationType="None" required="true" type="string">
<Description>RequestID of the group</Description>
</AttributeDefinition>
 <AttributeDefinition internalName="7" name="Status"
remediationModificationType="None" type="string">
<Description>Status of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="179" name="UniqueIdentifier"
remediationModificationType="None" required="true" type="string">
<Description>Unique identifier of the group</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.SharePointServerConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING" icon="enterpriseIcon"
name="Microsoft SharePoint Server" type="Microsoft SharePoint Server">
<Attributes>
<Map>
<entry key="formPath" value="MicrosoftSharePointServer.xhtml"/>
<entry key="skipDomainGroups" value="true"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Account" objectType="account" type="Create">
<Field displayName="con_prov_policy_sp_AccountName"
helpKey="help_con_prov_policy_sp_AcountName" name="AccountName" required="true"
section="" type="string"/>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field displayName="con_prov_policy_sp_ADGroups" multi="true"
name="ADGroups" reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="DisplayName"
identityAttribute="AccountName" nativeObjectType="User" objectType="account">
<AttributeDefinition name="AccountName" type="string">
<Description>Login name of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="DisplayName" type="string">
<Description>Display name of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserName" type="string">
<Description>sAMAccountName of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="Email" type="string">
<Description>E-mail address of the user.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OwnedGroups"
type="string">
<Description>Groups that the user owns.</Description>
</AttributeDefinition>
<AttributeDefinition name="IsDomainGroup" type="boolean">
<Description>Specifies whether the user is part of Domain
Group.</Description>
</AttributeDefinition>
<AttributeDefinition name="SID" type="string">
<Description>Unique security ID for the network account of the
user.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="SiteCollections"
type="string">
<Description>Site Collections associated with
Account</Description>
</AttributeDefinition>
<AttributeDefinition name="Notes" type="string">
<Description>Notes</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Groups" schemaObjectType="group" type="string">
<Description>Collection of groups of which the user is a
member.</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="Description"
displayAttribute="GroupName" featuresString="PROVISIONING"
identityAttribute="GroupUrl" nativeObjectType="Group" objectType="group">
<AttributeDefinition name="GroupUrl"
remediationModificationType="None" type="string">
<Description>Identity attribute of group in format
"ParentWeb.Url\GroupName".</Description>
</AttributeDefinition>
<AttributeDefinition name="GroupName"
remediationModificationType="None" type="string">
<Description>Name of the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="LoginName"
remediationModificationType="None" type="string">
<Description>Login Name of the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="Description"
remediationModificationType="None" type="string">
<Description>Description for the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="Owner"
remediationModificationType="None" type="string">
<Description>Name of the group owner.</Description>
</AttributeDefinition>
<AttributeDefinition name="ID" remediationModificationType="None"
type="string">
<Description>Identifier (ID) for the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="ParentWeb"
remediationModificationType="None" type="string">
<Description>Parent Web of the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="AllowMembersEditMembership"
remediationModificationType="None" type="string">
<Description>Who can edit the membership.</Description>
</AttributeDefinition>
<AttributeDefinition name="AllowRequestToJoinLeave"
remediationModificationType="None" type="string">
<Description>Whether to allow users to request for membership
of the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="OnlyAllowMembersViewMembership"
remediationModificationType="None" type="string">
<Description>Who can view the membership of the
group.</Description>
</AttributeDefinition>
 <AttributeDefinition name="AutoAcceptRequestToJoinLeave"
remediationModificationType="None" type="string">
<Description>Whether membership requests are automatically
accepted.</Description>
</AttributeDefinition>
<AttributeDefinition name="RequestToJoinLeaveEmailSetting"
remediationModificationType="None" type="string">
<Description>Membership requests to this e-mail
address.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADGroups" type="string">
<Description>Collection of AD groups which are member of this
SharePoint Group.</Description>
</AttributeDefinition>
<AttributeDefinition name="SiteAdmin" type="string">
<Description>Site Collection Administrator</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.SuccessFactorsConnector"
featuresString="SEARCH, PROVISIONING, SYNC_PROVISIONING, MANAGER_LOOKUP"
icon="enterpriseIcon" name="SuccessFactors Template" type="SuccessFactors">
<Attributes>
<Map>
<entry key="aggPageSize" value="200"/>
<entry key="apiTimeout" value="5"/>
<entry key="encrypted" value="private_key, privateKey,
password"/>
<entry key="formPath"
value="SuccessFactorsAttributesForm.xhtml"/>
<entry key="formPathRules"
value="SuccessFactorsRulesForm.xhtml"/>
<entry key="futureOffset" value="30"/>
<entry key="inactiveOffset" value="30"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="FormalName" identityAttribute="PersonID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="PersonID"
remediationModificationType="None" type="string">
<Description>PersonID</Description>
</AttributeDefinition>
<AttributeDefinition name="Person ID External"
remediationModificationType="None" type="string">
<Description>Person ID external</Description>
</AttributeDefinition>
<AttributeDefinition name="Username"
remediationModificationType="None" type="string">
<Description>Username</Description>
</AttributeDefinition>
<AttributeDefinition name="Userid"
remediationModificationType="None" type="string">
<Description>Userid</Description>
</AttributeDefinition>
<AttributeDefinition name="FormalName"
remediationModificationType="None" type="string">
<Description>FormalName</Description>
 </AttributeDefinition>
<AttributeDefinition name="Salutation"
remediationModificationType="None" type="string">
<Description> Salutation</Description>
</AttributeDefinition>
<AttributeDefinition name="FirstName"
remediationModificationType="None" type="string">
<Description>FirstName</Description>
</AttributeDefinition>
<AttributeDefinition name="MiddleName"
remediationModificationType="None" type="string">
<Description>MiddleName</Description>
</AttributeDefinition>
<AttributeDefinition name="LastName"
remediationModificationType="None" type="string">
<Description>LastName</Description>
</AttributeDefinition>
<AttributeDefinition name="PreferredName"
remediationModificationType="None" type="string">
<Description>Preferred Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Date Of Birth"
remediationModificationType="None" type="string">
<Description>Date Of Birth for Employee </Description>
</AttributeDefinition>
<AttributeDefinition name="Gender"
remediationModificationType="None" type="string">
<Description>Gender</Description>
</AttributeDefinition>
<AttributeDefinition name="Department"
remediationModificationType="None" type="string">
<Description>Department Name </Description>
</AttributeDefinition>
<AttributeDefinition name="Division"
remediationModificationType="None" type="string">
<Description>Represent Division name in the organization data
</Description>
</AttributeDefinition>
<AttributeDefinition name="Company"
remediationModificationType="None" type="string">
<Description>The company under which employee
belongs.</Description>
</AttributeDefinition>
<AttributeDefinition name="BusinessUnit"
remediationModificationType="None" type="string">
<Description>Business Unit Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Location"
remediationModificationType="None" type="string">
<Description>Work Location Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Country"
remediationModificationType="None" type="string">
<Description>Name of the country</Description>
</AttributeDefinition>
<AttributeDefinition name="Nationality"
remediationModificationType="None" type="string">
<Description>Nationality </Description>
</AttributeDefinition>
 <AttributeDefinition name="PositionNumber"
remediationModificationType="None" type="string">
<Description>Represent Position Number associated with
Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="JobTitle"
remediationModificationType="None" type="string">
<Description>Represent Job Title Associated with Employee
</Description>
</AttributeDefinition>
<AttributeDefinition name="EmployeeType"
remediationModificationType="None" type="string">
<Description>Represent EmployeeType</Description>
</AttributeDefinition>
<AttributeDefinition name="EmployeeStatus"
remediationModificationType="None" type="string">
<Description>Represent Employee Status</Description>
</AttributeDefinition>
<AttributeDefinition name="PrimaryEmailAddress"
remediationModificationType="None" type="string">
<Description>Primary Email Address</Description>
</AttributeDefinition>
<AttributeDefinition name="Job Classification"
remediationModificationType="None" type="string">
<Description>Job Classification</Description>
</AttributeDefinition>
<AttributeDefinition name="CostCenterID"
remediationModificationType="None" type="string">
<Description>Cost centre ID associated with
employee</Description>
</AttributeDefinition>
<AttributeDefinition name="IsContingentWorker"
remediationModificationType="None" type="string">
<Description>Represent whether Employee is Contingent Worker or
Not </Description>
</AttributeDefinition>
<AttributeDefinition name="FLSA"
remediationModificationType="None" type="string">
<Description>FLSA Status associated with employee</Description>
</AttributeDefinition>
<AttributeDefinition name="AssignmentType"
remediationModificationType="None" type="string">
<Description>Assignment Type</Description>
</AttributeDefinition>
<AttributeDefinition name="ManagerID"
remediationModificationType="None" type="string">
<Description>Manager ID</Description>
</AttributeDefinition>
<AttributeDefinition name="CostCenter"
remediationModificationType="None" type="string">
<Description>Represent Cost center associated with
employee</Description>
</AttributeDefinition>
<AttributeDefinition name="EmployeeClass"
remediationModificationType="None" type="string">
<Description>Represent EmployeeClass</Description>
</AttributeDefinition>
<AttributeDefinition name="IsFullTime"
remediationModificationType="None" type="string">
 <Description>Represent whether Employee is Full Time or Part
Time</Description>
</AttributeDefinition>
<AttributeDefinition name="ServiceDate"
remediationModificationType="None" type="string">
<Description>Service start Date</Description>
</AttributeDefinition>
<AttributeDefinition name="JobInfoLastModified"
remediationModificationType="None" type="string">
<Description>Date when Job Information was Last Modified
</Description>
</AttributeDefinition>
<AttributeDefinition name="Position Entry Date"
remediationModificationType="None" type="string">
<Description>Position Start date for employee</Description>
</AttributeDefinition>
<AttributeDefinition name="LastDateWorked"
remediationModificationType="None" type="string">
<Description>Last Date Worked</Description>
</AttributeDefinition>
<AttributeDefinition name="Address"
remediationModificationType="None" type="string">
<Description>Address of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="BusinessPhone"
remediationModificationType="None" type="string">
<Description>Business Phone</Description>
</AttributeDefinition>
<AttributeDefinition name="BusinessPhoneCountryCode"
remediationModificationType="None" type="string">
<Description>Business Phone Country Code</Description>
</AttributeDefinition>
<AttributeDefinition name="BusinessExtension"
remediationModificationType="None" type="string">
<Description>Business extension</Description>
</AttributeDefinition>
<AttributeDefinition name="CellCountryCode"
remediationModificationType="None" type="string">
<Description>Primary Cell Code</Description>
</AttributeDefinition>
<AttributeDefinition name="Cell"
remediationModificationType="None" type="string">
<Description>Primary Cell</Description>
</AttributeDefinition>
<AttributeDefinition name="Fax"
remediationModificationType="None" type="string">
<Description>Fax Number</Description>
</AttributeDefinition>
<AttributeDefinition name="FutureActions"
remediationModificationType="None" type="string">
<Description>Information about Future Actions in JSON
format</Description>
</AttributeDefinition>
<AttributeDefinition name="Termination Date"
remediationModificationType="None" type="string">
<Description>It populates Termination Date for Employees and
WorkOrder End Date for Contingent Workers.</Description>
</AttributeDefinition>
</Schema>
 </Schemas>
</Application>
<Application connector="sailpoint.connector.AzureADConnector"
featuresString="AUTHENTICATE, PROVISIONING, SYNC_PROVISIONING, PASSWORD, ENABLE,
SEARCH" icon="internetIcon" name="Azure Active Directory" type="Azure Active
Directory">
<Attributes>
<Map>
<entry key="authSearchAttributes">
<value>
<List>
<String>userPrincipalName</String>
</List>
</value>
</entry>
<entry key="encrypted" value="clientSecret"/>
<entry key="formPath" value="AzureADConnector.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create account" objectType="account" type="Create">
<Field displayName="con_prov_policy_azure_ad_accounttype"
name="accountType" postBack="true" reviewRequired="true" section="Account"
type="string" value="User">
<AllowedValuesDefinition>
<Value>
<List>
<String>User</String>
<String>Guest User B2B</String>
<String>Local User B2C</String>
</List>
</Value>
</AllowedValuesDefinition>
<Attributes>
<Map>
<entry key="hidden">
<value>
<Script>
<Source>
import sailpoint.object.Form;

Object objType = field.getValue();

String requiredAttribute = "|userPrincipalName|

displayName|mailNickname|password|";
String booleanAttr = "|sendInvitationMessage|
forceChangePasswordNextLogin|accountEnabled|enableLocalAccount|
b2cForceChangePasswordNextLogin|enableSocialAccount|";
String locationAttr = "|
invitedUserUsageLocation|usageLocation|";

Form.Section section = null ;

for(Form.Section s : form.getSections()) {

if (s != null &amp;&amp; !
(objType.equals(s.getName()) ) &amp;&amp; !("Account".equals(s.getName())) ) {
form.remove(s);
 }
}

switch(objType) {

case "Guest User B2B" : section =

form.getSection("Guest User B2B");
requiredAttribute =
"|invitedUserEmailAddress|inviteRedirectUrl|sendInvitationMessage|";
break;
case "User" : section =
form.getSection("User");
requiredAttribute =
"|userPrincipalName|displayName|mailNickname|password|";
break;
case "Local User B2C" : section =
form.getSection("Local User B2C");
requiredAttribute =
"|signInNameType|signInNameValue|localAccountDisplayName|b2cPassword|";
}

if (section != null &amp;&amp;

section.getFields() != null ) {

for (Object field : section.getFields()) {

String name = field.getName();
if (name != null &amp;&amp;
name.indexOf(":") > 0 ) {
String[] nameKeys =
name.split(":");

if( !(nameKeys.length > 2) ) {

continue;
}

if
( requiredAttribute.contains("|" + nameKeys[2] + "|") ) {
field.setRequired(true);
}

if ( booleanAttr.contains("|" +
nameKeys[2] + "|") ) {
field.setValue("true");
}

if ( locationAttr.contains("|" +
nameKeys[2] + "|") ) {
field.setValue("United
States;US");
}
}
}

return false;
</Source>
 </Script>
</value>
</entry>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_azure_ad_userPrincipalName"
helpKey="help_con_prov_policy_azure_ad_userPrincipalName" name="userPrincipalName"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_password"
helpKey="help_con_prov_policy_azure_ad_password" name="password"
reviewRequired="true" section="User" type="secret"/>
<Field displayName="con_prov_policy_azure_ad_displayName"
helpKey="help_con_prov_policy_azure_ad_displayName" name="displayName"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_mailNickname"
helpKey="help_con_prov_policy_azure_ad_mailNickname" name="mailNickname"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_accountEnabled"
helpKey="help_con_prov_policy_azure_ad_accountEnabled" name="accountEnabled"
reviewRequired="true" section="User" type="boolean" value="true"/>
<Field displayName="con_prov_policy_azure_ad_forceChangePassword"
helpKey="help_con_prov_policy_azure_ad_forceChangePassword"
name="forceChangePasswordNextLogin" reviewRequired="true" section="User"
type="boolean" value="true"/>
<Field displayName="con_prov_policy_azure_ad_department"
helpKey="help_con_prov_policy_azure_ad_department" name="department"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_jobTitle"
helpKey="help_con_prov_policy_azure_ad_jobTitle" name="jobTitle"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_isFederatedDomain"
helpKey="help_con_prov_policy_azure_ad_isFederatedDomain" name="isFederatedDomain"
reviewRequired="true" section="User" type="boolean"/>
<Field displayName="con_prov_policy_azure_ad_immutableId"
helpKey="help_con_prov_policy_azure_ad_immutableId" name="immutableId"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_passwordPolicies"
helpKey="help_con_prov_policy_azure_ad_passwordPolicies" name="passwordPolicies"
reviewRequired="true" section="User" type="string">
<AllowedValues>
<String>DisablePasswordExpiration</String>
<String>DisableStrongPassword</String>
<String>DisablePasswordExpiration,
DisableStrongPassword</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_azure_ad_otherMails"
helpKey="help_con_prov_policy_azure_ad_otherMails" multi="true" name="otherMails"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_givenName"
helpKey="help_con_prov_policy_azure_ad_givenName" name="givenName"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_surname"
helpKey="help_con_prov_policy_azure_ad_surname" name="surname"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_usageLocation"
helpKey="help_con_prov_policy_azure_ad_usageLocation" name="usageLocation"
reviewRequired="true" section="User" type="string" value="United States;US">
 <AllowedValues>
<String>Australia;AU</String>
<String>Canada;CA</String>
<String>France;FR</String>
<String>Germany;DE</String>
<String>Greece;GR</String>
<String>Hong Kong;HK</String>
<String>Hungary;HU</String>
<String>Iceland;IS</String>
<String>India;IN</String>
<String>Israel;IL</String>
<String>Italy;IT</String>
<String>NetherLands;NL</String>
<String>New Zealand;NZ</String>
<String>Peru;PE</String>
<String>Philippines;PH</String>
<String>Poland;PL</String>
<String>Russian federation;RU</String>
<String>South Africa;ZA</String>
<String>Switzerland;CH</String>
<String>Ukrain;UA</String>
<String>United Kingdom;GB</String>
<String>United States;US</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_azure_ad_country"
helpKey="help_con_prov_policy_azure_ad_country" name="country"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_state"
helpKey="help_con_prov_policy_azure_ad_state" name="state" reviewRequired="true"
section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_city"
helpKey="help_con_prov_policy_azure_ad_city" name="city" reviewRequired="true"
section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_streetAddress"
helpKey="help_con_prov_policy_azure_ad_streetAddress" name="streetAddress"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_postalCode"
helpKey="help_con_prov_policy_azure_ad_postalCode" name="postalCode"
reviewRequired="true" section="User" type="string"/>
<Field
displayName="con_prov_policy_azure_ad_physicalDeliveryOfficeName"
helpKey="help_con_prov_policy_azure_ad_physicalDeliveryOfficeName"
name="physicalDeliveryOfficeName" reviewRequired="true" section="User"
type="string"/>
<Field displayName="con_prov_policy_azure_ad_preferredLanguage"
helpKey="help_con_prov_policy_azure_ad_preferredLanguage" name="preferredLanguage"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_telephoneNumber"
helpKey="help_con_prov_policy_azure_ad_telephoneNumber" name="telephoneNumber"
reviewRequired="true" section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_mobile"
helpKey="help_con_prov_policy_azure_ad_mobile" name="mobile" reviewRequired="true"
section="User" type="string"/>
<Field displayName="con_prov_policy_azure_ad_faxNumber"
helpKey="help_con_prov_policy_azure_ad_faxNumber" name="facsimileTelephoneNumber"
reviewRequired="true" section="User" type="string"/>
<Field
displayName="con_prov_policy_azure_ad_invitedUserEmailAddress"
helpKey="help_con_prov_policy_azure_ad_invitedUserEmailAddress"
name="invitedUserEmailAddress" reviewRequired="true" section="Guest User B2B"
type="string"/>
<Field displayName="con_prov_policy_azure_ad_inviteRedirectUrl"
helpKey="help_con_prov_policy_azure_ad_inviteRedirectUrl" name="inviteRedirectUrl"
reviewRequired="true" section="Guest User B2B" type="string"/>
<Field displayName="con_prov_policy_azure_ad_displayName"
helpKey="help_con_prov_policy_azure_ad_invitedUserDisplayName"
name="invitedUserDisplayName" reviewRequired="true" section="Guest User B2B"
type="string"/>
<Field
displayName="con_prov_policy_azure_ad_sendInvitationMessage"
helpKey="help_con_prov_policy_azure_ad_sendInvitationMessage"
name="sendInvitationMessage" reviewRequired="true" section="Guest User B2B"
type="boolean" value="true"/>
<Field displayName="con_prov_policy_azure_ad_usageLocation"
helpKey="help_con_prov_policy_azure_ad_invitedUserUsageLocation"
name="invitedUserUsageLocation" reviewRequired="true" section="Guest User B2B"
type="string" value="United States;US">
<AllowedValues>
<String>Australia;AU</String>
<String>Canada;CA</String>
<String>France;FR</String>
<String>Germany;DE</String>
<String>Greece;GR</String>
<String>Hong Kong;HK</String>
<String>Hungary;HU</String>
<String>Iceland;IS</String>
<String>India;IN</String>
<String>Israel;IL</String>
<String>Italy;IT</String>
<String>NetherLands;NL</String>
<String>New Zealand;NZ</String>
<String>Peru;PE</String>
<String>Philippines;PH</String>
<String>Poland;PL</String>
<String>Russian federation;RU</String>
<String>South Africa;ZA</String>
<String>Switzerland;CH</String>
<String>Ukrain;UA</String>
<String>United Kingdom;GB</String>
<String>United States;US</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_azure_ad_signInNameType"
helpKey="help_con_prov_policy_azure_ad_signInNameType" name="signInNameType"
reviewRequired="true" section="Local User B2C" type="string"/>
<Field displayName="con_prov_policy_azure_ad_signInNameValue"
helpKey="help_con_prov_policy_azure_ad_signInNameValue" name="signInNameValue"
reviewRequired="true" section="Local User B2C" type="string"/>
<Field displayName="con_prov_policy_azure_ad_displayName"
helpKey="help_con_prov_policy_azure_ad_displayName" name="localAccountDisplayName"
reviewRequired="true" section="Local User B2C" type="string"/>
<Field displayName="con_prov_policy_azure_ad_accountEnabled"
helpKey="help_con_prov_policy_azure_ad_accountEnabled" name="enableLocalAccount"
reviewRequired="true" section="Local User B2C" type="boolean"/>
<Field displayName="con_prov_policy_azure_ad_password"
helpKey="help_con_prov_policy_azure_ad_password" name="b2cPassword"
reviewRequired="true" section="Local User B2C" type="secret"/>
 <Field displayName="con_prov_policy_azure_ad_forceChangePassword"
helpKey="help_con_prov_policy_azure_ad_forceChangePassword"
name="b2cForceChangePasswordNextLogin" reviewRequired="true" section="Local User
B2C" type="boolean"/>
</Form>
<Form name="Create group" objectType="group" type="Create">
<Field displayName="con_prov_policy_azure_ad_displayName"
helpKey="help_con_prov_policy_azure_ad_groupDisplayName" name="displayName"
required="true" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_azure_ad_mailNickname"
helpKey="help_con_prov_policy_azure_ad_groupMailNickname" name="mailNickname"
required="true" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_azure_ad_description"
helpKey="help_con_prov_policy_azure_ad_description" name="description"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_azure_ad_groupType"
helpKey="help_con_prov_policy_azure_ad_groupType" name="groupTypes" required="true"
reviewRequired="true" section="" type="string">
<AllowedValues>
<String>Security</String>
<String>Office365</String>
</AllowedValues>
</Field>
</Form>
<Form name="Update group" objectType="group" type="Update">
<Field displayName="con_prov_policy_azure_ad_displayName"
helpKey="help_con_prov_policy_azure_ad_groupDisplayName" name="displayName"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_azure_ad_mailNickname"
helpKey="help_con_prov_policy_azure_ad_groupMailNickname" name="mailNickname"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_azure_ad_description"
helpKey="help_con_prov_policy_azure_ad_description" name="description"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_azure_ad_groupType"
helpKey="help_con_prov_policy_azure_ad_groupType" multi="true" name="groupTypes"
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_azure_ad_groupOwners"
helpKey="help_con_prov_policy_azure_ad_groupOwners" multi="true" name="owners"
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_azure_ad_mailEnabled"
helpKey="help_con_prov_policy_azure_ad_mailEnabled" multi="true" name="mailEnabled"
type="boolean">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
 </Attributes>
</Field>
<Field displayName="con_prov_policy_azure_ad_securityEnabled"
helpKey="help_con_prov_policy_azure_ad_securityEnabled" name="securityEnabled"
type="boolean">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="displayName" identityAttribute="objectId"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="accountEnabled" type="boolean">
<Description>True if the account is enabled; otherwise,
false</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="assignedLicenses"
type="string">
<Description>The licenses that are assigned to the
user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="assignedPlans" type="string">
<Description>The plans that are assigned to the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="city" type="string">
<Description>The city in which the user is
located</Description>
</AttributeDefinition>
<AttributeDefinition name="country" type="string">
<Description>The country/region in which the user is
located</Description>
</AttributeDefinition>
<AttributeDefinition name="department" type="string">
<Description>The name for the department in which the user
works</Description>
</AttributeDefinition>
<AttributeDefinition name="dirSyncEnabled" type="string">
<Description>Indicates whether this object was synced from the
on-premises directory</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="disabledPlans"
type="string">
<Description>The plans that are not assigned to
user</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>The name displayed in the address book for the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="facsimileTelephoneNumber"
type="string">
<Description>The telephone number of the user's business fax
machine</Description>
 </AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>First name of user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>Groups assigned to a user</Description>
</AttributeDefinition>
<AttributeDefinition name="immutableId" type="string">
<Description>This property is used to associate an on-premises
Active
Directory user account to their Azure AD user object</Description>
</AttributeDefinition>
<AttributeDefinition name="jobTitle" type="string">
<Description>The user's job title</Description>
</AttributeDefinition>
<AttributeDefinition name="lastDirSyncTime" type="string">
<Description>Indicates the last time at which the object was
synced with the on-premises directory</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>The SMTP address for the user, for example,
"john@contoso.onmicrosoft.com"</Description>
</AttributeDefinition>
<AttributeDefinition name="mailNickname" type="string">
<Description>The mail alias for the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="signInNames"
type="string">
<Description>Specifies the collection of sign-in names for a
local account in an Azure Active Directory B2C tenant</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="userIdentities"
type="string">
<Description>Specifies the collection of userIdentities for a
social user account in an Azure Active Directory B2C tenant</Description>
</AttributeDefinition>
<AttributeDefinition name="creationType" type="string">
<Description>Indicates whether the user account is a local
account for an Azure Active Directory B2C tenant</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>The primary cellular telephone number for the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="objectId" type="string">
<Description>The unique identifier for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="onPremisesSecurityIdentifier"
type="string">
<Description>Contains the on-premises security identifier (SID)
for the user that was synchronized from on-premises to the cloud</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="otherMails"
type="string">
<Description>A list of additional email addresses for the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="passwordPolicies" type="string">
 <Description>Specifies password policies for the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>The office location in the user's place of
business</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>The ZIP OR postal code for the user's postal
address</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>Preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="proxyAddresses"
type="string">
<Description>Proxy addresses, for example: ["SMTP:
bob@contoso.com", "smtp: bob@sales.contoso.com"]</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" type="string">
<Description>Administrator Role assigned to user</Description>
</AttributeDefinition>
<AttributeDefinition name="sipProxyAddress" type="string">
<Description>Specifies the voice over IP (VOIP) session
initiation protocol (SIP) address for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="state" type="string">
<Description>The state or province in the user's
address</Description>
</AttributeDefinition>
<AttributeDefinition name="streetAddress" type="string">
<Description>The street address of the user's place of
business</Description>
</AttributeDefinition>
<AttributeDefinition name="surname" type="string">
<Description>Last name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>The primary telephone number of the user's place
of business</Description>
</AttributeDefinition>
<AttributeDefinition name="usageLocation" type="string">
<Description>A two letter country code indicating usage
location</Description>
</AttributeDefinition>
<AttributeDefinition name="userPrincipalName" type="string">
<Description>The user principal name (UPN) of the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="userType" type="string">
<Description>Type of the user</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description"
displayAttribute="displayName" featuresString="PROVISIONING"
identityAttribute="objectId" nativeObjectType="group" objectType="group">
 <AttributeDefinition name="description" type="string">
<Description>Description for the group</Description>
</AttributeDefinition>
<AttributeDefinition name="dirSyncEnabled" type="string">
<Description>Indicates whether this object was synced from the
on-premises directory.</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>The display name for the group</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="groupTypes"
type="string">
<Description>Type of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="lastDirSyncTime" type="string">
<Description>Indicates the last time at which the object was
synced with the on-premises directory</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>The SMTP address for the group</Description>
</AttributeDefinition>
<AttributeDefinition name="mailEnabled" type="string">
<Description>Specifies whether the group is
mail-enabled</Description>
</AttributeDefinition>
<AttributeDefinition name="mailNickname" type="string">
<Description>The mail alias for the group</Description>
</AttributeDefinition>
<AttributeDefinition name="objectId" type="string">
<Description>Group ID</Description>
</AttributeDefinition>
<AttributeDefinition name="onPremisesSecurityIdentifier"
type="string">
<Description>Contains the on-premises security identifier (SID)
for the group that was synchronized from on-premises to the cloud</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="proxyAddresses"
type="string">
<Description>Proxy addresses of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="securityEnabled" type="string">
<Description>Specifies whether the group is a security
group</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.SybaseDirectConnector"
featuresString="PROVISIONING, PASSWORD, SYNC_PROVISIONING, SEARCH, UNLOCK, ENABLE,
CURRENT_PASSWORD" icon="databaseIcon" name="Sybase - Direct" type="Sybase -
Direct">
<Attributes>
<Map>
<entry key="formPath" value="SybaseDirectConnector.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create Account" objectType="account" type="Create">
<Field displayName="con_prov_policy_sybase_user_name"
helpKey="help_con_form_sybase_user_name" name="native_identity" required="true"
type="string"/>
<Field displayName="con_prov_policy_sybase_password"
helpKey="help_con_form_sybase_password" name="password" required="true"
type="secret"/>
<Field displayName="con_prov_policy_sybase_default_database"
helpKey="help_con_form_sybase_default_database" name="default_database"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_sybase_default_language"
helpKey="help_con_form_sybase_default_language" name="default_language"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_sybase_full_name"
helpKey="help_con_form_sybase_full_name" name="full_name" reviewRequired="true"
type="string"/>
<Field
displayName="con_prov_policy_sybase_password_expiration_interval"
helpKey="help_con_form_sybase_password_expiration_interval"
name="password_expiration_interval" reviewRequired="true" type="string">
<ValidationScript>
<Source>
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.ArrayList;
String re = "[0-9]*";
Pattern pattern = Pattern.compile(re);
if (password_expiration_interval != null) {
Matcher matcher = pattern.matcher(password_expiration_interval);
if (!matcher.matches()) {
return "Password Expiration Interval should be numeric
value.";
}
}
</Source>
</ValidationScript>
</Field>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Field displayName="con_prov_policy_sybase_role_name"
helpKey="help_con_form_sybase_role_name" name="native_identity" required="true"
type="string"/>
<Field displayName="con_prov_policy_sybase_role_password"
helpKey="help_con_form_sybase_password" name="password" reviewRequired="true"
type="secret"/>
<Field displayName="con_prov_policy_sybase_role_member_roles"
helpKey="help_con_form_sybase_member_roles" multi="true" name="member_roles"
readOnly="true" type="string"/>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field displayName="con_prov_policy_sybase_update_member_roles"
helpKey="help_con_form_sybase_member_roles" multi="true" name="member_roles"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_sybase_role_name"
helpKey="help_con_form_sybase_role_name" name="name" readOnly="true"
type="string"/>
<Field displayName="con_prov_policy_sybase_server_role_id"
helpKey="help_con_form_sybase_server_role_id" name="server_role_id" readOnly="true"
type="string"/>
<Field displayName="con_prov_policy_sybase_password_changed_date"
helpKey="help_con_form_sybase_password_changed_date" name="password_chg_date"
readOnly="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="native_identity"
identityAttribute="native_identity" nativeObjectType="account"
objectType="account">
<AttributeDefinition displayName="name" minable="true"
name="name" required="true" type="string">
<Description>Login user name</Description>
</AttributeDefinition>
<AttributeDefinition displayName="server_user_id" minable="true"
name="server_user_id" required="true" type="string">
<Description>Server user id</Description>
</AttributeDefinition>
<AttributeDefinition displayName="default_database"
minable="true" name="default_database" required="true" type="string">
<Description>Default database</Description>
</AttributeDefinition>
<AttributeDefinition displayName="default_language"
minable="true" name="default_language" required="true" type="string">
<Description>Default language</Description>
</AttributeDefinition>
<AttributeDefinition displayName="full_name" minable="true"
name="full_name" required="true" type="string">
<Description>Full name of login user</Description>
</AttributeDefinition>
<AttributeDefinition displayName="create_date" minable="true"
name="create_date" required="true" type="string">
<Description>Date on which login user is created</Description>
</AttributeDefinition>
<AttributeDefinition displayName="password_chg_date"
minable="true" name="password_chg_date" required="true" type="string">
<Description>Date on which password got changed</Description>
</AttributeDefinition>
<AttributeDefinition displayName="last_login_date" minable="true"
name="last_login_date" required="true" type="string">
<Description>Last login date of the user</Description>
</AttributeDefinition>
<AttributeDefinition displayName="native_identity" minable="true"
name="native_identity" required="true" type="string">
<Description>Native identity is an attribute which acts like a
primary key during aggregation</Description>
</AttributeDefinition>
<AttributeDefinition displayName="status" minable="true"
name="status" required="true" type="string">
<Description>Status of login user like
enable/disable</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Roles associated with login user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="database_groups" remediationModificationType="None"
schemaObjectType="database_group" type="string">
<Description>Database group</Description>
</AttributeDefinition>
 <AttributeDefinition entitlement="true" managed="true"
multi="true" name="aliases" remediationModificationType="None" type="string">
<Description>Aliases associated with login user</Description>
</AttributeDefinition>
<AttributeDefinition displayName="password_expiration_interval"
name="password_expiration_interval" type="string">
<Description>Password expiration interval frequency in
days</Description>
</AttributeDefinition>
<AttributeDefinition displayName="expire_login"
name="expire_login" type="string">
<Description>Expire login of the system</Description>
</AttributeDefinition>
<AttributeDefinition displayName="password_expired"
name="password_expired" type="string">
<Description>Password has expired for user</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="native_identity"
featuresString="PROVISIONING" identityAttribute="native_identity"
nativeObjectType="group" objectType="group">
<AttributeDefinition displayName="server_role_id" minable="true"
name="server_role_id" required="true" type="string">
<Description>ID of the server Role</Description>
</AttributeDefinition>
<AttributeDefinition displayName="native_identity"
name="native_identity" type="string">
<Description>Native identity is an attribute which acts like a
primary key during aggregation</Description>
</AttributeDefinition>
<AttributeDefinition displayName="Role Name" minable="true"
name="name" required="true" type="string">
<Description>Name of the Role</Description>
</AttributeDefinition>
<AttributeDefinition displayName="password_chg_date"
minable="true" name="password_chg_date" type="string">
<Description>Date on which password got changed</Description>
</AttributeDefinition>
<AttributeDefinition displayName="member_roles" minable="true"
multi="true" name="member_roles" type="string">
<Description>Roles which are present under the hierarchy of the
main role</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="native_identity"
identityAttribute="native_identity" nativeObjectType="database_group"
objectType="database_group">
<AttributeDefinition displayName="Group_name" minable="true"
name="Group_name" required="true" type="string">
<Description>Database Group Name</Description>
</AttributeDefinition>
<AttributeDefinition displayName="native_identity"
name="native_identity" type="string">
<Description>Native identity is an attribute which acts like a
primary key during aggregation</Description>
</AttributeDefinition>
<AttributeDefinition displayName="Group_id" name="Group_id"
type="string">
<Description>Database Group ID</Description>
 </AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.DefaultLogicalConnector"
featuresString="COMPOSITE, DISCOVER_SCHEMA" icon="enterpriseIcon" name="Logical
Template" type="Logical">
<Attributes>
<Map>
<entry key="formPath" value="compositeTiers.xhtml"/>
</Map>
</Attributes>
<Schemas>
<Schema objectType="account"/>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="ENABLE, SEARCH, UNSTRUCTURED_TARGETS" icon="internetIcon"
name="Yammer" type="Yammer">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.YammerConnector"/>
<entry key="encrypted" value="token"/>
<entry key="formPath" value="YammerAttributesForm.xhtml"/>
<entry key="setDelay" value="1"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="UserName" identityAttribute="UserID"
nativeObjectType="account" objectType="account">
<AttributeDefinition
displayName="con_prov_policy_yammer_Username" name="UserName"
remediationModificationType="None" required="true" type="string">
<Description>Account's Name</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_Networkdomain" multi="true"
name="NetworkDomain" remediationModificationType="None" required="true"
type="string">
<Description>Network Domain to which account
belongs</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_Location" name="Location"
remediationModificationType="None" required="true" type="string">
<Description>Location of the account</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_Jobtitle" name="JobTitle"
remediationModificationType="None" required="true" type="string">
<Description>Job Title of the account</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_NetworkID" name="NetworkID"
remediationModificationType="None" required="true" type="string">
<Description>Network ID of the account</Description>
</AttributeDefinition>
<AttributeDefinition displayName="con_prov_policy_yammer_UserURL"
name="UserURL" remediationModificationType="None" required="true" type="string">
<Description>Account API URL</Description>
</AttributeDefinition>
<AttributeDefinition displayName="con_prov_policy_yammer_Email"
multi="true" name="Email" remediationModificationType="None" required="true"
type="string">
<Description>Email of account</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_EmailType" multi="true" name="EmailType"
remediationModificationType="None" required="true" type="string">
<Description>Type of Email the account like business email or
personal email</Description>
</AttributeDefinition>
<AttributeDefinition displayName="con_prov_policy_yammer_Admin"
name="Admin" remediationModificationType="None" required="true" type="string">
<Description>Admin for this account</Description>
</AttributeDefinition>
<AttributeDefinition displayName="con_prov_policy_yammer_UserID"
name="UserID" remediationModificationType="None" required="true" type="string">
<Description>Id of account</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_UserType" name="UserType"
remediationModificationType="None" required="true" type="string">
<Description>Type of account</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_FullName" name="FullName"
remediationModificationType="None" required="true" type="string">
<Description>Full Name of account</Description>
</AttributeDefinition>
<AttributeDefinition displayName="con_prov_policy_yammer_Summary"
name="Summary" remediationModificationType="None" required="true" type="string">
<Description>Summary of account</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_NetworkName" name="NetworkName"
remediationModificationType="None" required="true" type="string">
<Description>Name of company network to which account
belongs</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_UserWebURL" name="UserWebURL"
remediationModificationType="None" required="true" type="string">
<Description>Account Web URL</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_Department" name="Department"
remediationModificationType="None" required="true" type="string">
<Description>Department of the account</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Groups" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Group to which account is associated</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="GroupDescription"
displayAttribute="GroupName" identityAttribute="GroupID" nativeObjectType="group"
objectType="group">
<AttributeDefinition
displayName="con_prov_policy_yammer_GroupName" name="GroupName"
remediationModificationType="None" required="true" type="string">
<Description>Name of group</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_GroupURL" name="GroupURL"
remediationModificationType="None" required="true" type="string">
<Description>Group API URL</Description>
</AttributeDefinition>
<AttributeDefinition displayName="con_prov_policy_yammer_GroupID"
name="GroupID" remediationModificationType="None" required="true" type="string">
<Description>ID of group</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_GroupType" name="GroupType"
remediationModificationType="None" required="true" type="string">
<Description>Type of group</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_GroupFullName" name="GroupFullName"
remediationModificationType="None" required="true" type="string">
<Description>Full Name of group</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_GroupWebURL" name="GroupWebURL"
remediationModificationType="None" required="true" type="string">
<Description>Group Web URL</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_GroupDescription" name="GroupDescription"
remediationModificationType="None" required="true" type="string">
<Description>Description of the group</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_GroupPrivacy" name="GroupPrivacy"
remediationModificationType="None" required="true" type="string">
<Description>Message Privacy setting</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_GroupState" name="GroupState"
remediationModificationType="None" required="true" type="string">
<Description>Status of group like active or
inactive</Description>
</AttributeDefinition>
<AttributeDefinition
displayName="con_prov_policy_yammer_GroupMembers" name="GroupMembers"
remediationModificationType="None" required="true" type="string">
<Description>Members belonging to a group</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LDAPConnector"
featuresString="AUTHENTICATE, PROVISIONING, SYNC_PROVISIONING, PASSWORD,
MANAGER_LOOKUP, SEARCH" icon="directory2Icon" name="OpenLDAP Template"
type="OpenLDAP - Direct">
 <Attributes>
<Map>
<entry key="LDAPApplicationVersion" value="2.0"/>
<entry key="charsToEscapeAtEndInDN" value=" "/>
<entry key="charsToEscapeAtStartInDN" value=" #"/>
<entry key="charsToEscapeInDN" value=",+\&quot;&lt;>;"/>
<entry key="charsToEscapeWhileProvisioning" value="/"/>
<entry key="convertHexToCharacter" value="true"/>
<entry key="formPath" value="ldapNISAttributesForm.xhtml"/>
<entry key="groupEntitlementAttr" value="groups"/>
<entry key="keystore"/>
<entry key="passwordAttr" value="userPassword"/>
<entry key="skipBackslashInFilter" value="true"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ldap_user_DN"
helpKey="help_con_prov_policy_ldap_user_DN" name="dn" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_password"
helpKey="help_con_prov_policy_ldap_password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_ldap_full_name"
helpKey="help_con_prov_policy_ldap_full_name" name="cn" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_first_name"
helpKey="help_con_prov_policy_ldap_first_name" name="givenName"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_last_name"
helpKey="help_con_prov_policy_ldap_last_name" name="sn" required="true" section=""
type="string"/>
</Form>
<Form name="group create" objectType="group" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_member"
helpKey="help_con_prov_policy_ldap_member" name="uniqueMember" required="true"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="group create" objectType="posixgroup" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_ldap_GID"
helpKey="help_con_prov_policy_ldap_GID" name="gidNumber" required="true"
reviewRequired="true" section="" type="int"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" type="string"/>
</Form>
<Form name="group create" objectType="nisNetgroup" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" type="string"/>
 <Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" type="string"/>
</Form>
<Form name="edit group" objectType="group" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" section="" type="string"/>
</Form>
<Form name="edit group" objectType="posixgroup" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" type="string"/>
</Form>
<Form name="edit group" objectType="nisNetgroup" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="cn" identityAttribute="dn"
nativeObjectType="inetOrgPerson" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
 <Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups a user is a member</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="posixgroups" schemaObjectType="posixgroup" type="string">
<Description>List of posix groups a user is a
member</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="nisNetgroups" schemaObjectType="nisNetgroup" type="string">
<Description>List of nisnet groups a user is a
member</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
<Description>home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationaliSDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
 </AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdReset" type="string">
<Description>specifies whether the password has been reset by
admin</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="roomNumber" type="string">
<Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street address of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
<Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
 <Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>object classes of the entity</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="cn"
featuresString="PROVISIONING" identityAttribute="dn"
nativeObjectType="groupOfUniqueNames" objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="uniqueMember"/>
<entry key="memberAttribute" value="dn"/>
</Map>
</Attributes>
</Schema>
<Schema displayAttribute="cn" featuresString="PROVISIONING"
identityAttribute="dn" nativeObjectType="nisNetgroup" objectType="nisNetgroup">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="nisNetgroupTriple"
type="string">
<Description>unique member of a nisNetgroup</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="nisNetgroupTriple"/>
<entry key="memberAttribute">
<value>
<List>
 <String>cn</String>
<String>uid</String>
</List>
</value>
</entry>
<entry key="memberPrefix" value="{,"/>
<entry key="memberSuffix" value=",}"/>
</Map>
</Attributes>
</Schema>
<Schema displayAttribute="cn" featuresString="PROVISIONING"
identityAttribute="dn" nativeObjectType="posixgroup" objectType="posixgroup">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="memberUid" type="string">
<Description>unique member of a posixGroup</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="gidNumber" type="string">
<Description>Group ID</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="memberUid"/>
<entry key="memberAttribute">
<value>
<List>
<String>cn</String>
<String>uid</String>
</List>
</value>
</entry>
</Map>
</Attributes>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE, PASSWORD, ENABLE,
UNLOCK, SEARCH" icon="internetIcon" name="Webex" type="Webex">
<Attributes>
<Map>
<entry key="accountAttributeMapping">
<value>
<Map>
<entry key="Active" value="active"/>
<entry key="CategoryID" value="categoryId"/>
<entry key="Company" value="company"/>
<entry key="Description" value="description"/>
<entry key="Email" value="email"/>
<entry key="ExpirationDate" value="expirationDate"/>
<entry key="FirstName" value="firstName"/>
 <entry key="LastName" value="lastName"/>
<entry key="PersonalURL" value="personalUrl"/>
<entry key="Service" value="service"/>
<entry key="TimeZone" value="timeZone"/>
<entry key="TimeZoneWithDST" value="timeZoneWithDST"/>
<entry key="TimezoneID" value="timeZoneID"/>
<entry key="WebexID" value="webExId"/>
<entry key="language" value="language"/>
<entry key="languageID" value="languageID"/>
<entry key="locale" value="locale"/>
<entry key="passwordDaysLeft" value="passwordDaysLeft"/>
<entry key="passwordExpires" value="passwordExpires"/>
<entry key="title" value="title"/>
<entry key="userId" value="userId"/>
<entry key="visitCount" value="visitCount"/>
</Map>
</value>
</entry>
<entry key="authSearchAttributes">
<value>
<List>
<String>WebexID</String>
</List>
</value>
</entry>
<entry key="connectorClass"
value="openconnector.connector.Webex"/>
<entry key="formPath" value="Webex.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_form_webex_webex_ID"
helpKey="help_con_form_webex_webex_ID" name="WebexID" required="true" section=""
type="string"/>
<Field displayName="con_form_webex_first_name"
helpKey="help_con_form_webex_first_name" name="FirstName" required="true"
section="" type="string"/>
<Field displayName="con_form_webex_last_name"
helpKey="help_con_form_webex_last_name" name="LastName" required="true" section=""
type="string"/>
<Field displayName="con_form_webex_email"
helpKey="help_con_form_webex_email" name="Email" required="true" section=""
type="string"/>
<Field displayName="con_form_webex_password"
helpKey="help_con_form_webex_password" name="password" required="true" section=""
type="secret"/>
<Field displayName="con_form_account_type"
helpKey="help_con_form_account_type" name="AccountType" reviewRequired="true"
type="string" value="Host">
<AllowedValues>
<String>SiteAdminWithViewOnly</String>
<String>Host</String>
<String>SiteAdmin</String>
</AllowedValues>
</Field>
</Form>
</ProvisioningForms>
<Schemas>
 <Schema displayAttribute="WebexID" identityAttribute="WebexID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="WebexID"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="FirstName"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="LastName"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Email"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="RegistrationDate"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Active"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="TimezoneID"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Company"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Description"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="CategoryID"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="AddressType"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Country"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Phone"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="MobilePhone"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Fax"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Pager"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="PersonalURL"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="ExpirationDate"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Prod/ServiceAnnouncement"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="TrainingInfo"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="ElectronicInfo"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Promos"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="PressRelease"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="UserEmail"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="UserPhone"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="MailInfo"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="TimeZone"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="TimeZoneWithDST"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Service"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Host"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="TelephoneConferenceCallOut"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition
name="TelephoneConferenceCallOutInternational" remediationModificationType="None"
required="true" type="string"/>
<AttributeDefinition name="TelephoneConferenceCallIn"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="TelephoneConferenceTollFreeCallIn"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="SiteAdmin"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="VOIP"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="SiteAdminwithViewOnly"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="LabAdmin"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="OtherTeleConferencing"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="TeleConferenceCallInInternational"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="AttendeeOnly"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="RecordingEditor"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="MeetingAssist"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="MeetingType" remediationModificationType="None"
schemaObjectType="group" type="string"/>
</Schema>
<Schema displayAttribute="GroupName"
identityAttribute="MeetingTypeID" nativeObjectType="group" objectType="group">
<AttributeDefinition name="GroupName"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="ProductCodePrefix"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="Active"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="DisplayName"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="PrimaryTollCallInNumber"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="PrimaryTollFreeCallInNumber"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="MeetingTypeID"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="ServiceType"
remediationModificationType="None" required="true" type="string"/>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.UnixConnector"
featuresString="NO_RANDOM_ACCESS" icon="enterpriseIcon" name="Unix Template"
type="Unix">
<Schemas>
 <Schema displayAttribute="userName" identityAttribute="userName"
nativeObjectType="User" objectType="account">
<AttributeDefinition name="userId" type="string">
<Description>User Id</Description>
</AttributeDefinition>
<AttributeDefinition name="userName" type="string">
<Description>User Name</Description>
</AttributeDefinition>
<AttributeDefinition name="homeDirectory" type="string">
<Description>Home Directory</Description>
</AttributeDefinition>
<AttributeDefinition name="shell" type="string">
<Description>Login Shell</Description>
</AttributeDefinition>
<AttributeDefinition name="userIdInfo" type="string">
<Description>User Information</Description>
</AttributeDefinition>
<AttributeDefinition name="primaryGroupId" type="string">
<Description>Primary Group Id</Description>
</AttributeDefinition>
<AttributeDefinition name="primaryGroupName" type="string">
<Description>Primary Group Name</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups a user is assigned</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="groupName" identityAttribute="groupName"
nativeObjectType="group" objectType="group">
<AttributeDefinition name="groupName" type="string">
<Description>Group Name</Description>
</AttributeDefinition>
<AttributeDefinition name="groupId" type="string">
<Description>Group Id</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="members" type="string">
<Description>List of users assigned to this group, either
directly or from primary group assignment</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, ENABLE, SEARCH"
icon="internetIcon" name="GoToMeeting" type="GoToMeeting">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.GoToMeeting"/>
<entry key="encrypted" value="token"/>
<entry key="formPath" value="GoToMeeting.xhtml"/>
<entry key="goToMeetingUrl"
value="https://api.getgo.com/G2M/rest"/>
<entry key="restEndPointMap">
<value>
<Map>
<entry key="groups" value="/groups"/>
<entry key="organizers" value="/organizers"/>
 </Map>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_form_gotomeeting_organizer_email"
helpKey="help_con_form_gotomeeting_organizer_email" name="organizerEmail"
required="true" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="Email" identityAttribute="OrganizerKey"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="OrganizerKey"
remediationModificationType="None" required="true" type="string">
<Description>The key of the organizer</Description>
</AttributeDefinition>
<AttributeDefinition name="FirstName"
remediationModificationType="None" required="true" type="string">
<Description>The first name of the organizer</Description>
</AttributeDefinition>
<AttributeDefinition name="LastName"
remediationModificationType="None" required="true" type="string">
<Description>The last name of the organizer</Description>
</AttributeDefinition>
<AttributeDefinition name="Email"
remediationModificationType="None" required="true" type="string">
<Description>Email of the organizer</Description>
</AttributeDefinition>
<AttributeDefinition name="Status"
remediationModificationType="None" required="true" type="string">
<Description>The status of the organizer</Description>
</AttributeDefinition>
<AttributeDefinition name="GroupKey"
remediationModificationType="None" required="true" type="string">
<Description>The group key of the organizer</Description>
</AttributeDefinition>
<AttributeDefinition name="MaximumAttendeesAllowed"
remediationModificationType="None" required="true" type="string">
<Description>Maximum number of allowed attendees for the
meeting</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
name="Groups" remediationModificationType="None" schemaObjectType="group"
type="string">
<Description>The groups which the organizer is a member
of</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="GroupName" identityAttribute="GroupKey"
nativeObjectType="group" objectType="group">
<AttributeDefinition name="GroupName"
remediationModificationType="None" required="true" type="string">
<Description>Name of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="GroupKey"
remediationModificationType="None" required="true" type="string">
 <Description>The key of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="ParentKey"
remediationModificationType="None" required="true" type="string">
<Description>The parent key of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="GroupStatus"
remediationModificationType="None" required="true" type="string">
<Description>The status of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="NumberOfOrganizers"
remediationModificationType="None" required="true" type="string">
<Description>Number of organizers in the group</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LDAPConnector"
featuresString="CURRENT_PASSWORD, PROVISIONING, SYNC_PROVISIONING, ENABLE,
PASSWORD, MANAGER_LOOKUP, SEARCH" icon="directory2Icon" name="RACFLDAP Template"
type="RACF LDAP">
<Attributes>
<Map>
<entry key="dropDefaultGroupConnection">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="formPath" value="ldapAttributesForm.xhtml"/>
<entry key="groupEntitlementAttr" value="racfConnectGroupName"/>
<entry key="iterateModeOverride" value="DEFAULT"/>
<entry key="provisionPropertiesToAllConnections">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="restoreAction" value="ADD"/>
<entry key="restoreAttr" value="racfAttributes"/>
<entry key="restoreVal" value="RESUME"/>
<entry key="revokeAttr" value="racfAttributes"/>
<entry key="revokeVal" value="REVOKE"/>
<entry key="revokedVal" value="REVOKED"/>
<entry key="setGroupAsConnectionOwner">
<value>
<Boolean>true</Boolean>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ldap_user_DN"
helpKey="help_con_prov_policy_racf_ldap_user_DN" name="dn" required="true"
section="" type="string"/>
<Field displayName="con_prov_policy_ldap_password"
helpKey="help_con_prov_policy_ldap_password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_racf_ldap_default_group"
helpKey="help_con_prov_policy_racf_ldap_default_group" name="racfDefaultGroup"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_racf_ldap_owner"
helpKey="help_con_prov_policy_racf_ldap_owner" name="racfOwner"
reviewRequired="true" section="" type="string"/>
<Field
displayName="con_prov_policy_racf_ldap_connection_revokedate"
helpKey="help_con_prov_policy_racf_ldap_connection_revokedate"
name="connection_racfConnectRevokeDate" reviewRequired="true" section=""
type="string"/>
</Form>
<Form name="edit account" objectType="account" type="Update">
<Field
displayName="con_prov_policy_racf_ldap_connection_revokedate"
helpKey="help_con_prov_policy_racf_ldap_connection_revokedate"
name="connection_racfConnectRevokeDate" reviewRequired="true" section=""
type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="racfid" identityAttribute="dn"
nativeObjectType="racfUser" objectType="account">
<AttributeDefinition name="dn" type="string">
<Description>Distinguished name of RACF User</Description>
</AttributeDefinition>
<AttributeDefinition name="racfid" type="string">
<Description>RACF User Id</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>RACF User Object Classes</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="racfAttributes"
type="string">
<Description>RACF Attributes Pertaining To This
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="racfClassName"
type="string">
<Description>Classes in which user is allowed to define
profiles</Description>
</AttributeDefinition>
<AttributeDefinition name="racfDefaultGroup" type="string">
<Description>RACF Default Group of User</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="racfConnectGroupName" schemaObjectType="group" type="string">
<Description>List of groups a RACF User is a
member</Description>
</AttributeDefinition>
<AttributeDefinition name="racfLastAccess" type="string">
<Description>RACF Last Access Date</Description>
</AttributeDefinition>
<AttributeDefinition name="racfProgrammerName" type="string">
<Description>User name associated with the RACF user
ID</Description>
</AttributeDefinition>
<AttributeDefinition name="racfPasswordChangeDate" type="string">
<Description>Last date user changed his password</Description>
</AttributeDefinition>
 <AttributeDefinition name="racfPasswordInterval" type="string">
<Description>Number of days during which a user's password and
password phrase (if set) remain valid</Description>
</AttributeDefinition>
<AttributeDefinition name="racfHavePasswordEnvelope"
type="string">
<Description>RACF User Has Password Envelope</Description>
</AttributeDefinition>
<AttributeDefinition name="racfPassPhraseChangeDate"
type="string">
<Description>Last date user changed his
passphrase</Description>
</AttributeDefinition>
<AttributeDefinition name="racfHavePassPhraseEnvelope"
type="string">
<Description>RACF User Has Password Envelope</Description>
</AttributeDefinition>
<AttributeDefinition name="racfResumeDate" type="string">
<Description>Starting date when user will be allowed to access
the system again</Description>
</AttributeDefinition>
<AttributeDefinition name="racfRevokeDate" type="string">
<Description>Starting date when user will be disallowed to
access the system</Description>
</AttributeDefinition>
<AttributeDefinition name="racfSecurityLabel" type="string">
<Description>Default security label</Description>
</AttributeDefinition>
<AttributeDefinition name="racfSecurityLevel" type="string">
<Description>Security level of user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="racfSecurityCategoryList"
type="string">
<Description>User access to resources is additionally protected
by the security categories</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="racfLogonDays"
type="string">
<Description>Days of the week when the user is allowed to
access the system from a terminal</Description>
</AttributeDefinition>
<AttributeDefinition name="racfLogonTime" type="string">
<Description>Hours in the day when the user is allowed to
access the system from a terminal</Description>
</AttributeDefinition>
<AttributeDefinition name="racfAuthorizationDate" type="string">
<Description>Date when user was defined to RACF</Description>
</AttributeDefinition>
<AttributeDefinition name="racfInstallationData" type="string">
<Description>RACF Installation Data</Description>
</AttributeDefinition>
<AttributeDefinition name="racfDatasetModel" type="string">
<Description>Discrete data set profile name that is used as a
model when new data set profiles are created that have userid as the high-level
qualifier</Description>
</AttributeDefinition>
<AttributeDefinition name="racfOwner" type="string">
<Description>Owner User or owner group</Description>
</AttributeDefinition>
 <AttributeDefinition multi="true" name="racfOperatorClass"
type="string">
<Description>classes assigned to this operator to which BMS
(basic mapping support) messages are to be routed - CICS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="racfOperatorIdentification"
type="string">
<Description>Operator ID for use by BMS - CICS
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="racfOperatorPriority" type="string">
<Description>Priority of the operator - CICS
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="racfTerminalTimeout" type="string">
<Description>Time, in hours and minutes, that the operator is
allowed to be idle before being signed off. - CICS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="racfOperatorReSignon" type="string">
<Description>FORCE means that the user is signed off by CICS
when an XRF takeover occurs - CICS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFAccountNumber" type="string">
<Description>Default TSO account number when logging on - TSO
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFDefaultCommand" type="string">
<Description>Command run during TSO logon - TSO
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFDestination" type="string">
<Description>Default destination to which the system routes
dynamically-allocated SYSOUT data sets - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFHoldClass" type="string">
<Description>Default hold class - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFJobClass" type="string">
<Description>Default job class - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFMessageClass" type="string">
<Description>Default message class - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFTsoSecurityLabel" type="string">
<Description>Security label entered or used during TSO LOGON -
TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFDefaultSysoutClass" type="string">
<Description>Default SYSOUT class - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFDefaultUnit" type="string">
<Description>Default name of a device or group of devices that
a procedure uses for allocations - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFDefaultLoginProc" type="string">
<Description>Default logon procedure name when logging on
through TSO logon panel - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFLogonSize" type="string">
 <Description>Default or requested region size during TSO logon
- TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFMaximumRegionSize" type="string">
<Description>Maximum region size the user can request at logon
- TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="SAFUserdata" type="string">
<Description>Optional installation data defined for the user -
TSO segment</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="racfid" identityAttribute="dn"
nativeObjectType="racfGroup" objectType="group">
<AttributeDefinition name="dn" type="string">
<Description>Distinguished Name of RACF Group</Description>
</AttributeDefinition>
<AttributeDefinition name="racfid" type="string">
<Description>RACF Group Id</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>RACF Group Object Classes</Description>
</AttributeDefinition>
<AttributeDefinition name="racfAuthorizationDate" type="string">
<Description>RACF Authorization Date</Description>
</AttributeDefinition>
<AttributeDefinition name="racfInstallationData" type="string">
<Description>RACF Installation Data</Description>
</AttributeDefinition>
<AttributeDefinition name="racfOwner" type="string">
<Description>Owner of RACF Group</Description>
</AttributeDefinition>
<AttributeDefinition name="racfGroupNoTermUAC" type="string">
<Description>Specifies whether the users present in group are
having universal access authority (UACC) to the Terminal </Description>
</AttributeDefinition>
<AttributeDefinition name="racfSuperiorGroup" type="string">
<Description>RACF Superior Group</Description>
</AttributeDefinition>
<AttributeDefinition name="racfSubGroupName" type="string">
<Description>RACF Sub Group Names</Description>
</AttributeDefinition>
<AttributeDefinition name="racfGroupUniversal" type="string">
<Description>RACF Universal Group</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="racfGroupUserids"
type="string">
<Description>RACF Group Members</Description>
</AttributeDefinition>
<AttributeDefinition name="racfDatasetModel" type="string">
<Description>RACF Data Set Model</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OracleEBSConnector"
featuresString="PROVISIONING, ENABLE, PASSWORD, DISCOVER_SCHEMA, SYNC_PROVISIONING,
AUTHENTICATE" icon="enterpriseIcon" name="Oracle E-Business" type="Oracle E-
Business">
<Attributes>
<Map>
<entry key="disableIndirectAssignment">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="endDateUserEntitlements">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="formPath" value="OracleEBSAttributesForm.xhtml"/>
<entry key="skipFutureAssignedGroups">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="useEffectiveDate">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="useResponsibilityWithApplication">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="usersToAggregate" value="employee"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create Account" objectType="account" type="Create">
<Field
displayName="con_prov_policy_user_create_oracle_ebs_username"
helpKey="help_con_prov_policy_user_create_oracle_ebs_username" name="USER_NAME"
required="true" type="string"/>
<Field
displayName="con_prov_policy_user_create_oracle_ebs_userpassword"
helpKey="help_con_prov_policy_user_create_oracle_ebs_userpassword" name="password"
required="true" type="secret"/>
<Field displayName="con_prov_policy_user_create_oracle_ebs_desc"
helpKey="help_con_prov_policy_user_create_oracle_ebs_desc" name="DESCRIPTION"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_oracle_ebs_sd"
helpKey="help_con_prov_policy_user_create_oracle_ebs_sd" name="START_DATE"
required="true" type="string"/>
<Field displayName="con_prov_policy_user_create_oracle_ebs_ed"
helpKey="help_con_prov_policy_user_create_oracle_ebs_ed" name="END_DATE"
reviewRequired="true" type="string"/>
<Field
displayName="con_prov_policy_user_create_oracle_ebs_pass_exp"
helpKey="help_con_prov_policy_user_create_oracle_ebs_pass_exp" name="PASSWORD_EXPR"
reviewRequired="true" type="string" value="None">
<AllowedValues>
<String>None</String>
<String>Access</String>
<String>Days</String>
 </AllowedValues>
</Field>
<Field
displayName="con_prov_policy_user_create_oracle_ebs_pass_nod"
helpKey="help_con_prov_policy_user_create_oracle_ebs_pass_nod"
name="PASSWORD_NO_OF_DAYS" reviewRequired="true" type="string"/>
<Field
displayName="con_prov_policy_user_create_oracle_ebs_pass_permanent"
helpKey="help_con_prov_policy_user_create_oracle_ebs_pass_permanent"
name="PASSWORD_MODE" reviewRequired="true" type="boolean"/>
<Field
displayName="con_prov_policy_user_create_oracle_ebs_employee_id"
helpKey="help_con_prov_policy_user_create_oracle_ebs_employee_id"
name="EMPLOYEE_ID" reviewRequired="true" type="string"/>
</Form>
<Form name="Create Group" objectType="RESPONSIBILITY"
type="Create">
<Field displayName="con_prov_policy_grp_crt_ora_ebs_respname"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_respname" name="RESPONSIBILITY_NAME"
required="true" type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_appliname"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_appliname" name="APPLICATION_NAME"
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_desc"
helpKey="help_con_prov_policy_grp_cre_ora_ebs_desc" name="DESCRIPTION"
type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_reskey"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_reskey" name="RESPONSIBILITY_KEY"
required="true" type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_sd"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_sd" name="START_DATE" required="true"
type="date"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_ed"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_ed" name="END_DATE"
reviewRequired="true" type="date"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_res_vers"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_res_vers" name="VERSION"
reviewRequired="true" type="string" value="Oracle Application">
<AllowedValues>
<String>Oracle Application</String>
<String>Self_Service Web Application</String>
<String>Oracle Mobile Application</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_data_grpname"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_data_grpname" name="DATA_GROUP_NAME"
required="true" type="string"/>
<Field
displayName="con_prov_policy_grp_crt_ora_ebs_data_grp_appliname"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_data_grp_appliname"
name="DATA_GROUP_APPL_NAME" required="true" type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_menu_name"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_menu_name" name="MENU_NAME"
required="true" type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_req_grpname"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_req_grpname"
name="REQUEST_GROUP_NAME" reviewRequired="true" type="string"/>
<Field
displayName="con_prov_policy_grp_crt_ora_ebs_req_grpappname"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_req_grpappname"
name="REQUEST_GROUP_APPL_NAME" reviewRequired="true" type="string"/>
</Form>
<Form name="Update Group" objectType="RESPONSIBILITY"
type="Update">
<Field displayName="con_prov_policy_grp_crt_ora_ebs_reskey"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_reskey" name="RESPONSIBILITY_KEY"
readOnly="true" type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_appliname"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_appliname" name="APPLICATION_NAME"
readOnly="true" type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_data_grpname"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_data_grpname" name="DATA_GROUP_NAME"
reviewRequired="true" type="string"/>
<Field
displayName="con_prov_policy_grp_crt_ora_ebs_data_grp_appliname"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_data_grp_appliname"
name="DATA_GROUP_APPL_NAME" reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_menu_name"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_menu_name" name="MENU_NAME"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_status"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_status" name="STATUS" readOnly="true"
type="string"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_sd"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_sd" name="START_DATE" readOnly="true"
required="true" type="date"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_ed"
helpKey="help_con_prov_policy_grp_crt_ora_ebs_ed" name="END_DATE"
reviewRequired="true" type="date"/>
<Field displayName="con_prov_policy_grp_crt_ora_ebs_desc"
helpKey="help_con_prov_policy_grp_cre_ora_ebs_desc" name="DESCRIPTION"
type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="USER_NAME" groupAttribute="ROLES"
identityAttribute="USER_NAME" nativeObjectType="account" objectType="account">
<AttributeDefinition name="USER_NAME" type="string">
<Description> Application user name </Description>
</AttributeDefinition>
<AttributeDefinition name="USER_ID" type="string">
<Description> Application user identifier </Description>
</AttributeDefinition>
<AttributeDefinition name="START_DATE" type="string">
<Description> The date at which the user becomes valid
</Description>
</AttributeDefinition>
<AttributeDefinition name="END_DATE" type="string">
<Description> The date at which the user is no longer valid
</Description>
</AttributeDefinition>
<AttributeDefinition name="DESCRIPTION" type="string">
 <Description> Description </Description>
</AttributeDefinition>
<AttributeDefinition name="PASSWORD_DATE" type="string">
<Description> The date when current password was set
</Description>
</AttributeDefinition>
<AttributeDefinition name="PASSWORD_EXPR" type="string">
<Description> The number of accesses left for the password
</Description>
</AttributeDefinition>
<AttributeDefinition name="PASSWORD_NO_OF_DAYS" type="string">
<Description> The number of accesses allowed for the password
</Description>
</AttributeDefinition>
<AttributeDefinition name="EMAIL_ADDRESS" type="string">
<Description> The electronic mail address for the user
</Description>
</AttributeDefinition>
<AttributeDefinition name="FAX" type="string">
<Description> The fax number for the user </Description>
</AttributeDefinition>
<AttributeDefinition name="EMPLOYEE_ID" type="string">
<Description> Identifier of employee to whom the application
user name is assigned </Description>
</AttributeDefinition>
<AttributeDefinition name="EMPLOYEE_NUMBER" type="string">
<Description> Unique number of the employee </Description>
</AttributeDefinition>
<AttributeDefinition name="FULL_NAME" type="string">
<Description> Full name of the user </Description>
</AttributeDefinition>
<AttributeDefinition name="CUSTOMER_ID" type="string">
<Description> Customer contact identifier. If the AOL user is a
customer contact, this value is a foreign key to the corresponding customer contact
</Description>
</AttributeDefinition>
<AttributeDefinition name="CUSTOMER_NAME" type="string">
<Description> Customer name </Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="RESPONSIBILITIES" schemaObjectType="RESPONSIBILITY"
type="string">
<Description> Responsibilities assigned to a user
</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="ROLES" schemaObjectType="ROLE" type="string">
<Description> Roles assigned to a user </Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" descriptionAttribute="DESCRIPTION"
displayAttribute="RESPONSIBILITY_NAME" featuresString="PROVISIONING"
identityAttribute="RESPONSIBILITY_ID" nativeObjectType="RESPONSIBILITY"
objectType="RESPONSIBILITY">
<AttributeDefinition name="RESPONSIBILITY_NAME" type="string">
<Description> Name of the responsibility </Description>
</AttributeDefinition>
<AttributeDefinition name="APPLICATION_NAME" type="string">
<Description> Application that owns the information for the
responsibility </Description>
</AttributeDefinition>
<AttributeDefinition name="RESPONSIBILITY_ID" type="string">
<Description> Responsibility identifier </Description>
</AttributeDefinition>
<AttributeDefinition name="RESPONSIBILITY_KEY" type="string">
<Description> An Internal name for responsibility
</Description>
</AttributeDefinition>
<AttributeDefinition name="START_DATE" type="date">
<Description> The date at which the responsibility becomes
valid </Description>
</AttributeDefinition>
<AttributeDefinition name="END_DATE" type="date">
<Description> The date at which the responsibility is no longer
valid </Description>
</AttributeDefinition>
<AttributeDefinition name="DESCRIPTION" type="string">
<Description> Description </Description>
</AttributeDefinition>
<AttributeDefinition name="STATUS" type="string">
<Description> Status of the responsibility </Description>
</AttributeDefinition>
<AttributeDefinition name="VERSION" type="string">
<Description> Version </Description>
</AttributeDefinition>
<AttributeDefinition name="WEB_HOST_NAME" type="string">
<Description> IP address or alias of the computer where the
Webserver is running. Defaults to the last agent </Description>
</AttributeDefinition>
<AttributeDefinition name="WEB_AGENT_NAME" type="string">
<Description> Name of Oracle Web Agent. Defaults to the last
agent. </Description>
</AttributeDefinition>
<AttributeDefinition name="DATA_GROUP_APPL_NAME" type="string">
<Description> Name of the data group application </Description>
</AttributeDefinition>
<AttributeDefinition name="REQUEST_GROUP_APPL_NAME"
type="string">
<Description> Request Group Application name </Description>
</AttributeDefinition>
<AttributeDefinition name="DATA_GROUP_ID" type="string">
<Description> Identifier of data group. </Description>
</AttributeDefinition>
<AttributeDefinition name="DATA_GROUP_NAME" type="string">
<Description> Name of the Data Group </Description>
</AttributeDefinition>
<AttributeDefinition name="MENU_NAME" type="string">
<Description> Name of the menu </Description>
</AttributeDefinition>
<AttributeDefinition name="REQUEST_GROUP_NAME" type="string">
<Description> Request group name </Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" descriptionAttribute="DESCRIPTION"
displayAttribute="DISPLAY_NAME" identityAttribute="NAME" nativeObjectType="ROLE"
objectType="ROLE">
<AttributeDefinition name="NAME" type="string">
<Description> An internal name for the role </Description>
 </AttributeDefinition>
<AttributeDefinition name="DISPLAY_NAME" type="string">
<Description> The display name of the role </Description>
</AttributeDefinition>
<AttributeDefinition name="DESCRIPTION" type="string">
<Description> Description </Description>
</AttributeDefinition>
<AttributeDefinition name="START_DATE" type="string">
<Description> The date at which the role becomes valid
</Description>
</AttributeDefinition>
<AttributeDefinition name="EXPIRATION_DATE" type="string">
<Description> The date at which the role is no longer valid in
the directory service </Description>
</AttributeDefinition>
<AttributeDefinition name="APPLICATION_NAME" type="string">
<Description> Application that owns the information for the
role </Description>
</AttributeDefinition>
<AttributeDefinition name="STATUS" type="string">
<Description> The availability of the Role to participate in a
workflow process </Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="SUBORDINATE_ROLES" type="ROLE">
<Description> Subordinate roles for a role </Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="SUBORDINATE_RESPONSIBILITIES" type="RESPONSIBILITY">
<Description> Subordinate responsibilities for a role
</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.integration.oim.OIMConnector"
featuresString="PROVISIONING, PROXY, ENABLE, UNLOCK" name="OIM Template"
type="Oracle Identity Manager">
<Attributes>
<Map>
<entry key="formPath" value="OIMAttributesForm.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create Oracle Identity Manager User"
objectType="account" type="Create">
<Field displayName="con_prov_policy_oim_cp_ln" name="Users.Last
Name" required="true" section="" type="string"/>
<Field displayName="con_prov_policy_mi_cp_org"
name="Organizations.Organization Name" required="true" section="" type="string"/>
<Field displayName="con_prov_policy_mi_cp_ut" name="Users.Role"
required="true" section="" type="string"/>
<Field displayName="con_prov_policy_mi_cp_xt"
name="Users.Xellerate Type" required="true" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="Display Name" identityAttribute="User
Login" nativeObjectType="User" objectType="account">
 <AttributeDefinition internalName="Users.First Name" name="First
Name" type="string"/>
<AttributeDefinition internalName="Users.Middle Name"
name="Middle Name" type="string"/>
<AttributeDefinition internalName="Users.Last Name" name="Last
Name" type="string"/>
<AttributeDefinition internalName="Users.Xellerate Type"
name="Design Console Access" type="string"/>
<AttributeDefinition internalName="Users.Email" name="Email"
type="string"/>
<AttributeDefinition internalName="Users.Manager Login"
name="Manager" type="string"/>
<AttributeDefinition internalName="Organizations.Organization
Name" name="Organization" type="string"/>
<AttributeDefinition internalName="Users.Role" name="User Type"
type="string"/>
<AttributeDefinition internalName="Users.Display Name"
name="Display Name" type="string"/>
<AttributeDefinition internalName="Users.User ID" name="User
Login" type="string"/>
<AttributeDefinition internalName="Users.Start Date" name="Start
Date" type="date"/>
<AttributeDefinition internalName="Users.End Date" name="End
Date" type="date"/>
<AttributeDefinition internalName="Users.Provisioning Date"
name="Provisioning Date" type="date"/>
<AttributeDefinition internalName="Users.Deprovisioning Date"
name="Deprovisioning Date" type="date"/>
<AttributeDefinition entitlement="true"
internalName="Groups.Group Name" managed="true" multi="true" name="Roles"
schemaObjectType="group" type="string"/>
</Schema>
<Schema descriptionAttribute="Description"
displayAttribute="Display Name" identityAttribute="Name" nativeObjectType="Role"
objectType="group">
<AttributeDefinition internalName="Groups.Group Name" name="Name"
type="string"/>
<AttributeDefinition internalName="Groups.Role Display Name"
name="Display Name" type="string"/>
<AttributeDefinition internalName="Groups.E-mail" name="Email"
type="string"/>
<AttributeDefinition internalName="Groups.Role Description"
name="Description" type="string"/>
</Schema>
</Schemas>
</Application>
<Application
connector="sailpoint.connector.O365SharepointOnlineConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING, NO_PERMISSIONS_PROVISIONING"
icon="internetIcon" name="Microsoft SharePoint Online" type="Microsoft SharePoint
Online">
<Attributes>
<Map>
<entry key="encrypted" value="client_Secret"/>
<entry key="formPath"
value="SharePointOnlineAttributesForm.xhtml"/>
<entry key="userExclusionList" value="_SPOCache, _SPOCrawler,
_SPOCacheRead,_spocrawler,System Account"/>
<entry key="userPartitions"
value="A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,&a
pos;,_"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Account" objectType="account" type="Create">
<Field
displayName="con_prov_policy_o365_sharepoint_online_UserName"
helpKey="help_con_prov_policy_o365_sharepoint_online_UserName" name="UserName"
required="true" section="" type="string"/>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Field displayName="con_prov_policy_o365_sharepoint_online_Title"
helpKey="help_con_prov_policy_o365_sharepoint_online_Title" name="Title"
required="true" type="string"/>
<Field
displayName="con_prov_policy_o365_sharepoint_online_SiteCollection"
helpKey="help_con_prov_policy_o365_sharepoint_online_SiteCollection"
name="SiteCollection" required="true" type="string"/>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field
displayName="con_prov_policy_o365_sharepoint_online_Description"
helpKey="help_con_prov_policy_o365_sharepoint_online_Description"
name="Description" reviewRequired="true" type="string"/>
<Field
displayName="con_prov_policy_o365_sharepoint_online_GroupOwner"
helpKey="help_con_prov_policy_o365_sharepoint_online_OwnwerTitle" name="OwnerTitle"
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field
displayName="con_prov_policy_o365_sharepoint_online_View_Membership"
helpKey="help_con_prov_policy_o365_sharepoint_online_View_Membership"
name="OnlyAllowMembersViewMembership" reviewRequired="true" type="string"
value="Group Members">
<AllowedValuesDefinition>
<Value>
<List>
<String>Group Members</String>
<String>Everyone</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field
displayName="con_prov_policy_o365_sharepoint_online_Edit_Group_Membership"
helpKey="help_con_prov_policy_o365_sharepoint_online_Edit_Membership"
name="AllowMembersEditMembership" reviewRequired="true" type="string" value="Group
Owner">
<AllowedValuesDefinition>
<Value>
<List>
<String>Group Owner</String>
<String>Group Members</String>
 </List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field
displayName="con_prov_policy_o365_sharepoint_online_Allow_Request_To"
helpKey="help_con_prov_policy_o365_sharepoint_online_Allow_Request"
name="AllowRequestToJoinLeave" reviewRequired="true" type="string" value="No">
<AllowedValuesDefinition>
<Value>
<List>
<String>Yes</String>
<String>No</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field
displayName="con_prov_policy_o365_sharepoint_online_Auto_Accept_Request"
helpKey="help_con_prov_policy_o365_sharepoint_online_Auto_Accept_Membership"
name="AutoAcceptRequestToJoinLeave" reviewRequired="true" type="string" value="No">
<AllowedValuesDefinition>
<Value>
<List>
<String>Yes</String>
<String>No</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field
displayName="con_prov_policy_o365_sharepoint_online_Email_Membership"
helpKey="help_con_prov_policy_o365_sharepoint_online_Request_Email"
name="RequestToJoinLeaveEmailSetting" reviewRequired="true" type="string"/>
<Field
displayName="con_prov_policy_o365_sharepoint_online_AzureGroups"
helpKey="help_con_prov_policy_o365_sharepoint_online_ADAzureGroup" multi="true"
name="Azure AD Groups" reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="Name" identityAttribute="LoginName"
nativeObjectType="user" objectType="account">
<AttributeDefinition name="LoginName" type="string">
<Description>Login Name of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Display Name of user.</Description>
</AttributeDefinition>
<AttributeDefinition name="Email" type="string">
<Description>E-mail address of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="FirstName" type="string">
<Description>First Name of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="LastName" type="string">
<Description>Last Name of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="ID" type="string">
 <Description>Member ID of the user.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Groups" schemaObjectType="group" type="string">
<Description>It specifies all the groups to which user belongs
to.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="SiteCollections"
type="string">
<Description>It specifies all the Site Collections to which
user belongs to.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="AdminOfSites"
type="string">
<Description>It specifies all the Site Collections to which
user is admin of.</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="Description" displayAttribute="Name"
featuresString="PROVISIONING, NO_PERMISSIONS_PROVISIONING" identityAttribute="Group
URL" nativeObjectType="group" objectType="group">
<AttributeDefinition name="ID" type="string">
<Description>Identifier (ID) for the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="Group URL" type="string">
<Description>URL to group in a site collection.</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Display name of the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="Description" type="string">
<Description>Description of the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="OwnerTitle" type="string">
<Description>Owner title of the group.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Azure AD Groups"
type="string">
<Description>Security DomainGroups for SharePoint
Online.</Description>
</AttributeDefinition>
<AttributeDefinition name="AutoAcceptRequestToJoinLeave"
type="string">
<Description>Gets or sets a value that indicates whether the
request to join or leave the group can be accepted automatically.</Description>
</AttributeDefinition>
<AttributeDefinition name="AllowMembersEditMembership"
type="string">
<Description>Gets or sets a value that indicates whether the
group members can edit membership in the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="RequestToJoinLeaveEmailSetting"
type="string">
<Description>Gets or sets the email address to which the
requests of the membership are sent.</Description>
</AttributeDefinition>
<AttributeDefinition name="OnlyAllowMembersViewMembership"
type="string">
<Description>Gets or sets a value that indicates whether only
group members are allowed to view the membership of the group.</Description>
</AttributeDefinition>
<AttributeDefinition name="AllowRequestToJoinLeave"
type="string">
<Description>Gets or sets a value that indicates whether to
allow users to request membership in the group and request to leave the
group.</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, AUTHENTICATE, ENABLE, SEARCH, CURRENT_PASSWORD,
PASSWORD" icon="internetIcon" name="BMC ITSM - Direct" type="BMC ITSM - Direct">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.RemedyITSMConnector"/>
<entry key="formPath" value="RemedyITSMConnector.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="create" objectType="account" type="Create">
<Field displayName="con_form_RIC_first_name"
helpKey="help_con_form_RIC_first_name" name="FirstName" required="true"
type="string"/>
<Field displayName="con_form_RIC_last_name"
helpKey="help_con_form_RIC_last_name" name="LastName" required="true"
type="string"/>
<Field displayName="con_form_RIC_client_type"
helpKey="help_con_form_RIC_client_type" name="ClientType" required="true"
type="string" value="Office-Based Employee">
<AllowedValues>
<String>Office-Based Employee</String>
<String>Field-Based Employee</String>
<String>Home-Based Employee</String>
<String>Contractor</String>
<String>Customer</String>
<String>Prospect</String>
<String>Vendor</String>
</AllowedValues>
</Field>
<Field displayName="con_form_RIC_client_sensitivity"
helpKey="help_con_form_RIC_client_sensitivity" name="ClientSensitivity"
required="true" reviewRequired="true" type="string" value="Sensitive">
<AllowedValues>
<String>Sensitive</String>
<String>Standard</String>
</AllowedValues>
</Field>
<Field displayName="con_form_RIC_vip"
helpKey="help_con_form_RIC_vip" name="VIP" required="true" reviewRequired="true"
type="string" value="Yes">
<AllowedValues>
<String>Yes</String>
<String>No</String>
</AllowedValues>
</Field>
<Field displayName="con_form_RIC_company"
helpKey="help_con_form_RIC_company" name="Company" required="true" type="string"/>
<Field displayName="con_form_RIC_business_number"
helpKey="help_con_form_RIC_business_number" name="BusinessPhoneNumber"
required="true" type="string"/>
<Field displayName="con_form_RIC_remedy_login_id"
helpKey="help_con_form_RIC_remedy_login_id" name="RemedyLoginID" required="true"
type="string"/>
<Field displayName="con_form_RIC_password"
helpKey="help_con_form_RIC_password" name="1000005507" required="true"
type="secret"/>
<Field displayName="con_form_RIC_support_staff"
helpKey="help_con_form_RIC_support_staff" name="SupportStaff" required="true"
reviewRequired="true" type="string" value="No">
<AllowedValues>
<String>Yes</String>
<String>No</String>
</AllowedValues>
</Field>
<Field displayName="con_form_RIC_unrestricted_access"
helpKey="help_con_form_RIC_unrestricted_access" name="UnrestrictedAccess"
required="true" reviewRequired="true" type="string" value="Yes">
<AllowedValues>
<String>Yes</String>
<String>No</String>
</AllowedValues>
</Field>
</Form>
<Form name="update" objectType="group" type="Update">
<Field displayName="con_form_RIC_sp_company"
helpKey="help_con_form_RIC_sp_company" name="Company" required="true"
type="string"/>
<Field displayName="con_form_RIC_sp_organization"
helpKey="help_con_form_RIC_sp_organization" name="SupportOrganization"
required="true" type="string"/>
<Field displayName="con_form_RIC_sp_group_name"
helpKey="help_con_form_RIC_sp_group_name" name="SupportGroupName" required="true"
type="string"/>
<Field displayName="con_form_RIC_sp_group_role"
helpKey="help_con_form_RIC_sp_group_role" name="SupportGroupRole" required="true"
type="string"/>
<Field displayName="con_form_RIC_sp_vendor_group"
helpKey="help_con_form_RIC_sp_vendor_group" name="VendorGroup" required="true"
type="string" value="Yes">
<AllowedValues>
<String>Yes</String>
<String>No</String>
</AllowedValues>
</Field>
<Field displayName="con_form_RIC_sp_on_call_group"
helpKey="help_con_form_RIC_sp_on_call_group" name="OnCallGroup" required="true"
type="string" value="Yes">
<AllowedValues>
<String>Yes</String>
<String>No</String>
</AllowedValues>
</Field>
</Form>
</ProvisioningForms>
<Schemas>
 <Schema displayAttribute="RemedyLoginID"
identityAttribute="PersonID" nativeObjectType="account" objectType="account">
<AttributeDefinition internalName="1" name="PersonID"
remediationModificationType="None" required="true" type="string">
<Description>PersonID of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="4" name="RemedyLoginID"
remediationModificationType="None" type="string">
<Description>Remedy login name</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000019" name="FirstName"
remediationModificationType="None" required="true" type="string">
<Description>First name of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000018" name="LastName"
remediationModificationType="None" required="true" type="string">
<Description>Last name of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000048"
name="InternetEmail" remediationModificationType="None" required="true"
type="string">
<Description>Internet email of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="7" name="Status"
remediationModificationType="None" required="true" type="string">
<Description>Status of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="240000042"
name="AccountingNumber" remediationModificationType="None" type="string">
<Description>Accounting number of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000027"
name="ClientSensitivity" remediationModificationType="None" required="true"
type="string">
<Description>Sensitivity of client</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000022" name="ClientType"
remediationModificationType="None" required="true" type="string">
<Description>Type of client</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000001" name="Company"
remediationModificationType="None" required="true" type="string">
<Description>Company of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000054" name="CorporateID"
remediationModificationType="None" type="string">
<Description>CorporateID of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000056"
name="BusinessPhoneNumber" remediationModificationType="None" type="string">
<Description>Business phone number of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="110"
name="FullTextLicenseType" remediationModificationType="None" required="true"
type="string">
<Description>Full text license type of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000023" name="JobTitle"
remediationModificationType="None" required="true" type="string">
 <Description>Job title of user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="5" name="LastModifiedBy"
remediationModificationType="None" required="true" type="string">
<Description>Name of user who last modified user
attributes</Description>
</AttributeDefinition>
<AttributeDefinition internalName="109" name="LicenseType"
remediationModificationType="None" type="string">
<Description>Type of license</Description>
</AttributeDefinition>
<AttributeDefinition internalName="200000012" name="Region"
remediationModificationType="None" required="true" type="string">
<Description>Region information</Description>
</AttributeDefinition>
<AttributeDefinition internalName="260000001" name="Site"
remediationModificationType="None" required="true" type="string">
<Description>Site information</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000005" name="SiteAddress"
remediationModificationType="None" required="true" type="string">
<Description>Site address information</Description>
</AttributeDefinition>
<AttributeDefinition internalName="200000007" name="SiteGroup"
remediationModificationType="None" required="true" type="string">
<Description>Site group information</Description>
</AttributeDefinition>
<AttributeDefinition internalName="2" name="Submitter"
remediationModificationType="None" required="true" type="string">
<Description>Name of submitter</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000025"
name="SupportStaff" remediationModificationType="None" type="string">
<Description>If user is part of support staff</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000026" name="VIP"
remediationModificationType="None" required="true" type="string">
<Description>If user is VIP</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000003975"
name="UnrestrictedAccess" remediationModificationType="None" required="true"
type="string">
<Description>If user has unrestricted access</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
name="Groups" remediationModificationType="None" required="true"
schemaObjectType="group" type="string">
<Description>Groups connected to user</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="Description"
displayAttribute="SupportGroupName" featuresString="PROVISIONING"
identityAttribute="SupportGroupID" nativeObjectType="group" objectType="group">
<AttributeDefinition internalName="1000000001" name="Company"
remediationModificationType="None" required="true" type="string">
<Description>Support company information</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000000" name="Description"
remediationModificationType="None" required="true" type="string">
 <Description>Group description</Description>
</AttributeDefinition>
<AttributeDefinition internalName="303471800"
name="DisableGroupNotification" remediationModificationType="None" type="string">
<Description>If group notification is disabled</Description>
</AttributeDefinition>
<AttributeDefinition internalName="303500800"
name="GroupNotificationEmail" remediationModificationType="None" type="string">
<Description>Group notification email id</Description>
</AttributeDefinition>
<AttributeDefinition internalName="179" name="instanceId"
remediationModificationType="None" required="true" type="string">
<Description>Instance id of group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="5" name="LastModifiedBy"
remediationModificationType="None" required="true" type="string">
<Description>Name of user who last modified the
group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="7" name="Status"
remediationModificationType="None" type="string">
<Description>Status of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="2" name="Creator"
remediationModificationType="None" required="true" type="string">
<Description>Creator of the group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1" name="SupportGroupID"
remediationModificationType="None" required="true" type="string">
<Description>Support group id</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000015"
name="SupportGroupName" remediationModificationType="None" required="true"
type="string">
<Description>Support group name</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000570"
name="SupportGroupRole" remediationModificationType="None" type="string">
<Description>Support group role name</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000014"
name="SupportOrganization" remediationModificationType="None" required="true"
type="string">
<Description>Support group organisation name</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000572" name="UsesOLA"
remediationModificationType="None" required="true" type="string">
<Description>If the group uses OLAs</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000571" name="UsesSLA"
remediationModificationType="None" required="true" type="string">
<Description>If the group uses SLAs</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000003745" name="VendorGroup"
remediationModificationType="None" type="string">
<Description>If the group is a vendor group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="1000000902" name="OnCallGroup"
remediationModificationType="None" type="string">
 <Description>If the group is a On call group</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, ENABLE, SEARCH"
icon="internetIcon" name="Box" type="Box">
<Attributes>
<Map>
<entry key="BOX_URL_20" value="api.box.com"/>
<entry key="connectorClass"
value="openconnector.connector.BoxNetConnector"/>
<entry key="deltaGroupEventsList">
<value>
<List>
<String>GROUP_CREATION</String>
<String>GROUP_DELETION</String>
<String>GROUP_EDITED</String>
</List>
</value>
</entry>
<entry key="deltaUserEventsList">
<value>
<List>
<String>DELETE_USER</String>
<String>NEW_USER</String>
<String>EDIT_USER</String>
<String>GROUP_ADD_USER</String>
<String>GROUP_REMOVE_USER</String>
</List>
</value>
</entry>
<entry key="encrypted"
value="client_secret,access_token,refresh_token,box_token_info,private_key,private_
key_password"/>
<entry key="formPath" value="BoxNetAttributesForm.xhtml"/>
<entry key="groupEntitlementAttr" value="memberof"/>
<entry key="group_membership_access_level" value="member"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_box_direct_Name"
helpKey="help_prov_policy_box_enterusername" name="name" required="true"
type="string"/>
<Field displayName="con_prov_policy_box_direct_LoginId"
helpKey="help_prov_policy_box_emailid" name="login" required="true" type="string"/>
<Field displayName="con_prov_policy_box_direct_Spaceamount"
helpKey="help_prov_policy_box_storage" name="space_amount" reviewRequired="true"
type="long"/>
<Field displayName="con_prov_policy_box_direct_Unlimited"
helpKey="help_prov_policy_box_unlimited" name="unlimited" reviewRequired="true"
type="string">
<AllowedValuesDefinition>
<Value>
<List>
<String>Yes</String>
<String>No</String>
 </List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field displayName="con_prov_policy_box_direct_Role"
helpKey="help_prov_policy_box_role" name="role" reviewRequired="true"
type="string">
<AllowedValuesDefinition>
<Value>
<List>
<String>coadmin</String>
<String>user</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field displayName="con_prov_policy_box_direct_Inactiveaccount"
helpKey="help_prov_policy_box_statusinactive" name="status" reviewRequired="true"
type="boolean"/>
</Form>
<Form name="create group" objectType="group" type="Create">
<Field displayName="con_prov_policy_box_direct_CreateGroupName"
helpKey="help_prov_policy_box_groupname" name="name" required="true"
type="string"/>
</Form>
<Form name="update group" objectType="group" type="Update">
<Field displayName="con_prov_policy_box_direct_UpdateGroupName"
name="name" reviewRequired="true" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="name" identityAttribute="id"
nativeObjectType="user" objectType="account">
<AttributeDefinition name="id" remediationModificationType="None"
type="string">
<Description>User ID</Description>
</AttributeDefinition>
<AttributeDefinition name="name"
remediationModificationType="None" type="string">
<Description>User name</Description>
</AttributeDefinition>
<AttributeDefinition name="login"
remediationModificationType="None" type="string">
<Description>Email id used to login</Description>
</AttributeDefinition>
<AttributeDefinition name="role"
remediationModificationType="None" type="string">
<Description>User role</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="memberof" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Member of</Description>
</AttributeDefinition>
<AttributeDefinition name="space_amount"
remediationModificationType="None" type="int">
<Description>Space allocated to the user</Description>
</AttributeDefinition>
<AttributeDefinition name="max_upload_size"
remediationModificationType="None" type="int">
<Description>The maximum individual file size in bytes this
user can have</Description>
</AttributeDefinition>
<AttributeDefinition name="is_sync_enabled"
remediationModificationType="None" type="boolean">
<Description>Whether the user can use sync</Description>
</AttributeDefinition>
<AttributeDefinition name="job_title"
remediationModificationType="None" type="string">
<Description>The user's job title, displayed on their profile
page</Description>
</AttributeDefinition>
<AttributeDefinition name="phone"
remediationModificationType="None" type="string">
<Description>The user's phone number, displayed on their
profile page</Description>
</AttributeDefinition>
<AttributeDefinition name="address"
remediationModificationType="None" type="string">
<Description>Address</Description>
</AttributeDefinition>
<AttributeDefinition name="language"
remediationModificationType="None" type="string">
<Description>User language</Description>
</AttributeDefinition>
<AttributeDefinition name="status"
remediationModificationType="None" type="string">
<Description>User is enable or disable</Description>
</AttributeDefinition>
<AttributeDefinition name="can_see_managed_users"
remediationModificationType="None" type="boolean">
<Description>User is managed user</Description>
</AttributeDefinition>
<AttributeDefinition name="is_exempt_from_device_limits"
remediationModificationType="None" type="boolean">
<Description>user from Enterprise device limits</Description>
</AttributeDefinition>
<AttributeDefinition name="is_exempt_from_login_verification"
remediationModificationType="None" type="boolean">
<Description>user can use two-factor
authentication</Description>
</AttributeDefinition>
<AttributeDefinition name="enterprise"
remediationModificationType="None" type="string">
<Description>User enterprise</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="name" featuresString="PROVISIONING"
identityAttribute="id" nativeObjectType="group" objectType="group">
<AttributeDefinition name="id" remediationModificationType="None"
type="string">
<Description>Group ID</Description>
</AttributeDefinition>
<AttributeDefinition name="name"
remediationModificationType="None" type="string">
<Description>group name</Description>
</AttributeDefinition>
</Schema>
 </Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, ENABLE, UNLOCK, SEARCH,
UNSTRUCTURED_TARGETS, PASSWORD, CURRENT_PASSWORD" icon="enterpriseIcon"
name="Solaris - Direct" type="Solaris - Direct">
<Attributes>
<Map>
<entry key="ConnectorCode" value="Solaris"/>
<entry key="GroupDBFormat">
<value>
<List>
<String>groupname</String>
<String>password</String>
<String>groupid</String>
<String>memberlist</String>
</List>
</value>
</entry>
<entry key="NoOutput" value="none"/>
<entry key="PasswdBasicErrors">
<value>
<Map>
<entry key="Permission denied" value="Permission denied"/>
<entry key="You are not authorized to change" value="You
are not authorized to change password"/>
<entry key="passwd: not found." value="passwd: not
found."/>
<entry key="sudo: not found." value="sudo: not found."/>
</Map>
</value>
</entry>
<entry key="PasswdErrors">
<value>
<Map>
<entry key="BAD PASSWORD: is too similar to the old one"
value="BAD PASSWORD: Password is too similar to the old one."/>
<entry key="BAD PASSWORD: it is based on a dictionary word"
value="BAD PASSWORD: Password is based on a dictionary word."/>
<entry key="Error changing password" value="Error changing
password."/>
<entry key="Password read timed out." value="Password read
timed out."/>
<entry key="Sorry, try again." value="Invalid sudo user
password."/>
<entry key="is not in the sudoers file. This incident will
be reported." value="sudo user not configured."/>
<entry key="passwd: Authentication token manipulation
error" value="Invalid current user password."/>
<entry key="passwd: Password too short" value="Password too
short"/>
<entry key="passwd: The password must contain at least 1
numeric or special character(s)." value="The password must contain at least 1
numeric or special character(s)."/>
<entry key="passwd: They don&apos;t match." value="Password
don&apos;t match."/>
</Map>
</value>
</entry>
 <entry key="PasswdPrompts">
<value>
<Map>
<entry key="0">
<value>
<Map>
<entry key="Enter existing login password:"
value="CurrentPassword"/>
</Map>
</value>
</entry>
<entry key="1">
<value>
<Map>
<entry key="New Password:" value="NewPassword"/>
</Map>
</value>
</entry>
<entry key="2">
<value>
<Map>
<entry key="Re-enter new Password:"
value="NewPassword"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="PasswdSuccess">
<value>
<List>
<String>passwd: password successfully changed for</String>
</List>
</value>
</entry>
<entry key="Prompt" value="SAILPOINT>"/>
<entry key="PwdDBFormat">
<value>
<List>
<String>username</String>
<String>password</String>
<String>uid</String>
<String>primgrp</String>
<String>comment</String>
<String>home</String>
<String>shell</String>
</List>
</value>
</entry>
<entry key="SSHLoginTimeout" value="1000"/>
<entry key="SetPrompt" value="PS1=&apos;SAILPOINT>&apos;"/>
<entry key="ShadowDBFormat">
<value>
<List>
<String>username</String>
<String>password</String>
<String>pwdlastchg</String>
<String>pwdminage</String>
 <String>pwdmaxage</String>
<String>pwdwarn</String>
<String>inactive</String>
<String>expire</String>
<String>failedretries</String>
</List>
</value>
</entry>
<entry key="SudoBasicError" value="sudo: Command not found."/>
<entry key="SudoBasicErrorCode" value="127"/>
<entry key="SudoError" value="Sorry, try again."/>
<entry key="SudoErrorCode" value="1"/>
<entry key="aggregation.account" value="cat /etc/passwd | grep -v
&apos;^+&apos; | grep -v &apos;^-&apos;"/>
<entry key="aggregation.group" value="cat /etc/group | grep -v
&apos;^+&apos; | grep -v &apos;^-&apos;"/>
<entry key="aggregation.passwd" value="cat /etc/shadow | grep -v
&apos;^+&apos; | grep -v &apos;^-&apos;"/>
<entry key="aggregation.userattr" value="cat /etc/user_attr |
grep -v &apos;^+&apos; | grep -v &apos;^-&apos;"/>
<entry key="change.password" value="passwd"/>
<entry key="changepassword.resetmode" value="passwd -f"/>
<entry key="chmod g-">
<value>
<Map>
<entry key="flags">
<value>
<Map>
<entry key="execute" value="x"/>
<entry key="read" value="r"/>
<entry key="write" value="w"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="chmod u-">
<value>
<Map>
<entry key="flags">
<value>
<Map>
<entry key="execute" value="x"/>
<entry key="read" value="r"/>
<entry key="write" value="w"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="connect" value="ssh"/>
<entry key="connectorClass"
value="openconnector.connector.unix.SolarisConnector"/>
<entry key="create.account" value="useradd"/>
<entry key="create.group" value="groupadd"/>
<entry key="delete.account" value="userdel"/>
<entry key="delete.group" value="groupdel"/>
 <entry key="disable.account" value="passwd -l"/>
<entry key="echo TestConnection">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="Success" value="TestConnection"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="enable.account" value="passwd -u"/>
<entry key="encrypted"
value="SudoUserPassword,PassphraseForPrivateKey"/>
<entry key="formPath" value="UnixAttributesForm.xhtml"/>
<entry key="get.AllowedLoginRetries" value="grep -i
&apos;RETRIES=&apos; /etc/default/login | grep -v &apos;#&apos;"/>
<entry key="get.RemoteDate" value="date &apos;+%m/%d/%Y %H:%M:
%S&apos;"/>
<entry key="get.group" value="getent group"/>
<entry key="get.loginRetrySetting" value="grep -i
&apos;Lock_After_Retries=&apos; /etc/security/policy.conf | grep -v
&apos;#&apos;"/>
<entry key="get.oldaccountgroups" value="groups"/>
<entry key="get.oldaccountval" value="cat /etc/user_attr | grep -
v &apos;type=role&apos; | grep"/>
<entry key="get.userpwdrow" value="cat /etc/passwd | grep"/>
<entry key="get.usershadowrow" value="cat /etc/shadow | grep"/>
<entry key="groupadd">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="The /etc/group file cannot be
updated."/>
<entry key="2" value="Invalid command syntax. A usage
message for the groupadd command is displayed."/>
<entry key="3" value="An invalid argument was
provided to an option."/>
<entry key="4" value="The gid is not unique (when -o
option is not used)."/>
<entry key="9" value="The group is not unique."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="dupgid" value="-o"/>
<entry key="groupid" value="-g"/>
</Map>
</value>
</entry>
</Map>
</value>
 </entry>
<entry key="groupdel">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="Cannot update the /etc/group
file."/>
<entry key="2" value="Invalid command syntax. A usage
message for the groupdel command is displayed."/>
<entry key="6" value="group does not exist."/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="groupmod">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="Cannot update the /etc/group
file."/>
<entry key="2" value="Invalid command syntax. A usage
message for the groupmod command is displayed."/>
<entry key="3" value="An invalid argument was
provided to an option."/>
<entry key="4" value="gid is not unique (when the -o
option is not used)."/>
<entry key="6" value="group does not exist."/>
<entry key="9" value="name already exists as a group
name."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="dupgid" value="-o"/>
<entry key="groupid" value="-g"/>
<entry key="newgroupname" value="-n"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="modify.account" value="usermod"/>
<entry key="modify.group" value="groupmod"/>
<entry key="passwd">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="1" value="Permission denied."/>
 <entry key="10" value=" Account expired."/>
<entry key="11" value="Password information
unchanged."/>
<entry key="2" value="Invalid combination of
options."/>
<entry key="3" value="Unexpected failure. Password
file unchanged."/>
<entry key="4" value="Unexpected failure. Password
file(s) missing."/>
<entry key="5" value="Password file(s) busy. Try
again later."/>
<entry key="6" value="Invalid argument to option."/>
<entry key="7" value="Aging option is disabled."/>
<entry key="8" value="No memory."/>
<entry key="9" value="System error."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="forcepwdchange" value="-f"/>
<entry key="pwdmaxage" value="-x"/>
<entry key="pwdminage" value="-n"/>
<entry key="pwdwarn" value="-w"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="remove.account.permission" value="chmod u-"/>
<entry key="remove.group.permission" value="chmod g-"/>
<entry key="remove.remotefile" value="\rm -f"/>
<entry key="retryableErrors">
<value>
<List>
<String>Login failed</String>
</List>
</value>
</entry>
<entry key="setDelay" value="1"/>
<entry key="sshTimeOut" value="120000"/>
<entry key="sshWaitTime" value="500"/>
<entry key="testconnection" value="echo TestConnection"/>
<entry key="unlock.account" value="passwd -u"/>
<entry key="user_attrDBFormat">
<value>
<List>
<String>username</String>
<String>qualifier</String>
<String>res1</String>
<String>res2</String>
<String>attr</String>
</List>
</value>
</entry>
<entry key="useradd">
<value>
 <Map>
<entry key="exitsts">
<value>
<Map>
<entry key="1" value="No permission for attempted
operation"/>
<entry key="10" value="Cannot update the passwd,
shadow, or user_attr file."/>
<entry key="11" value="Insufficient space to move the
home directory (-m option)."/>
<entry key="12" value="Unable to create, remove, or
move the new home directory."/>
<entry key="13" value="Requested login is already in
use."/>
<entry key="14" value="Unexpected failure."/>
<entry key="16" value="Unable to update the group
database."/>
<entry key="17" value="Unable to update the project
database."/>
<entry key="18" value="Insufficient authorization."/>
<entry key="19" value="Does not have role."/>
<entry key="2" value="The command syntax was invalid.
A usage message for the usermod command is displayed."/>
<entry key="20" value="Does not have profile."/>
<entry key="21" value="Does not have privilege."/>
<entry key="22" value="Does not have label."/>
<entry key="23" value="Does not have group."/>
<entry key="24" value="System not running Trusted
Extensions."/>
<entry key="25" value="Does not have project."/>
<entry key="26" value="Unable to update auto_home."/>
<entry key="3" value="An invalid argument was
provided to an option."/>
<entry key="4" value="The gid or uid given with the -
u option is already in use."/>
<entry key="5" value="The password and shadow files
are not consistent with each other. pwconv(1M) might be of use to correct possible
errors. See passwd(4) and shadow(4)."/>
<entry key="6" value="The login to be modified does
not exist, the gid or the uid does not exist."/>
<entry key="7" value="The group, passwd, or shadow
file is missing."/>
<entry key="9" value="A group or user name is already
in use"/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="auths" value="-A"/>
<entry key="comment" value="-c"/>
<entry key="create_home_dir" value="-m"/>
<entry key="dupuid" value="-o"/>
<entry key="expire" value="-e"/>
<entry key="groups" value="-G"/>
<entry key="home" value="-d"/>
<entry key="inactive" value="-f"/>
<entry key="lock_after_retries" value="-K"/>
 <entry key="primgrp" value="-g"/>
<entry key="profiles" value="-P"/>
<entry key="project" value="-p"/>
<entry key="roles" value="-R"/>
<entry key="shell" value="-s"/>
<entry key="uid" value="-u"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="userdel">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="Cannot update the /etc/group
or /etc/user_attr file but the login is removed from the /etc/passwd file."/>
<entry key="12" value="Cannot remove or otherwise
modify the home directory."/>
<entry key="2" value="Invalid command syntax. A usage
message for the userdel command is displayed."/>
<entry key="6" value="The account to be removed does
not exist."/>
<entry key="8" value="The account to be removed is in
use."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="removeHome" value="-r"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="usermod">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="Cannot update the /etc/group
or /etc/user_attr file. Other update requests will be implemented."/>
<entry key="11" value="Insufficient space to move the
home directory (-m option). Other update requests will be implemented."/>
<entry key="12" value="Unable to complete the move of
the home directory to the new home directory."/>
<entry key="2" value="The command syntax was invalid.
A usage message for the usermod command is displayed."/>
<entry key="3" value="An invalid argument was
provided to an option."/>
<entry key="4" value="The uid given with the -u
option is already in use."/>
 <entry key="5" value="The password files contain an
error. pwconv(1M) can be used to correct possible errors. See passwd(4)"/>
<entry key="6" value="The login to be modified does
not exist, the group does not exist, or the login shell does not exist."/>
<entry key="8" value="The login to be modified is in
use."/>
<entry key="9" value="The new_logname is already in
use."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="auths" value="-A"/>
<entry key="comment" value="-c"/>
<entry key="create_home_dir" value="-m"/>
<entry key="dupuid" value="-o"/>
<entry key="expire" value="-e"/>
<entry key="groups" value="-G"/>
<entry key="home" value="-d"/>
<entry key="inactive" value="-f"/>
<entry key="lock_after_retries" value="-K"/>
<entry key="primgrp" value="-g"/>
<entry key="profiles" value="-P"/>
<entry key="roles" value="-R"/>
<entry key="shell" value="-s"/>
<entry key="uid" value="-u"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_solaris_direct_user_name"
helpKey="help_con_prov_policy_solaris_direct_user_name" name="username"
required="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_user_id"
helpKey="help_con_prov_policy_solaris_direct_user_id" name="uid"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_password"
helpKey="help_con_prov_policy_solaris_direct_password" name="password"
reviewRequired="true" type="secret"/>
<Field displayName="con_prov_policy_solaris_direct_dup_user"
helpKey="help_con_prov_policy_solaris_direct_user_dup" name="dupuid"
reviewRequired="true" type="boolean" value="false"/>
<Field displayName="con_prov_policy_solaris_direct_group"
helpKey="help_con_prov_policy_solaris_direct_group" name="primgrp"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_home"
helpKey="help_con_prov_policy_solaris_direct_home" name="home"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_shell"
helpKey="help_con_prov_policy_solaris_direct_shell" name="shell"
reviewRequired="true" type="string"/>
 <Field displayName="con_prov_policy_solaris_direct_home_dir"
helpKey="help_con_prov_policy_solaris_direct_home_dir" name="create_home_dir"
reviewRequired="true" type="boolean" value="false"/>
<Field displayName="con_prov_policy_solaris_direct_user_exp"
helpKey="help_con_prov_policy_solaris_direct_user_exp" name="expire"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_user_period"
helpKey="help_con_prov_policy_solaris_direct_user_period" name="inactive"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_lock"
helpKey="help_con_prov_policy_solaris_direct_lock" name="lock_after_retries"
reviewRequired="true" type="string">
<AllowedValues>
<String>yes</String>
<String>no</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_solaris_direct_profiles"
helpKey="help_con_prov_policy_solaris_direct_profiles" multi="true" name="profiles"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_authorization"
helpKey="help_con_prov_policy_solaris_direct_authorization" multi="true"
name="auths" reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_pswd_time"
helpKey="help_con_prov_policy_solaris_direct_pswd_time" name="pwdwarn"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_pswd_min_time"
helpKey="help_con_prov_policy_solaris_direct_pswd_min_time" name="pwdminage"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_pswd_max_time"
helpKey="help_con_prov_policy_solaris_direct_pswd_max_time" name="pwdmaxage"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_force_pswd"
helpKey="help_con_prov_policy_solaris_direct_force_pswd" name="forcepwdchange"
reviewRequired="true" type="boolean" value="false"/>
<Field displayName="con_prov_policy_solaris_direct_project"
helpKey="help_con_prov_policy_solaris_direct_project" name="project"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_comment"
helpKey="help_con_prov_policy_solaris_direct_comment" name="comment"
reviewRequired="true" type="string"/>
</Form>
<Form name="create group" objectType="group" type="Create">
<Field displayName="con_prov_policy_solaris_direct_group_name"
helpKey="help_con_prov_policy_solaris_direct_group_name" name="groupname"
required="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_group_id"
helpKey="help_con_prov_policy_solaris_direct_group_id" name="groupid"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_group_dup"
helpKey="help_con_prov_policy_solaris_direct_group_dup" name="dupgid"
reviewRequired="true" type="boolean"/>
</Form>
<Form name="update group" objectType="group" type="Update">
<Field displayName="con_prov_policy_solaris_direct_group_id"
helpKey="help_con_prov_policy_solaris_direct_group_id" name="groupid"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_solaris_direct_group_dup"
helpKey="help_con_prov_policy_solaris_direct_group_dup" name="dupgid"
reviewRequired="true" type="boolean"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="username" identityAttribute="username"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="username"
remediationModificationType="None" required="true" type="string">
<Description>Name of User</Description>
</AttributeDefinition>
<AttributeDefinition name="uid"
remediationModificationType="None" required="true" type="string">
<Description>The numerical value of the user's ID</Description>
</AttributeDefinition>
<AttributeDefinition name="primgrp"
remediationModificationType="None" required="true" type="string">
<Description>Primary Group of User</Description>
</AttributeDefinition>
<AttributeDefinition name="home"
remediationModificationType="None" required="true" type="string">
<Description>Home Directory of User</Description>
</AttributeDefinition>
<AttributeDefinition name="shell"
remediationModificationType="None" required="true" type="string">
<Description>User's login shell</Description>
</AttributeDefinition>
<AttributeDefinition name="comment"
remediationModificationType="None" type="string">
<Description>User's password file comment</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="auths"
remediationModificationType="None" type="string">
<Description>User's authorizations</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="profiles"
remediationModificationType="None" type="string">
<Description>User's rights profiles</Description>
</AttributeDefinition>
<AttributeDefinition name="project"
remediationModificationType="None" type="string">
<Description>Project Assigned to User</Description>
</AttributeDefinition>
<AttributeDefinition name="expire"
remediationModificationType="None" type="string">
<Description>Expiration date of user</Description>
</AttributeDefinition>
<AttributeDefinition name="inactive"
remediationModificationType="None" type="string">
<Description>The number of days of inactivity allowed for that
user</Description>
</AttributeDefinition>
<AttributeDefinition name="lock_after_retries"
remediationModificationType="None" type="string">
<Description>Specifies whether an account is locked after the
count of failed logins for a user</Description>
</AttributeDefinition>
<AttributeDefinition name="limitpriv"
remediationModificationType="None" type="string">
<Description>The maximum set of privileges a User can
obtain</Description>
</AttributeDefinition>
<AttributeDefinition name="defaultpriv"
remediationModificationType="None" type="string">
<Description>The default set of privileges assigned to a user's
inheritable set upon login</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdminage"
remediationModificationType="None" type="string">
<Description>Minimum number of days between password
change</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdmaxage"
remediationModificationType="None" type="string">
<Description>Maximum number of days between password
change</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdwarn"
remediationModificationType="None" type="string">
<Description>Number of days of warning before password
expires</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdlastchg"
remediationModificationType="None" type="string">
<Description>Last password change</Description>
</AttributeDefinition>
<AttributeDefinition name="audit_flags"
remediationModificationType="None" type="string">
<Description>Specifies per-user audit preselection flags as
colon-separated always-audit-flags and never-audit-flags</Description>
</AttributeDefinition>
<AttributeDefinition name="failedretries"
remediationModificationType="None" type="string">
<Description>Failed login count</Description>
</AttributeDefinition>
<AttributeDefinition name="lastLogin"
remediationModificationType="None" type="string">
<Description>Last login time of User</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" remediationModificationType="None" type="string">
<Description>List of roles assigned to the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>List of groups which the user is a member
of</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="groupname" featuresString="PROVISIONING"
identityAttribute="groupname" nativeObjectType="group" objectType="group">
<AttributeDefinition name="groupname"
remediationModificationType="None" type="string">
<Description>Name of Group</Description>
</AttributeDefinition>
<AttributeDefinition name="groupid"
remediationModificationType="None" type="string">
<Description>The numerical value of the group's
ID</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.MSSQLServerConnector"
featuresString="DIRECT_PERMISSIONS, PROVISIONING, SYNC_PROVISIONING, SEARCH,
UNLOCK, ENABLE, PASSWORD" icon="databaseIcon" name="Microsoft SQL Server Template"
type="Microsoft SQL Server - Direct">
<Attributes>
<Map>
<entry key="appendHostName">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="formPath" value="MsSqlServerAttributesForm.xhtml"/>
<entry key="useEnhancedConnector">
<value>
<Boolean>true</Boolean>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_MSSQL_Login_name"
helpKey="help_con_form_MSSQL_Login_name" name="native_identity" required="true"
section="" type="string"/>
<Field displayName="con_prov_policy_MSSQL_Password"
helpKey="help_con_form_MSSQL_password" name="password" reviewRequired="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_MSSQL_Account_Type"
helpKey="help_con_form_MSSQL_Account_type" name="type_desc" required="true"
type="string">
<AllowedValues>
<String>WINDOWS_LOGIN</String>
<String>SQL_LOGIN</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_MSSQL_User_Mapping"
helpKey="help_con_form_MSSQL_User_Mapping" multi="true" name="DBUser"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="create group" objectType="group" type="Create">
<Field displayName="con_prov_policy_MSSQL_Native_Identity"
helpKey="help_con_form_MSSQL_Native_Identity" name="native_identity"
required="true" type="string"/>
<Field displayName="con_prov_policy_MSSQL_Group_Type"
helpKey="help_con_form_MSSQL_Group_Type" name="type_desc" required="true"
type="string" value="DATABASE_ROLE">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
</Form>
</ProvisioningForms>
 <Schemas>
<Schema displayAttribute="native_identity"
identityAttribute="native_identity" nativeObjectType="account"
objectType="account">
<AttributeDefinition displayName="native_identity"
name="native_identity" type="string">
<Description>Native identity represented by default as
loginName</Description>
</AttributeDefinition>
<AttributeDefinition displayName="server_login"
name="server_login" type="string">
<Description>Server login associated to account</Description>
</AttributeDefinition>
<AttributeDefinition displayName="name" name="name"
type="string">
<Description>Account name</Description>
</AttributeDefinition>
<AttributeDefinition displayName="principal_id"
name="principal_id" type="string">
<Description>ID of database principal</Description>
</AttributeDefinition>
<AttributeDefinition displayName="type" name="type"
type="string">
<Description>Type of the login</Description>
</AttributeDefinition>
<AttributeDefinition displayName="type_desc" name="type_desc"
type="string">
<Description>Description type of the login</Description>
</AttributeDefinition>
<AttributeDefinition displayName="create_date" name="create_date"
type="string">
<Description>Creation date of the login</Description>
</AttributeDefinition>
<AttributeDefinition displayName="modify_date" name="modify_date"
type="string">
<Description>Last modification date of the login</Description>
</AttributeDefinition>
<AttributeDefinition displayName="owning_principal_id"
name="owning_principal_id" type="string">
<Description>ID of the principal that owns this database
principal</Description>
</AttributeDefinition>
<AttributeDefinition displayName="sid" name="sid" type="string">
<Description>SID of the login</Description>
</AttributeDefinition>
<AttributeDefinition displayName="is_fixed_role"
name="is_fixed_role" type="string">
<Description>If the value is 1, then this row represents an
entry for one of the fixed database roles</Description>
</AttributeDefinition>
<AttributeDefinition displayName="server_name" name="server_name"
type="string">
<Description>Server name</Description>
</AttributeDefinition>
<AttributeDefinition displayName="DBUser" multi="true"
name="DBUser" type="string">
<Description>Database users which are associated to the
login</Description>
</AttributeDefinition>
 <AttributeDefinition displayName="roles" entitlement="true"
managed="true" multi="true" name="roles" schemaObjectType="group" type="string">
<Description>Server and database roles assigned to the login
and its mapped database users</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="type_desc"
displayAttribute="native_identity" featuresString="PROVISIONING"
identityAttribute="native_identity" nativeObjectType="group" objectType="group">
<AttributeDefinition displayName="native_identity"
name="native_identity" type="string">
<Description>Native identity represented by default as
groupName@serverName or groupName@databaseName</Description>
</AttributeDefinition>
<AttributeDefinition displayName="name" name="name"
type="string">
<Description>Group name</Description>
</AttributeDefinition>
<AttributeDefinition displayName="database_name"
name="database_name" type="string">
<Description>Database name in which group exists</Description>
</AttributeDefinition>
<AttributeDefinition displayName="database_id" name="database_id"
type="string">
<Description>Database ID in which group exists</Description>
</AttributeDefinition>
<AttributeDefinition displayName="principal_id"
name="principal_id" type="string">
<Description>Id of database principal</Description>
</AttributeDefinition>
<AttributeDefinition displayName="roles" multi="true"
name="roles" type="string">
<Description>Roles assigned to the group</Description>
</AttributeDefinition>
<AttributeDefinition displayName="server_name" name="server_name"
type="string">
<Description>Server name of the group</Description>
</AttributeDefinition>
<AttributeDefinition displayName="type_desc" name="type_desc"
type="string">
<Description>Description type of the group</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.ForceConnector"
featuresString="SEARCH, ENABLE, PROVISIONING, DIRECT_PERMISSIONS,
SYNC_PROVISIONING, PASSWORD" icon="internetIcon" name="RemedyForce Template"
type="RemedyForce">
<Attributes>
<Map>
<entry key="encrypted" value="clientSecret"/>
<entry key="formPath" value="salesforceConfigForm.xhtml"/>
</Map>
</Attributes>
<ProvisioningConfig deleteToDisable="true"/>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_salesforce_direct_Alias"
name="Alias" required="true" reviewRequired="true" type="string">
<Description> Take first letter of first name and squish it
together for an 8 character alias. Otherwise use first 8 characters of the
identity's name.</Description>
<Script>
<Source>

String first = identity.getFirstname();

String last = identity.getLastname();
if ( last == null )
last = identity.getName();

String alias = null;

int max = 7;
if ( last.length() &lt; max ) {
max = last.length();
}

if ( first != null ) {
alias = first.charAt(0) + last.substring(0,max);
} else {
if ( last.length() &lt; 8 )
max = last.length();
alias = last.substring(0,max);
}
return alias;

</Source>
</Script>
</Field>
<Field defaultValue="true"
displayName="con_prov_policy_salesforce_direct_Active" name="IsActive"
reviewRequired="true" type="boolean"/>
<Field displayName="con_prov_policy_salesforce_direct_Username"
helpKey="help_prov_policy_salesforce_direct_Username" name="Username"
required="true" reviewRequired="true" type="string">
<Script>
<Source>
return identity.getEmail();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_Email"
helpKey="help_prov_policy_salesforce_direct_Email" name="Email" required="true"
reviewRequired="true" type="string">
<Script>
<Source>
return identity.getEmail();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_FirstName"
name="FirstName" required="true" reviewRequired="true" type="string">
<Script>
<Source>
return identity.getFirstname();
</Source>
</Script>
</Field>
 <Field displayName="con_prov_policy_salesforce_direct_LastName"
name="LastName" required="true" reviewRequired="true" type="string">
<Script>
<Source>
return identity.getLastname();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_NickName"
name="CommunityNickname" required="true" type="string">
<Script>
<Source>
return identity.getFullName();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_TimeZone"
name="TimeZoneSidKey" required="true" reviewRequired="true" type="string"
value="America/Los_Angeles">
<AllowedValues>
<String>America/Chicago</String>
<String>America/Bogota</String>
<String>America/Lima</String>
<String>America/Los_Angeles</String>
<String>Atlantic/Bermuda</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_Locale"
name="LocaleSidKey" required="true" reviewRequired="true" type="string"
value="en_US"/>
<Field
displayName="con_prov_policy_salesforce_direct_LanguageLocaleKey"
name="LanguageLocaleKey" required="true" reviewRequired="true" type="string"
value="en_US"/>
<Field
displayName="con_prov_policy_salesforce_direct_EmailEncodingKey"
name="EmailEncodingKey" required="true" reviewRequired="true" type="string"
value="UTF-8"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="Username" groupAttribute="ProfileId"
identityAttribute="Id" nativeObjectType="User" objectType="account">
<AttributeDefinition name="Id" type="string">
<Description>RemedyForce Id</Description>
</AttributeDefinition>
<AttributeDefinition name="Alias" type="string">
<Description>User's assigned alias</Description>
</AttributeDefinition>
<AttributeDefinition name="City" type="string">
<Description>User's city</Description>
</AttributeDefinition>
<AttributeDefinition name="CommunityNickname" type="string">
<Description>DisplayNames for user's online
communities</Description>
</AttributeDefinition>
<AttributeDefinition name="CompanyName" type="string">
<Description>User's Company Name</Description>
</AttributeDefinition>
 <AttributeDefinition name="CallCenterId" type="string">
<Description>User's call center</Description>
</AttributeDefinition>
<AttributeDefinition name="Country" type="string">
<Description>User's Country</Description>
</AttributeDefinition>
<AttributeDefinition name="Department" type="string">
<Description>User's Department</Description>
</AttributeDefinition>
<AttributeDefinition name="Email" type="string">
<Description>User's Email Address</Description>
</AttributeDefinition>
<AttributeDefinition name="Division" type="string">
<Description>User's Division</Description>
</AttributeDefinition>
<AttributeDefinition name="EmployeeNumber" type="string">
<Description>User's Employee Number</Description>
</AttributeDefinition>
<AttributeDefinition name="BMCServiceDesk__Extension__c"
type="string">
<Description>Map to BMCServiceDesk user telephone
extension</Description>
</AttributeDefinition>
<AttributeDefinition name="Fax" type="string">
<Description>User's Fax Number</Description>
</AttributeDefinition>
<AttributeDefinition name="IsActive" type="boolean">
<Description>Flag that indicates if the user is active in
SalesForce</Description>
</AttributeDefinition>
<AttributeDefinition name="Username" type="string">
<Description>By default, this attribute is the connectors
default nativeIdentity AND display name attributes</Description>
</AttributeDefinition>
<AttributeDefinition name="FirstName" type="string">
<Description>User's firstname</Description>
</AttributeDefinition>
<AttributeDefinition name="LastName" type="string">
<Description>User's lastname</Description>
</AttributeDefinition>
<AttributeDefinition name="EmailEncodingKey" type="string">
<Description>Defaults to UTF-8 and there are several selections
to choose from in from the web interface</Description>
</AttributeDefinition>
<AttributeDefinition name="Street" type="string">
<Description>Street Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>User's fullname</Description>
</AttributeDefinition>
<AttributeDefinition name="UserPermissionsMarketingUser"
type="boolean">
<Description>Maps to the Marketing User Flag</Description>
</AttributeDefinition>
<AttributeDefinition name="UserPermissionsMobileUser"
type="boolean">
<Description>Maps to the Mobile User Flag</Description>
</AttributeDefinition>
<AttributeDefinition name="UserPermissionsOfflineUser"
type="boolean">
<Description>Maps to the Offline user Flag</Description>
</AttributeDefinition>
<AttributeDefinition name="UserPermissionsSFContentUser"
type="boolean">
<Description>Maps to Sales Anywhere User.</Description>
</AttributeDefinition>
<AttributeDefinition name="Phone" type="string">
<Description>User's phone number</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
name="ProfileId" schemaObjectType="group" type="string">
<Description>Profile Id</Description>
</AttributeDefinition>
<AttributeDefinition name="ProfileName" type="string">
<Description>Profile Name</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="PublicGroups" type="string">
<Description>Public groups are the entitlements for
user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="PermissionSet" type="string">
<Description>PermissionSet assigned to a user.</Description>
</AttributeDefinition>
<AttributeDefinition name="ReceivesAdminInfoEmails"
type="string">
<Description>Administrator information Mails</Description>
</AttributeDefinition>
<AttributeDefinition name="UserRoleId" type="string">
<Description>User Role's Id</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
name="UserRoleName" type="string">
<Description>User Role's name</Description>
</AttributeDefinition>
<AttributeDefinition name="UserType" type="string">
<Description>Type of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="State" type="string">
<Description>User's state</Description>
</AttributeDefinition>
<AttributeDefinition name="Title" type="string">
<Description>User's title</Description>
</AttributeDefinition>
<AttributeDefinition name="BMCServiceDesk__Account_ID__c"
remediationModificationType="None" type="string">
<Description>Maps to Account ID</Description>
</AttributeDefinition>
<AttributeDefinition name="BMCServiceDesk__ContactId__c"
remediationModificationType="None" type="string">
<Description>Maps to Contact Id</Description>
</AttributeDefinition>
<AttributeDefinition name="BMCServiceDesk__IsStaffUser__c"
remediationModificationType="None" type="string">
<Description>Maps to BMC ServiceDesk Staff</Description>
</AttributeDefinition>
<AttributeDefinition
name="BMCServiceDesk__Remedyforce_Knowledge_User__c"
remediationModificationType="None" type="string">
<Description>Maps to Remedyforce Knowledge User</Description>
</AttributeDefinition>
<AttributeDefinition name="BMCServiceDesk__Account_Name__c"
remediationModificationType="None" type="string">
<Description>Maps to Account Name</Description>
</AttributeDefinition>
<AttributeDefinition name="BMCServiceDesk__remarks__c"
remediationModificationType="None" type="string">
<Description>Maps to Remarks</Description>
</AttributeDefinition>
<AttributeDefinition
name="BMCServiceDesk__SelfService_Preferences__c"
remediationModificationType="None" type="string">
<Description>Self Service Preferences</Description>
</AttributeDefinition>
<AttributeDefinition name="BMCServiceDesk__IsOutOfOffice__c"
remediationModificationType="None" type="string">
<Description>Maps to Out of Office</Description>
</AttributeDefinition>
<AttributeDefinition name="BMCServiceDesk__FPLoginID__c"
remediationModificationType="None" type="string">
<Description>Maps to FootPrints Login ID</Description>
</AttributeDefinition>
<AttributeDefinition name="BMCServiceDesk__Room__c"
remediationModificationType="None" type="string">
<Description>Maps to Room attribute</Description>
</AttributeDefinition>
<AttributeDefinition name="ReceivesInfoEmails" type="string">
<Description>Receive the salesforce/remedyforce.com
newsletter</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="Description" displayAttribute="Name"
identityAttribute="Id" includePermissions="true" nativeObjectType="Profile"
objectType="group">
<AttributeDefinition name="Id" type="string">
<Description>Profile Id</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Profile Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Description" type="string">
<Description>Profile Description</Description>
</AttributeDefinition>
<AttributeDefinition name="UserType" type="string">
<Description>Profile Type</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OracleDBConnector"
featuresString="DISCOVER_SCHEMA, PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE,
PASSWORD, ENABLE, SEARCH, DIRECT_PERMISSIONS" icon="databaseIcon" name="Oracle
Template" type="Oracle Database - Direct">
<Attributes>
<Map>
<entry key="enforceRequiredPermission">
 <value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="formPath" value="OracleDBConnectorForm.xhtml"/>
<entry key="useExecuteQuery">
<value>
<Boolean>true</Boolean>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create User" objectType="account" type="Create">
<Field displayName="con_prov_policy_oracle_user_name"
helpKey="help_con_form_oracle_username" name="USERNAME" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_oracle_Password"
helpKey="help_con_form_oracle_password" name="password" required="true"
reviewRequired="true" type="secret"/>
<Field displayName="con_prov_policy_oracle_Default_Tablespace"
helpKey="help_con_form_oracle_Default_Tablespace" name="DEFAULT_TABLESPACE"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_oracle_Temporary_Tablespace"
helpKey="help_con_form_oracle_Temporary_Tablespace" name="TEMPORARY_TABLESPACE"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_oracle_Profile"
helpKey="help_con_form_oracle_Profile" name="PROFILE" reviewRequired="true"
type="string"/>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Field displayName="con_prov_policy_oracle_Role"
helpKey="help_con_form_oracle_Role" name="ROLE" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_oracle_Password"
helpKey="help_con_form_oracle_password_role" name="password" reviewRequired="true"
type="secret"/>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field displayName="con_prov_policy_oracle_Granted_Roles"
helpKey="help_con_form_oracle_Role_Name" multi="true" name="ROLES"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_oracle_System_Privileges"
helpKey="help_con_form_oracle_System_Privileges" multi="true"
name="SYSTEM_PRIVILEGES" reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_oracle_Password"
helpKey="help_con_form_oracle_password_role" name="password" reviewRequired="true"
type="secret"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="USERNAME" identityAttribute="USERNAME"
nativeObjectType="DBA_USERS" objectType="account">
<AttributeDefinition name="USERNAME"
remediationModificationType="None" type="string">
<Description>User name </Description>
</AttributeDefinition>
<AttributeDefinition name="USER_ID"
remediationModificationType="None" type="string">
 <Description>User ID </Description>
</AttributeDefinition>
<AttributeDefinition name="ACCOUNT_STATUS"
remediationModificationType="None" type="string">
<Description>Account status </Description>
</AttributeDefinition>
<AttributeDefinition name="DEFAULT_TABLESPACE"
remediationModificationType="None" type="string">
<Description>Default tablespace </Description>
</AttributeDefinition>
<AttributeDefinition name="TEMPORARY_TABLESPACE"
remediationModificationType="None" type="string">
<Description>Temporary tablespace </Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHENTICATION_TYPE"
remediationModificationType="None" required="true" type="string">
<Description>Authentication type </Description>
</AttributeDefinition>
<AttributeDefinition managed="true" name="PROFILE"
remediationModificationType="None" type="string">
<Description>Profiles assigned to the user </Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="ROLES" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Roles assigned to the user </Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="SYSTEM_PRIVILEGES" remediationModificationType="None"
type="string">
<Description>System privileges assigned to the user
</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="ROLE" featuresString="PROVISIONING"
identityAttribute="ROLE" nativeObjectType="DBA_ROLES" objectType="group">
<AttributeDefinition name="ROLE" type="string">
<Description>Role name </Description>
</AttributeDefinition>
<AttributeDefinition name="PASSWORD_REQUIRED"
remediationModificationType="None" type="string">
<Description>Password is required or not </Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHENTICATION_TYPE"
remediationModificationType="None" required="true" type="string">
<Description>Authentication type </Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="ROLES" remediationModificationType="None" type="string">
<Description>Roles assigned to the role </Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="SYSTEM_PRIVILEGES" type="string">
<Description>System privileges assigned to the role
</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
 <Application connector="sailpoint.connector.ForceConnector"
featuresString="SEARCH, ENABLE, PROVISIONING, DIRECT_PERMISSIONS,
SYNC_PROVISIONING, PASSWORD" icon="internetIcon" name="Salesforce Template"
type="Salesforce">
<Attributes>
<Map>
<entry key="encrypted" value="clientSecret"/>
<entry key="formPath" value="salesforceConfigForm.xhtml"/>
</Map>
</Attributes>
<ProvisioningConfig deleteToDisable="true"/>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_salesforce_direct_Alias"
name="Alias" required="true" reviewRequired="true" type="string">
<Description> Take first letter of first name and squish it
together for an 8 character alias. Otherwise use first 8 characters of the
identity's name.</Description>
<Script>
<Source>

String first = identity.getFirstname();

String last = identity.getLastname();
if ( last == null )
last = identity.getName();

String alias = null;

int max = 7;
if ( last.length() &lt; max ) {
max = last.length();
}

if ( first != null ) {
alias = first.charAt(0) + last.substring(0,max);
} else {
if ( last.length() &lt; 8 )
max = last.length();
alias = last.substring(0,max);
}
return alias;

</Source>
</Script>
</Field>
<Field defaultValue="true"
displayName="con_prov_policy_salesforce_direct_Active" name="IsActive"
reviewRequired="true" type="boolean"/>
<Field displayName="con_prov_policy_salesforce_direct_Username"
helpKey="help_prov_policy_salesforce_direct_Username" name="Username"
required="true" reviewRequired="true" type="string">
<Script>
<Source>
return identity.getEmail();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_Email"
helpKey="help_prov_policy_salesforce_direct_Email" name="Email" required="true"
reviewRequired="true" type="string">
 <Script>
<Source>
return identity.getEmail();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_FirstName"
name="FirstName" required="true" reviewRequired="true" type="string">
<Script>
<Source>
return identity.getFirstname();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_LastName"
name="LastName" required="true" reviewRequired="true" type="string">
<Script>
<Source>
return identity.getLastname();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_NickName"
name="CommunityNickname" required="true" type="string">
<Script>
<Source>
return identity.getFullName();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_TimeZone"
name="TimeZoneSidKey" required="true" reviewRequired="true" type="string"
value="America/Los_Angeles">
<AllowedValues>
<String>America/Chicago</String>
<String>America/Bogota</String>
<String>America/Lima</String>
<String>America/Los_Angeles</String>
<String>Atlantic/Bermuda</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_salesforce_direct_Locale"
name="LocaleSidKey" required="true" reviewRequired="true" type="string"
value="en_US"/>
<Field
displayName="con_prov_policy_salesforce_direct_LanguageLocaleKey"
name="LanguageLocaleKey" required="true" reviewRequired="true" type="string"
value="en_US"/>
<Field
displayName="con_prov_policy_salesforce_direct_EmailEncodingKey"
name="EmailEncodingKey" required="true" reviewRequired="true" type="string"
value="UTF-8"/>
<Field
displayName="con_prov_policy_salesforce_direct_FederationIdentifier"
name="FederationIdentifier" reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="Username" identityAttribute="Id"
nativeObjectType="User" objectType="account">
<AttributeDefinition name="Id" type="string">
<Description>Internal salesforce id.</Description>
</AttributeDefinition>
<AttributeDefinition name="Alias" type="string">
<Description>User's assigned alias.</Description>
</AttributeDefinition>
<AttributeDefinition name="City" type="string">
<Description>User's city.</Description>
</AttributeDefinition>
<AttributeDefinition name="CommunityNickname" type="string">
<Description>DisplayNames for user's online
communities.</Description>
</AttributeDefinition>
<AttributeDefinition name="CompanyName" type="string">
<Description>User's company name.</Description>
</AttributeDefinition>
<AttributeDefinition name="CallCenterId" type="string">
<Description>User's call center.</Description>
</AttributeDefinition>
<AttributeDefinition name="Country" type="string">
<Description>User's country.</Description>
</AttributeDefinition>
<AttributeDefinition name="Department" type="string">
<Description>User's department.</Description>
</AttributeDefinition>
<AttributeDefinition name="Email" type="string">
<Description>User's Email address.</Description>
</AttributeDefinition>
<AttributeDefinition name="Division" type="string">
<Description>User's division.</Description>
</AttributeDefinition>
<AttributeDefinition name="EmployeeNumber" type="string">
<Description>User's employee number.</Description>
</AttributeDefinition>
<AttributeDefinition name="Extension" type="string">
<Description>User's telephone extension.</Description>
</AttributeDefinition>
<AttributeDefinition name="Street" type="string">
<Description>The street address associated with the
User.</Description>
</AttributeDefinition>
<AttributeDefinition name="Fax" type="string">
<Description>User's fax number.</Description>
</AttributeDefinition>
<AttributeDefinition name="IsActive" type="boolean">
<Description>Flag that indicates if the user is active in
Salesforce.</Description>
</AttributeDefinition>
<AttributeDefinition name="IsFrozen" type="boolean">
<Description>Flag that indicates if the user is frozen in
Salesforce.</Description>
</AttributeDefinition>
<AttributeDefinition name="Username" type="string">
<Description>Contains the name that a user enters to log into
the API or the user interface.</Description>
</AttributeDefinition>
<AttributeDefinition name="FirstName" type="string">
<Description>User's first name.</Description>
 </AttributeDefinition>
<AttributeDefinition name="LastName" type="string">
<Description>User's last name.</Description>
</AttributeDefinition>
<AttributeDefinition name="EmailEncodingKey" type="string">
<Description>Encoding that should be used during email
communications.</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>User's fullname.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserPermissionsMarketingUser"
type="boolean">
<Description>Maps to the Marketing User Flag.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserPermissionsMobileUser"
type="boolean">
<Description>Maps to the Mobile User Flag.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserPermissionsOfflineUser"
type="boolean">
<Description>Maps to the Offline user Flag.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserPermissionsSFContentUser"
type="boolean">
<Description>Maps to Sales Anywhere User.</Description>
</AttributeDefinition>
<AttributeDefinition name="Phone" type="string">
<Description>User's phone number.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
name="ProfileId" schemaObjectType="group" type="string">
<Description>ID of the profile assigned to a
user.</Description>
</AttributeDefinition>
<AttributeDefinition name="ProfileName" type="string">
<Description>Name of the profile assigned to a
user.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="PublicGroups" schemaObjectType="PublicGroup" type="string">
<Description>Public groups are the entitlements for
user.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="QueueNames" type="string">
<Description>Queues assigned to the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="ReceivesAdminInfoEmails"
type="string">
<Description>Receive the salesforce.com administrator
newsletter.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
name="Role" schemaObjectType="Role" type="string">
<Description>The Role assigned to a user.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserType" type="string">
<Description>Type of the user.</Description>
 </AttributeDefinition>
<AttributeDefinition name="State" type="string">
<Description>User's state.</Description>
</AttributeDefinition>
<AttributeDefinition name="Title" type="string">
<Description>User's title.</Description>
</AttributeDefinition>
<AttributeDefinition name="ReceivesInfoEmails" type="string">
<Description>Receive the salesforce.com
newsletter.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="PermissionSet" schemaObjectType="PermissionSet" type="string">
<Description>PermissionSet assigned to a user.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserLicense"
remediationModificationType="None" type="string">
<Description>User's license.</Description>
</AttributeDefinition>
<AttributeDefinition name="LanguageLocaleKey" type="string">
<Description>The user's language.</Description>
</AttributeDefinition>
<AttributeDefinition name="LocaleSidKey" type="string">
<Description>This is the user's locale.</Description>
</AttributeDefinition>
<AttributeDefinition name="TimeZoneSidKey" type="string">
<Description>The timezone of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="FederationIdentifier" type="string">
<Description>A Federation IDs is an identifier that is unique
within a salesforce Organization.</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="Description" displayAttribute="Name"
identityAttribute="Id" includePermissions="true" nativeObjectType="Profile"
objectType="group">
<AttributeDefinition name="Id" type="string">
<Description>The internal id for this group.</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>The friendly name assigned to the
profile.</Description>
</AttributeDefinition>
<AttributeDefinition name="Description" type="string">
<Description>Description for the profiles.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserType" type="string">
<Description>This is the type of profile even though the
attribute name would indicate a user.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserLicense"
remediationModificationType="None" type="string">
<Description>User's license.</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" descriptionAttribute="Description"
displayAttribute="Name" identityAttribute="Name" nativeObjectType="PermissionSet"
objectType="PermissionSet">
<AttributeDefinition name="Name" type="string">
 <Description>The internal id for this group.</Description>
</AttributeDefinition>
<AttributeDefinition name="Label" type="string">
<Description>The friendly name assigned to the
profile.</Description>
</AttributeDefinition>
<AttributeDefinition name="Description" type="string">
<Description>Description for the profiles.</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="Name"
identityAttribute="Id" nativeObjectType="Role" objectType="Role">
<AttributeDefinition name="Id" type="string">
<Description>Role Id.</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Role name.</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="Name"
identityAttribute="Name" nativeObjectType="PublicGroup" objectType="PublicGroup">
<AttributeDefinition name="Id" type="string">
<Description>Public Group Id.</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Public Group name.</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.JDBCConnector"
featuresString="DISCOVER_SCHEMA, PROVISIONING, SYNC_PROVISIONING,
DIRECT_PERMISSIONS, ENABLE, PASSWORD" icon="databaseIcon" name="SQLLoader Template"
type="SQLLoader">
<Attributes>
<Map>
<entry key="formPath"
value="SQLLoaderConnectorAttributesForm.xhtml"/>
<entry key="formPathRules"
value="SQLLoaderConnectorRulesForm.xhtml"/>
</Map>
</Attributes>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, UNLOCK, ENABLE, SEARCH,
UNSTRUCTURED_TARGETS, PASSWORD, AUTHENTICATE" icon="internetIcon" name="IBM Tivoli
Access Manager" type="IBM Tivoli Access Manager">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.TAMConnector"/>
<entry key="encrypted" value="admin_password"/>
<entry key="formPath" value="TAMConnector.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="UserID" name="userid" required="true"
reviewRequired="true" section="" type="string"/>
 <Field displayName="First Name" name="first_name" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="Last Name" name="last_name" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="registryUID" helpKey="e.g. cn=userid, o=ibm,
c=us" name="registryUID" required="true" reviewRequired="true" section=""
type="string"/>
<Field displayName="Description" name="description"
reviewRequired="true" section="" type="string"/>
<Field displayName="Password" name="password" required="true"
reviewRequired="true" section="" type="secret"/>
<Field displayName="Password Valid" name="passwordvalid"
reviewRequired="true" section="" type="boolean" value="true"/>
<Field displayName="Account Valid" name="accountValid"
reviewRequired="true" section="" type="boolean" value="true"/>
<Field displayName="GSO User" name="ssoUser"
reviewRequired="true" section="" type="boolean" value="true"/>
<Field displayName="GSO Web Credentials" helpKey="e.g.
gso_name:userid:user_password" multi="true" name="gsoWebCreds"
reviewRequired="true" section="" type="String"/>
<Field displayName="GSO Group Credentials" helpKey="e.g.
gso_group_name:userid:user_password" multi="true" name="gsoGroupCreds"
reviewRequired="true" section="" type="String"/>
<Field displayName="ImportFromRegistry" name="importFromRegistry"
reviewRequired="true" section="" type="boolean"/>
<Field displayName="No Password Policy" name="noPwdPolicy"
reviewRequired="true" section="" type="boolean"/>
</Form>
<Form name="create group" objectType="group" type="Create">
<Field displayName="Group Name" name="name" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="RegistryUID" helpKey="e.g. cn=groupname,
o=ibm, c=us" name="registryUID" required="true" reviewRequired="true" section=""
type="string"/>
<Field displayName="Description" name="description"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="update group" objectType="group" type="Update">
<Field displayName="Group Name" name="name" reviewRequired="true"
type="string"/>
<Field displayName="RegistryUID" name="registryUID"
readOnly="true" reviewRequired="true" type="string"/>
<Field displayName="Description" name="description"
reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="userid" identityAttribute="userid"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="userid"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="first_name"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="last_name"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="registryUID"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="description"
remediationModificationType="None" required="true" type="string"/>
 <AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" remediationModificationType="None"
schemaObjectType="group" type="string"/>
<AttributeDefinition managed="true" name="noPwdPolicy"
remediationModificationType="None" type="boolean"/>
<AttributeDefinition name="ssoUser"
remediationModificationType="None" required="true" type="boolean"/>
<AttributeDefinition name="accountValid"
remediationModificationType="None" required="true" type="boolean"/>
<AttributeDefinition name="passwordvalid"
remediationModificationType="None" required="true" type="boolean"/>
<AttributeDefinition multi="true" name="gsoWebCreds"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition multi="true" name="gsoGroupCreds"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="importFromregistry"
remediationModificationType="None" required="true" type="boolean"/>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="name"
featuresString="PROVISIONING" identityAttribute="name" nativeObjectType="group"
objectType="group">
<AttributeDefinition name="name"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="registryUID"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="description"
remediationModificationType="None" required="true" type="string"/>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.AirwatchConnector"
featuresString="PROXY" name="Airwatch MIM" type="Airwatch MIM">
<Attributes>
<Map>
<entry key="encrypted" value="adminPassword,apikey"/>
<entry key="formPath" value="AirwatchAttributesForm.xhtml"/>
<entry key="retryableErrors">
<value>
<List>
<String>Unrecognized SSL message</String>
</List>
</value>
</entry>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="UserName" identityAttribute="Id"
nativeObjectType="User" objectType="account">
<AttributeDefinition name="Id" type="string"/>
<AttributeDefinition name="UserName" type="string"/>
<AttributeDefinition name="FirstName" type="string"/>
<AttributeDefinition name="LastName" type="string"/>
<AttributeDefinition name="Status" type="string"/>
<AttributeDefinition name="Group" type="string"/>
<AttributeDefinition name="Email" type="string"/>
<AttributeDefinition name="SecurityType" type="string"/>
<AttributeDefinition name="ContactNumber" type="string"/>
<AttributeDefinition name="EmailUserName" type="string"/>
<AttributeDefinition entitlement="true" name="Role"
type="string"/>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.SAPHRConnector"
featuresString="MANAGER_LOOKUP, PROVISIONING, SYNC_PROVISIONING, ENABLE, UNLOCK"
icon="enterpriseIcon" name="SAP HR/HCM Template" type="SAP HR/HCM">
<Attributes>
<Map>
<entry key="formPath" value="SAPHRAttributesForm.xhtml"/>
<entry key="formPathRules" value="SAPHRRulesForm.xhtml"/>
<entry key="managerRelationshipModel" value="OOSP"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="Name" identityAttribute="Central Person
ID" nativeObjectType="User" objectType="account">
<AttributeDefinition name="Academic Grade" type="string">
<Description>Academic Title</Description>
</AttributeDefinition>
<AttributeDefinition name="Address" type="string">
<Description>Address of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Address Type" type="string">
<Description>Address Type of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Address Type Code" type="string">
<Description>Address Type Code of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Admin Group" type="string">
<Description>Administrator Group</Description>
</AttributeDefinition>
<AttributeDefinition name="Aristrocratic Title" type="string">
<Description>Name supplement such as Lord or Lady
</Description>
</AttributeDefinition>
<AttributeDefinition name="Birth Date" type="string">
<Description>Birth Date of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Birth Name" type="string">
<Description>Birth Name of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Birth Place" type="string">
<Description>Birth Place of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Business Area" type="string">
<Description>Business Area</Description>
</AttributeDefinition>
<AttributeDefinition name="Central Person ID" type="string">
<Description>Central Person ID associated with
employee</Description>
</AttributeDefinition>
<AttributeDefinition name="City" type="string">
<Description>City of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Co Area" type="string">
<Description>Controlling Area</Description>
</AttributeDefinition>
<AttributeDefinition name="Comp Code" type="string">
 <Description>Company Code</Description>
</AttributeDefinition>
<AttributeDefinition name="Company Name" type="string">
<Description>Company Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Contract" type="string">
<Description>Work Contract</Description>
</AttributeDefinition>
<AttributeDefinition name="Cost Center" type="string">
<Description>Cost Center</Description>
</AttributeDefinition>
<AttributeDefinition name="Country" type="string">
<Description>Country Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Country Code" type="string">
<Description>Country Code</Description>
</AttributeDefinition>
<AttributeDefinition name="Country of Birth" type="string">
<Description>Country of Birth</Description>
</AttributeDefinition>
<AttributeDefinition name="Country of Birth Code" type="string">
<Description>Country of Birth Code</Description>
</AttributeDefinition>
<AttributeDefinition name="District" type="string">
<Description>District</Description>
</AttributeDefinition>
<AttributeDefinition name="E Group" type="string">
<Description>E Group</Description>
</AttributeDefinition>
<AttributeDefinition name="Email" type="string">
<Description>Email address</Description>
</AttributeDefinition>
<AttributeDefinition name="Employee Number" type="string">
<Description>Employee Number</Description>
</AttributeDefinition>
<AttributeDefinition name="FirstName" type="string">
<Description>First Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Form of Address" type="string">
<Description>Form-of-address key</Description>
</AttributeDefinition>
<AttributeDefinition name="FullName" type="string">
<Description>Full Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Fund" type="string">
<Description>Fund</Description>
</AttributeDefinition>
<AttributeDefinition name="Funds Center" type="string">
<Description>Funds Center</Description>
</AttributeDefinition>
<AttributeDefinition name="Gender" type="string">
<Description>Indicates the gender of the employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Gender Code" type="string">
<Description>Gender Code</Description>
</AttributeDefinition>
<AttributeDefinition name="Id Number" type="string">
<Description>Personnel ID number, such as Social Security
Number</Description>
 </AttributeDefinition>
<AttributeDefinition name="Initials" type="string">
<Description>Initials of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Job" type="string">
<Description>Job</Description>
</AttributeDefinition>
<AttributeDefinition name="Job Description" type="string">
<Description>Job Description</Description>
</AttributeDefinition>
<AttributeDefinition name="Known As" type="string">
<Description>Name which the employee prefers to be
called</Description>
</AttributeDefinition>
<AttributeDefinition name="Language" type="string">
<Description>A language key</Description>
</AttributeDefinition>
<AttributeDefinition name="Language Code" type="string">
<Description>Language Code</Description>
</AttributeDefinition>
<AttributeDefinition name="Language ISO" type="string">
<Description>ISO 639 language code</Description>
</AttributeDefinition>
<AttributeDefinition name="LastName" type="string">
<Description>Last Name</Description>
</AttributeDefinition>
<AttributeDefinition name="LegPerson" type="string">
<Description>Legal Person</Description>
</AttributeDefinition>
<AttributeDefinition name="Marital Status Code" type="string">
<Description>Marital Status Code</Description>
</AttributeDefinition>
<AttributeDefinition name="Marital Status Since" type="string">
<Description>Validity start date for current Marital
status</Description>
</AttributeDefinition>
<AttributeDefinition name="MaritalStatus" type="string">
<Description>Marital Status key</Description>
</AttributeDefinition>
<AttributeDefinition name="MiddleName" type="string">
<Description>Middle Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Name Format Indicator" type="string">
<Description>Name Format Indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="Name State of Birth" type="string">
<Description>Name State of Birth</Description>
</AttributeDefinition>
<AttributeDefinition name="Name Third Nationality" type="string">
<Description>Name Third Nationality</Description>
</AttributeDefinition>
<AttributeDefinition name="Nationality" type="string">
<Description>Nationality</Description>
</AttributeDefinition>
<AttributeDefinition name="Nationality Code" type="string">
<Description>Nationality Code</Description>
 </AttributeDefinition>
<AttributeDefinition name="Number of Children" type="string">
<Description>Number of Children</Description>
</AttributeDefinition>
<AttributeDefinition name="Org Key" type="string">
<Description>Organizational Key </Description>
</AttributeDefinition>
<AttributeDefinition name="Org Unit" type="string">
<Description>Organizational Unit</Description>
</AttributeDefinition>
<AttributeDefinition name="Organization Description"
type="string">
<Description>Organization Description</Description>
</AttributeDefinition>
<AttributeDefinition name="P subArea" type="string">
<Description>Personnel Subarea</Description>
</AttributeDefinition>
<AttributeDefinition name="Payarea" type="string">
<Description>Payroll Area</Description>
</AttributeDefinition>
<AttributeDefinition name="Payrole Admin" type="string">
<Description>Payroll Administrator</Description>
</AttributeDefinition>
<AttributeDefinition name="Personal Admin" type="string">
<Description>Administrator for HR Master Data</Description>
</AttributeDefinition>
<AttributeDefinition name="Personal Area" type="string">
<Description>Personal Area</Description>
</AttributeDefinition>
<AttributeDefinition name="Personal Number" type="string">
<Description>Personal Number</Description>
</AttributeDefinition>
<AttributeDefinition name="Position" type="string">
<Description>Position</Description>
</AttributeDefinition>
<AttributeDefinition name="Position Description" type="string">
<Description>Position Description</Description>
</AttributeDefinition>
<AttributeDefinition name="Reason Code" type="string">
<Description>Reason for Changing Master Data</Description>
</AttributeDefinition>
<AttributeDefinition name="Religion" type="string">
<Description>Name of religion</Description>
</AttributeDefinition>
<AttributeDefinition name="Religion Code" type="string">
<Description>A two-character code used to identify a religious
denomination</Description>
</AttributeDefinition>
<AttributeDefinition name="Second Academic Grade" type="string">
<Description>Second Academic Title</Description>
</AttributeDefinition>
<AttributeDefinition name="Second Address Line" type="string">
<Description>Second Address Line</Description>
</AttributeDefinition>
<AttributeDefinition name="Second Name Prefix" type="string">
<Description>Second Name Prefix</Description>
</AttributeDefinition>
<AttributeDefinition name="Second Nationality" type="string">
<Description>Second Nationality</Description>
 </AttributeDefinition>
<AttributeDefinition name="Second Nationality Code"
type="string">
<Description>Second Nationality Code</Description>
</AttributeDefinition>
<AttributeDefinition name="SecondName" type="string">
<Description>Second Name</Description>
</AttributeDefinition>
<AttributeDefinition name="STAT2_Current" type="string">
<Description>Current employment/job status</Description>
</AttributeDefinition>
<AttributeDefinition name="STAT2_Next" type="string">
<Description>Future employment/job status</Description>
</AttributeDefinition>
<AttributeDefinition name="STAT2_Next_Start_Date" type="string">
<Description>Effective start date of future employment/job
status</Description>
</AttributeDefinition>
<AttributeDefinition name="State" type="string">
<Description>State</Description>
</AttributeDefinition>
<AttributeDefinition name="State Abreviation" type="string">
<Description>State Abreviation</Description>
</AttributeDefinition>
<AttributeDefinition name="State of Birth" type="string">
<Description>State of Birth</Description>
</AttributeDefinition>
<AttributeDefinition name="Sub E Group" type="string">
<Description>Employee Subgroup</Description>
</AttributeDefinition>
<AttributeDefinition name="Supervisor" type="string">
<Description>Supervisor ID</Description>
</AttributeDefinition>
<AttributeDefinition name="Surname Prefix" type="string">
<Description>Surname Prefix</Description>
</AttributeDefinition>
<AttributeDefinition name="System user name (SY-UNAME)"
type="string">
<Description>System user name (SY-UNAME)</Description>
</AttributeDefinition>
<AttributeDefinition name="Telephone" type="string">
<Description>Telephone</Description>
</AttributeDefinition>
<AttributeDefinition name="Third Nationality" type="string">
<Description>Third Nationality</Description>
</AttributeDefinition>
<AttributeDefinition name="Time Admin" type="string">
<Description>Administrator for Time Recording</Description>
</AttributeDefinition>
<AttributeDefinition name="Title" type="string">
<Description>Title</Description>
</AttributeDefinition>
<AttributeDefinition name="Zip Code" type="string">
<Description>Zip Code</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Infotype0000JSON"
type="string">
<Description>Information about Actions InfoType in JSON
format</Description>
 </AttributeDefinition>
<AttributeDefinition name="Effective Dates" type="string">
<Description>Information about last name and manager
changes</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LDAPConnector"
featuresString="AUTHENTICATE, PROVISIONING, SYNC_PROVISIONING, ENABLE, UNLOCK,
PASSWORD, MANAGER_LOOKUP, SEARCH" icon="directory2Icon" name="Novell eDirectory -
Direct Template" type="Novell eDirectory - Direct">
<Attributes>
<Map>
<entry key="charsToEscapeAtEndInDN" value=" "/>
<entry key="charsToEscapeAtStartInDN" value=" #"/>
<entry key="charsToEscapeInDN" value=",+\&quot;&lt;>;"/>
<entry key="charsToEscapeWhileProvisioning" value="/"/>
<entry key="formPath" value="ldapAttributesForm.xhtml"/>
<entry key="groupEntitlementAttr" value="groups"/>
<entry key="iterateModeOverride" value="VIRTUAL_LIST_VIEW"/>
<entry key="keystore"/>
<entry key="lockAttr" value="lockedByIntruder"/>
<entry key="lockVal" value="TRUE"/>
<entry key="passwordAttr" value="userPassword"/>
<entry key="restoreAttr" value="loginDisabled"/>
<entry key="restoreVal" value="TRUE"/>
<entry key="revokeAttr" value="loginDisabled"/>
<entry key="revokeVal" value="TRUE"/>
<entry key="unlockAttr" value="lockedByIntruder"/>
<entry key="unlockVal" value="TRUE"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ldap_user_DN"
helpKey="help_con_prov_policy_ldap_user_DN" name="dn" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_password"
helpKey="help_con_prov_policy_ldap_password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_ldap_full_name"
helpKey="help_con_prov_policy_ldap_full_name" name="CN" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_first_name"
helpKey="help_con_prov_policy_ldap_first_name" name="givenName"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_last_name"
helpKey="help_con_prov_policy_ldap_last_name" name="SN" required="true" section=""
type="string"/>
</Form>
<Form name="group create" objectType="group" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" section="" type="string"/>
</Form>
 <Form name="edit group" objectType="group" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="cn" identityAttribute="dn"
nativeObjectType="inetOrgPerson" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
<Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups a user is a member</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
<Description>home telephone number</Description>
 </AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationaliSDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
</AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="roomNumber" type="string">
 <Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street address of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
<Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
<Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>object classes of the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="passwordExpirationTime" type="string">
<Description>User's password expiration time</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="cn"
featuresString="PROVISIONING" identityAttribute="dn"
nativeObjectType="groupOfNames" objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
 </AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="uniqueMember"/>
</Map>
</Attributes>
</Schema>
</Schemas>
</Application>
<Application
connector="sailpoint.connector.webservices.WebServicesConnector"
featuresString="PROVISIONING, ENABLE, PASSWORD, AUTHENTICATE" name="Web Services"
type="Web Services">
<Attributes>
<Map>
<entry key="createAccountWithEntReq">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="enableHasMore" value="true"/>
<entry key="encrypted"
value="accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private
_key_password,clientCertificate,clientKeySpec,resourceOwnerPassword"/>
<entry key="formPath" value="WebServicesAttributesForm.xhtml"/>
<entry key="httpCookieSpecsStandard" value="true"/>
<entry key="isGetObjectRequiredForPTA">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="oAuthJwtHeader">
<value>
<Map>
<entry key="alg" value="RS256"/>
</Map>
</value>
</entry>
<entry key="oAuthJwtPayload">
<value>
<Map>
<entry key="aud"/>
<entry key="exp" value="15f"/>
<entry key="iss"/>
<entry key="sub"/>
</Map>
</value>
</entry>
<entry key="throwProvAfterRuleException">
<value>
<Boolean>true</Boolean>
</value>
</entry>
 <entry key="throwProvBeforeRuleException">
<value>
<Boolean>true</Boolean>
</value>
</entry>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="" groupAttribute="" identityAttribute=""
nativeObjectType="user" objectType="account"/>
<Schema displayAttribute="" identityAttribute=""
nativeObjectType="group" objectType="group"/>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, ENABLE" icon="internetIcon" name="Workday Accounts"
type="Workday Accounts">
<Attributes>
<Map>
<entry key="XpathAttributesMap">
<value>
<Map>
<entry key="ACCOUNT_DISABLED"
value="ns1:Workday_Account_for_Worker_Data/ns1:Account_Disabled"/>
<entry key="ACCOUNT_EXPIRATION_DATE"
value="ns1:Workday_Account_for_Worker_Data/ns1:Account_Expiration_Date"/>
<entry key="ENABLE_WORKBOX"
value="ns1:Workday_Account_for_Worker_Data/ns1:Enable_Workbox"/>
<entry key="EXEMPT_FROM_DELEGATED_AUTHENTICATION"
value="ns1:Workday_Account_for_Worker_Data/ns1:Exempt_from_Delegated_Authentication
"/>
<entry key="FILENUMBER"
value="ns1:Workday_Account_Reference/ns1:ID[@ns1:type=&apos;Employee_ID&apos;] |
ns1:Workday_Account_Reference/ns1:ID[@ns1:type=&apos;Contingent_Worker_ID&apos;]"/>
<entry key="ONE_TIME_PASSCODE_EXEMPT"
value="ns1:Workday_Account_for_Worker_Data/ns1:One-Time_Passcode_Exempt"/>
<entry key="ONE_TIME_PASSCODE_GRACE_PERIOD_ENABLED"
value="ns1:Workday_Account_for_Worker_Data/ns1:One-
Time_Passcode_Grace_Period_Enabled"/>
<entry
key="ONE_TIME_PASSCODE_GRACE_PERIOD_LOGIN_REMAINING_COUNT"
value="ns1:Workday_Account_for_Worker_Data/ns1:One-
Time_Passcode_Grace_Period_Login_Remaining_Count"/>
<entry key="OPENID_CONNECT_INTERNAL_IDENTIFIER"
value="ns1:Workday_Account_for_Worker_Data/ns1:OpenID_Connect_Internal_Identifier"/
>
<entry key="OPENID_IDENTIFIER"
value="ns1:Workday_Account_for_Worker_Data/ns1:OpenID_Identifier"/>
<entry key="OPENID_INTERNAL_IDENTIFIER"
value="ns1:Workday_Account_for_Worker_Data/ns1:OpenID_Internal_Identifier"/>
<entry key="REQUIRE_NEW_PASSWORD_AT_NEXT_SIGN_IN"
value="ns1:Workday_Account_for_Worker_Data/ns1:Require_New_Password_at_Next_Sign_In
"/>
<entry key="SESSION_TIMEOUT_MINUTES"
value="ns1:Workday_Account_for_Worker_Data/ns1:Session_Timeout_Minutes"/>
<entry key="USERID"
value="ns1:Workday_Account_for_Worker_Data/ns1:User_Name"/>
<entry key="WORKER_TYPE"
value="ns1:Workday_Account_Reference/ns1:ID[@ns1:type=&apos;Employee_ID&apos;]/
@ns1:type |
ns1:Workday_Account_Reference/ns1:ID[@ns1:type=&apos;Contingent_Worker_ID&apos;]/
@ns1:type"/>
</Map>
</value>
</entry>
<entry key="connectorClass"
value="openconnector.connector.workdayaccounts.WorkdayAccountsConnector"/>
<entry key="formPath" value="WorkdayAccountsForm.xhtml"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="USERID" identityAttribute="FILENUMBER"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="USERID"
remediationModificationType="None" required="true" type="string">
<Description>Workday account user name</Description>
</AttributeDefinition>
<AttributeDefinition name="FILENUMBER"
remediationModificationType="None" required="true" type="string">
<Description>Unique identifier for Employee or
Contractor</Description>
</AttributeDefinition>
<AttributeDefinition name="ACCOUNT_DISABLED"
remediationModificationType="None" required="true" type="boolean">
<Description>Identifies whether Workday Account is
disabled</Description>
</AttributeDefinition>
<AttributeDefinition name="REQUIRE_NEW_PASSWORD_AT_NEXT_SIGN_IN"
remediationModificationType="None" type="boolean">
<Description>Indicates whether Workday account will require new
password while next sign in</Description>
</AttributeDefinition>
<AttributeDefinition name="SESSION_TIMEOUT_MINUTES"
remediationModificationType="None" type="string">
<Description>The number of minutes the user may be
idle</Description>
</AttributeDefinition>
<AttributeDefinition name="ONE_TIME_PASSCODE_EXEMPT"
remediationModificationType="None" type="boolean">
<Description>Exempt user from one time passcode
authentication</Description>
</AttributeDefinition>
<AttributeDefinition
name="ONE_TIME_PASSCODE_GRACE_PERIOD_ENABLED" remediationModificationType="None"
type="boolean">
<Description>Disable user's one-time passcode grace
period</Description>
</AttributeDefinition>
<AttributeDefinition
name="ONE_TIME_PASSCODE_GRACE_PERIOD_LOGIN_REMAINING_COUNT"
remediationModificationType="None" type="string">
<Description>The remaining number of times the user can login
without providing a one-time passcode</Description>
</AttributeDefinition>
<AttributeDefinition name="ACCOUNT_EXPIRATION_DATE"
remediationModificationType="None" type="string">
<Description>Prevents user from signing on to the system after
this date</Description>
 </AttributeDefinition>
<AttributeDefinition name="OPENID_IDENTIFIER"
remediationModificationType="None" type="string">
<Description>Email address associated with the OpenID
account</Description>
</AttributeDefinition>
<AttributeDefinition name="OPENID_INTERNAL_IDENTIFIER"
remediationModificationType="None" type="string">
<Description>OpenID GUID</Description>
</AttributeDefinition>
<AttributeDefinition name="OPENID_CONNECT_INTERNAL_IDENTIFIER"
remediationModificationType="None" type="string">
<Description>OpenID Connect subject</Description>
</AttributeDefinition>
<AttributeDefinition name="EXEMPT_FROM_DELEGATED_AUTHENTICATION"
remediationModificationType="None" type="boolean">
<Description>Exempt from Delegated</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKER_TYPE"
remediationModificationType="None" required="true" type="string">
<Description>Workers
type(Employee|Contingent_Worker)</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.NTConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING, UNSTRUCTURED_TARGETS, UNLOCK,
ENABLE, PASSWORD, CURRENT_PASSWORD" icon="directory1Icon" name="Windows Local
Template" type="Windows Local - Direct">
<Attributes>
<Map>
<entry key="disableNonLocalLookup">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="retryableErrors">
<value>
<List>
<String>Errors returned from IQService. The network path
was not found.</String>
</List>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create User" objectType="account" type="Create">
<Field displayName="con_prov_policy_wl_sAMAccountName"
helpKey="help_con_prov_policy_wl_sAMAccountName" name="sAMAccountName"
required="true" reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_wl_Password"
helpKey="help_con_prov_policy_wl_Password" name="password" required="true"
reviewRequired="true" type="secret"/>
<Field displayName="con_prov_policy_wl_Description"
helpKey="help_con_prov_policy_wl_Description" name="Description"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_wl_FullName"
helpKey="help_con_prov_policy_wl_FullName" name="FullName" reviewRequired="true"
type="string"/>
<Field displayName="con_prov_policy_wl_Disable"
helpKey="help_con_prov_policy_wl_Disable" name="IIQDisabled" reviewRequired="true"
type="string" value="false">
<AllowedValues>
<String>true</String>
<String>false</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_wl_PasswordExpired"
helpKey="help_con_prov_policy_wl_PasswordExpired" name="PasswordExpired"
reviewRequired="true" type="string" value="true">
<AllowedValues>
<String>true</String>
<String>false</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_wl_PasswordUnchangeable"
helpKey="help_con_prov_policy_wl_PasswordUnchangeable" name="PasswordUnchangeable"
reviewRequired="true" type="string" value="false">
<AllowedValues>
<String>true</String>
<String>false</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_wl_PasswordNeverExpires"
helpKey="help_con_prov_policy_wl_PasswordNeverExpires" name="PasswordNeverExpires"
reviewRequired="true" type="string" value="false">
<AllowedValues>
<String>true</String>
<String>false</String>
</AllowedValues>
</Field>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Field displayName="con_prov_policy_wl_sAMAccountName"
helpKey="help_con_prov_policy_wl_groupsAMAccountName" name="sAMAccountName"
required="true" reviewRequired="true" type="string"/>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field displayName="con_prov_policy_wl_Description"
helpKey="help_con_prov_policy_wl_groupDescription" name="Description"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_wl_GroupType"
helpKey="help_con_prov_policy_wl_GroupType" name="GroupType" readOnly="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_wl_objectSid"
helpKey="help_con_prov_policy_wl_objectSid" name="objectSid" readOnly="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_wl_DirectoryPath"
helpKey="help_con_prov_policy_wl_DirectoryPath" name="DirectoryPath"
readOnly="true" reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_wl_GroupMembers"
helpKey="help_con_prov_policy_wl_GroupMembers" multi="true" name="MemberGroups"
readOnly="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
 <Schema displayAttribute="sAMAccountName"
identityAttribute="sAMAccountName" nativeObjectType="user" objectType="account">
<AttributeDefinition name="AutoUnlockInterval" type="string">
<Description>Time interval for auto unlocking of locked user
account</Description>
</AttributeDefinition>
<AttributeDefinition name="Disabled" type="string">
<Description>Flag to indicate if the user is
disabled.</Description>
</AttributeDefinition>
<AttributeDefinition name="Description" type="string">
<Description>User's description</Description>
</AttributeDefinition>
<AttributeDefinition name="DirectoryPath" type="string">
<Description>Fully qualified directory path
WinNt://...</Description>
</AttributeDefinition>
<AttributeDefinition name="FullName" type="string">
<Description>User's fullname</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups assigned to a user</Description>
</AttributeDefinition>
<AttributeDefinition name="HomeDirectory" type="string">
<Description>Location of the user's home
directory</Description>
</AttributeDefinition>
<AttributeDefinition name="Lockedout" type="string">
<Description>Flag to indicate a user is locked
out</Description>
</AttributeDefinition>
<AttributeDefinition name="MaxStorage" type="string">
<Description>The maximum amount of disk space the user can
use.</Description>
</AttributeDefinition>
<AttributeDefinition name="MinPasswordLength" type="string">
<Description>Minimum length of the user's
password</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Name of the account unqualified
SAMAccountName</Description>
</AttributeDefinition>
<AttributeDefinition name="objectSid" type="string">
<Description>Windows SID</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordAge" type="string">
<Description>Time duration of the password in use. This
property indicates the number of seconds that have elapsed since the password was
last changed.</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordExpired" type="string">
<Description>Indicates if the password is expired</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordNotRequired" type="string">
<Description>Flag to indicate if the user requires a
password.</Description>
</AttributeDefinition>
 <AttributeDefinition name="PasswordUnchangeable" type="string">
<Description>Flag to indicate if the user password can be
changed.</Description>
</AttributeDefinition>
<AttributeDefinition name="Profile" type="string">
<Description>User's Profile</Description>
</AttributeDefinition>
<AttributeDefinition name="PrimaryGroupID" type="string">
<Description>Id of the user's primary group.</Description>
</AttributeDefinition>
<AttributeDefinition name="sAMAccountName" type="string">
<Description>Fully qualified version of the
sAMAccountName</Description>
</AttributeDefinition>
<AttributeDefinition name="UserFlags" type="string">
<Description>User Flag defined in
ADS_USER_FLAG_ENUM</Description>
</AttributeDefinition>
<AttributeDefinition name="BadPasswordAttempts" type="int">
<Description>Number of consecutive Bad Password Attempts made
last time</Description>
</AttributeDefinition>
<AttributeDefinition name="LoginScript" type="string">
<Description>File path of Login script file</Description>
</AttributeDefinition>
<AttributeDefinition name="HomeDirDrive" type="string">
<Description>Home Directory Drive of the user.</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordNeverExpires" type="string">
<Description>Flag to indicate if the password never
expires.</Description>
</AttributeDefinition>
<AttributeDefinition name="MaxPasswordAge" type="string">
<Description>Indicates the maximum time interval, in seconds,
after which the password must be changed.</Description>
</AttributeDefinition>
<AttributeDefinition name="MinPasswordAge" type="string">
<Description>Indicates the minimum time interval, in seconds,
before the password can be changed.</Description>
</AttributeDefinition>
<AttributeDefinition name="LastLogin" type="string">
<Description>Date and time when user logged in last
time</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="Description"
displayAttribute="sAMAccountName" featuresString="PROVISIONING"
identityAttribute="sAMAccountName" nativeObjectType="group" objectType="group">
<AttributeDefinition name="Description" type="string">
<Description>Group's description</Description>
</AttributeDefinition>
<AttributeDefinition name="DirectoryPath" type="string">
<Description>Fully qualified directory path
WinNt://...</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="MemberGroups"
type="string">
<Description>List of groups assigned to a group</Description>
</AttributeDefinition>
 <AttributeDefinition name="GroupType" type="string">
<Description>Windows SID</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Members" type="string">
<Description>List of users assigned to a group</Description>
</AttributeDefinition>
<AttributeDefinition name="objectSid" type="string">
<Description>Windows SID</Description>
</AttributeDefinition>
<AttributeDefinition name="sAMAccountName" type="string">
<Description>Fully qualified version of the
sAMAccountName</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LDIFConnector"
featuresString="DIRECT_PERMISSIONS, NO_RANDOM_ACCESS, DISCOVER_SCHEMA"
icon="directory2Icon" name="LDIF Template" type="LDIF">
<Schemas>
<Schema displayAttribute="cn" identityAttribute="dn"
nativeObjectType="inetOrgPerson" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
 <AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
<Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups a user is a member</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
<Description>home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationaliSDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
</AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
 <Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="roomNumber" type="string">
<Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street address of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
<Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
<Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>object classes of the entity</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="cn"
identityAttribute="dn" nativeObjectType="groupOfUniqueNames" objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
 </AttributeDefinition>
<AttributeDefinition multi="true" name="uniqueMember"
type="string">
<Description>unique member of a group</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.sm.SMConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING, SEARCH, UNSTRUCTURED_TARGETS,
ENABLE, PASSWORD, UNLOCK" icon="mainframeIcon" name="RACF Full Template" type="RACF
- Full">
<Attributes>
<Map>
<entry key="IBMcharacterSet" value="IBM1047"/>
<entry key="MscsType" value="RACF"/>
<entry key="fieldDelimiter" value="#"/>
<entry key="formPath"
value="SMWithoutContainerAttributesForm.xhtml"/>
<entry key="listDelimiter" value=";"/>
<entry key="removeDefaultGroupConnection" value="true"/>
<entry key="setDefaultGroupAndAccountOwner" value="true"/>
<entry key="splAccountAttributes">
<value>
<Map>
<entry key="RU_LOCKED" value="false"/>
<entry key="RU_SUSPENDED" value="false"/>
</Map>
</value>
</entry>
<entry key="splAceAttributes">
<value>
<Map>
<entry key="ACCESS" value="false"/>
<entry key="INFO.ACC_COUNT" value="false"/>
<entry key="WHEN.APPCPORT" value="false"/>
<entry key="WHEN.CONSOLE" value="false"/>
<entry key="WHEN.JESINPUT" value="false"/>
<entry key="WHEN.PROGRAM" value="false"/>
<entry key="WHEN.SYSID" value="false"/>
<entry key="WHEN.TERMINAL" value="false"/>
</Map>
</value>
</entry>
<entry key="splConnectionAttributes">
<value>
<Map>
<entry key="CONNECTION_ATTRIBUTES" value="true"/>
<entry key="CONNECTION_OWNER" value="true"/>
</Map>
</value>
</entry>
<entry key="splResourceAttributes">
<value>
<Map>
<entry key="APPLDATA" value="false"/>
<entry key="AUDIT.ALL" value="false"/>
<entry key="AUDIT.FAILURES" value="false"/>
<entry key="AUDIT.NONE" value="false"/>
<entry key="AUDIT.SUCCESS" value="false"/>
<entry key="CATEGORY" value="true"/>
<entry key="DATA" value="false"/>
<entry key="DFP.RESOWNER" value="false"/>
<entry key="DLFDATA.JOBNAMES" value="true"/>
<entry key="DLFDATA.RETAIN" value="false"/>
<entry key="ERASE" value="false"/>
<entry key="GENERIC" value="false"/>
<entry key="GLOBALAUDIT.ALL" value="false"/>
<entry key="GLOBALAUDIT.FAILURES" value="false"/>
<entry key="GLOBALAUDIT.NONE" value="false"/>
<entry key="GLOBALAUDIT.SUCCESS" value="false"/>
<entry key="INFO.ALTER_COUNT" value="false"/>
<entry key="INFO.AUTOMATIC" value="false"/>
<entry key="INFO.CONTROL_COUNT" value="false"/>
<entry key="INFO.CREATE_DATE" value="false"/>
<entry key="INFO.CREATGRP" value="false"/>
<entry key="INFO.DATASET_TYPE" value="false"/>
<entry key="INFO.GROUP_CLASS" value="false"/>
<entry key="INFO.LASTCHG_DATE" value="false"/>
<entry key="INFO.LASTREF_DATE" value="false"/>
<entry key="INFO.MEMBER_CLASS" value="false"/>
<entry key="INFO.READ_COUNT" value="false"/>
<entry key="INFO.RESOURCE_GROUP" value="true"/>
<entry key="INFO.TVTOC" value="true"/>
<entry key="INFO.UNKNOWNCAT" value="false"/>
<entry key="INFO.UPDATE_COUNT" value="false"/>
<entry key="LEVEL" value="false"/>
<entry key="MEMBER" value="true"/>
<entry key="NODLFDATA" value="false"/>
<entry key="NOSESSION" value="false"/>
<entry key="NOSTDATA" value="false"/>
<entry key="NOSVFMR" value="false"/>
<entry key="NOTIFY" value="false"/>
<entry key="NOTME" value="false"/>
<entry key="OWNER" value="false"/>
<entry key="RETPD" value="false"/>
<entry key="SECLABEL" value="false"/>
<entry key="SECLEVEL" value="false"/>
<entry key="SESSION.CONVSEC" value="false"/>
<entry key="SESSION.INTERVAL" value="false"/>
<entry key="SESSION.LOCK" value="false"/>
<entry key="SESSION.SESSKEY" value="false"/>
 <entry key="SINGLEDSN" value="false"/>
<entry key="SSIGNON.KEYENCRYPT" value="false"/>
<entry key="STDATA.GROUP" value="false"/>
<entry key="STDATA.PRIVILEGED" value="false"/>
<entry key="STDATA.TRACE" value="false"/>
<entry key="STDATA.TRUSTED" value="false"/>
<entry key="STDATA.USER" value="false"/>
<entry key="SVFMR.PARMNAME" value="false"/>
<entry key="SVFMR.SCRIPTNAME" value="false"/>
<entry key="TIMEZONE" value="false"/>
<entry key="TME.CHILDREN" value="true"/>
<entry key="TME.GROUPS" value="true"/>
<entry key="TME.PARENT" value="false"/>
<entry key="TME.RESOURCE" value="true"/>
<entry key="TME.ROLES" value="true"/>
<entry key="TVTOC" value="false"/>
<entry key="UACC" value="false"/>
<entry key="UNIT" value="false"/>
<entry key="VOLUME" value="false"/>
<entry key="VOLUME_LIST" value="true"/>
<entry key="VOLUME_LIST1" value="true"/>
<entry key="WARNING" value="false"/>
<entry key="WHEN.DAYS" value="true"/>
<entry key="WHEN.TIME" value="false"/>
</Map>
</value>
</entry>
<entry key="splTargetPermissionsInterestingKwds">
<value>
<Map>
<entry key="ACCESS" value="false"/>
<entry key="INFO.ACC_COUNT" value="false"/>
<entry key="WHEN.APPCPORT" value="false"/>
<entry key="WHEN.CONSOLE" value="false"/>
<entry key="WHEN.JESINPUT" value="false"/>
<entry key="WHEN.PROGRAM" value="false"/>
<entry key="WHEN.SYSID" value="false"/>
<entry key="WHEN.TERMINAL" value="false"/>
</Map>
</value>
</entry>
</Map>
</Attributes>
<PasswordPolicies>
<PasswordPolicyHolder name="default">
<PolicyRef>
<Reference class="sailpoint.object.PasswordPolicy"
id="0a000001723313f381723374464400ec" name="RACF Default Password Policy"/>
</PolicyRef>
</PasswordPolicyHolder>
</PasswordPolicies>
<ProvisioningConfig>
<PlanInitializerScript>
<Source>
import java.util.*;
import sailpoint.object.ProvisioningPlan.ObjectOperation;
import sailpoint.object.ProvisioningPlan.ObjectRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.AccountRequest;
 import sailpoint.api.*;
import sailpoint.object.*;
import sailpoint.tools.*;

List accounts = plan.getAccountRequests();

if (accounts != null)
{
for (AccountRequest req : accounts)
{
AccountRequest.Operation op =
req.getOperation();

if (op == AccountRequest.Operation.Delete)
{
req.add(new AttributeRequest("MODE",
"DELETE"));
req.add(new AttributeRequest("DELAY",
"N"));
}
if (op == AccountRequest.Operation.Create)
{
String userId = req.getNativeIdentity();
if (userId != null)
{

req.setNativeIdentity(userId.toUpperCase());
}
}
if(context != null)
{
IdentityService identityService = new
IdentityService(context);
application =
context.getObject(Application.class, req.getApplicationName());
if(application != null)
{
String shouldUseMSAdminDefined = (String)
application.getAttributeValue("useMSAdminDefined");
String msAdmin=null;

if(Util.isNotNullOrEmpty(shouldUseMSAdminDefined))
{
if(shouldUseMSAdminDefined.equals("Y"))
{
List idnList = plan.getRequesters();
if(idnList!=null)
{
if(!idnList.isEmpty())
{
Identity idn=(Identity)
idnList.get(0);
List lnkList =
identityService.getLinks(idn, application);
if(lnkList!=null)
{
if(!lnkList.isEmpty())
{
Link lnk = (Link)
lnkList.get(0);
 //System.out.println("Adding
msAdmin in provisioning plan.");
req.addArgument("msAdmin",
lnk.getDisplayableName());
}
}
else
System.out.println("Requester
does not have a link from application " + application.getName());
}
}
else
System.out.println("No requester
found.");
}
}
//else

//System.out.println("shouldUseMSAdminDefined is not set to Y");

}
}
}
}

List groups = plan.getObjectRequests();

if (groups != null)
{
for (ObjectRequest req : groups)
{
ObjectOperation op = req.getOp();
if (op == ObjectOperation.Delete)
{
req.add(new AttributeRequest("MODE",
"DELETE"));
}
if (op == ObjectOperation.Create)
{
String groupId = req.getNativeIdentity();
if (groupId != null)
{

req.setNativeIdentity(groupId.toUpperCase());
}
}
if(context != null) {
application =
context.getObject(Application.class, req.getApplicationName());
}
List attrRequests = req.getAttributeRequests();
if(attrRequests != null) {
if(application != null) {
Schema grpSchema =
application.getSchema("group");
if(grpSchema != null) {
if(grpSchema.getAttributeNames() !=
null) {
for (AttributeRequest attrreq :
attrRequests) {
if(grpSchema.getAttributeNames().contains(attrreq.getName())) {
if(attrreq.getValue()
instanceof java.lang.String) {

attrreq.setValue(attrreq.getValue().toUpperCase());
}
}
}
}
}
}
}
if(context != null)
{
IdentityService identityService = new
IdentityService(context);
if(application != null)
{
String shouldUseMSAdminDefined = (String)
application.getAttributeValue("useMSAdminDefined");
String msAdmin=null;

if(Util.isNotNullOrEmpty(shouldUseMSAdminDefined))
{
if(shouldUseMSAdminDefined.equals("Y"))
{
List idnList = plan.getRequesters();
if(idnList!=null)
{
if(!idnList.isEmpty())
{
Identity idn=(Identity)
idnList.get(0);
List lnkList =
identityService.getLinks(idn, application);
if(lnkList!=null)
{
if(!lnkList.isEmpty())
{
Link lnk = (Link)
lnkList.get(0);
//System.out.println("Adding
msAdmin in provisioning plan.");
req.addArgument("msAdmin",
lnk.getDisplayableName());
}
}
else
System.out.println("Requester
does not have a link from application " + application.getName());
}
}
else
System.out.println("No requester
found.");
}
}
//else
//System.out.println("shouldUseMSAdminDefined is not set to Y");
}
}
}
}
</Source>
</PlanInitializerScript>
</ProvisioningConfig>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="User ID" name="USER_ID" required="true"
type="string"/>
<Field displayName="DCERT.SERIAL.2" name="DCERT.SERIAL.2"
section="" type="string" value="N"/>
<Field displayName="DCERT.SERIAL.1" name="DCERT.SERIAL.1"
section="" type="string" value="N"/>
<Field displayName="DCERT.TRUST.1" name="DCERT.TRUST.1"
section="" type="string" value="N"/>
<Field displayName="NOPASSWORD" name="NOPASSWORD" section=""
type="string" value="N"/>
<Field displayName="GRPACC" name="GRPACC" section=""
type="string" value="N"/>
<Field displayName="ADSP " name="ADSP" section="" type="string"
value="N"/>
<Field displayName="OIDCARD " name="OIDCARD" section=""
type="string" value="N"/>
<Field displayName="OPERATIONS " name="OPERATIONS" section=""
type="string" value="N"/>
<Field displayName="Password" name="password" required="true"
section="" type="secret"/>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Field displayName="GROUP_ID" name="GROUP_ID" required="true"
section="" type="string"/>
<Field displayName="OWNER" name="OWNER" required="true"
section="" type="string"/>
<Field displayName="UNIVERSAL" name="UNIVERSAL" section=""
type="string" value="N">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field displayName="GROUP_OE_PR" name="GROUP_OE_PR" section=""
type="string"/>
<Field displayName="OWNER" name="OWNER" section=""
type="string"/>
<Field displayName="MODEL" name="MODEL" section=""
type="string"/>
<Field displayName="DATA" name="DATA" section="" type="string"/>
<Field displayName="TERMUACC" name="TERMUACC" section=""
type="string" value="Y">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
 <Field displayName="OMVS.GID" name="OMVS.GID" section=""
type="string"/>
<Field displayName="UNIVERSAL" name="UNIVERSAL" readOnly="true"
section="" type="string"/>
<Field displayName="SUBGROUP" multi="true" name="SUBGROUP"
readOnly="true" section="" type="string"/>
<Field displayName="OVM.GID" name="OVM.GID" section=""
type="string"/>
<Field displayName="DFP.DATAAPPL" name="DFP.DATAAPPL" section=""
type="string"/>
<Field displayName="DFP.DATACLAS" name="DFP.DATACLAS" section=""
type="string"/>
<Field displayName="DFP.MGMTCLAS" name="DFP.MGMTCLAS" section=""
type="string"/>
<Field displayName="DFP.STORCLAS" name="DFP.STORCLAS" section=""
type="string"/>
<Field displayName="TME.ROLES" name="TME.ROLES" section=""
type="string"/>
<Field displayName="INFO.CREATE_DATE" name="INFO.CREATE_DATE"
readOnly="true" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="USER_ID" identityAttribute="USER_ID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="USER_ID" required="true"
type="string">
<Description>RACF ID of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="UG_DEF" required="true" type="string">
<Description>Default group of the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" required="true" schemaObjectType="group" type="string">
<Description>List of groups this user belongs to</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="SYSTEM_ACCESS" type="string">
<Description>SPECIAL, OPERATIONS, AUDITOR OR ROAUDIT privileges
at system level</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.CREATE_DATE.1" required="true"
type="string">
<Description>Certificate creation date</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.OWNER.1" required="true"
type="string">
<Description>Certificate owner</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.SERIAL_NUMBER.1" required="true"
type="string">
<Description>Certificate serial number</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.ISSUER_NAME.1" required="true"
type="string">
<Description>Certificate issuer name</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.TRUST.1" required="true"
type="string">
 <Description>Certificate TRUST value</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.SUBJECT_NAME.1" required="true"
type="string">
<Description>Certificate serial number</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.VALID_NOT_BEFORE.1"
required="true" type="string">
<Description>Local date and time from which the certificate is
valid</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.VALID_NOT_AFTER.1"
required="true" type="string">
<Description>Local date and time after which the certificate is
no longer valid</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.SERIAL_NUMBER.2" required="true"
type="string">
<Description>Certificate serial number</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.ISSUER_NAME.2" required="true"
type="string">
<Description>Certificate issuer name</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.TRUST.2" required="true"
type="string">
<Description>Certificate TRUST value</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.SUBJECT_NAME.2" required="true"
type="string">
<Description>Certificate serial number</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.VALID_NOT_BEFORE.2"
required="true" type="string">
<Description>Local date and time from which the certificate is
valid</Description>
</AttributeDefinition>
<AttributeDefinition name="DCERT.VALID_NOT_AFTER.2"
required="true" type="string">
<Description>Local date and time after which the certificate is
no longer valid</Description>
</AttributeDefinition>
<AttributeDefinition name="RESTRICTED" required="true"
type="string">
<Description>Global access checking is bypassed</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHORITY" required="true"
type="string">
<Description>Group authority level for user in the default
group (USE / CREATE / CONNECT / JOIN)</Description>
</AttributeDefinition>
<AttributeDefinition name="ADSP" required="true" type="string">
<Description>Permanent tape and DASD data sets created by the
user are protected by discrete profiles</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CATEGORY" required="true"
type="string">
<Description>User access to resources is additionally protected
by the security categories</Description>
 </AttributeDefinition>
<AttributeDefinition multi="true" name="CLAUTH" required="true"
type="string">
<Description>Classes in which user is allowed to define
profiles</Description>
</AttributeDefinition>
<AttributeDefinition name="DATA" required="true" type="string">
<Description>Installation-defined data</Description>
</AttributeDefinition>
<AttributeDefinition name="GRPACC" required="true" type="string">
<Description>Group data sets protected by DATASET profiles
defined by this user are automatically accessible to other users in the
group</Description>
</AttributeDefinition>
<AttributeDefinition name="INTERVAL" required="true"
type="string">
<Description>Number of days during which a user's password and
password phrase (if set) remain valid</Description>
</AttributeDefinition>
<AttributeDefinition name="MODEL" required="true" type="string">
<Description>Discrete data set profile name that is used as a
model when new data set profiles are created that have userid as the high-level
qualifier</Description>
</AttributeDefinition>
<AttributeDefinition name="NAME" required="true" type="string">
<Description>User name associated with the user
ID</Description>
</AttributeDefinition>
<AttributeDefinition name="OIDCARD" required="true"
type="string">
<Description>User must supply an operator identification card
when logging onto the system</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERATIONS" required="true"
type="string">
<Description>User has authorization to do maintenance
operations on all RACF-protected resources</Description>
</AttributeDefinition>
<AttributeDefinition name="OWNER" required="true" type="string">
<Description>Owner User or owner group</Description>
</AttributeDefinition>
<AttributeDefinition name="RESUME_DATE" required="true"
type="string">
<Description>Starting date when user will be allowed to access
the system again</Description>
</AttributeDefinition>
<AttributeDefinition name="REVOKE_DATE" required="true"
type="string">
<Description>Starting date when user will be disallowed to
access the system</Description>
</AttributeDefinition>
<AttributeDefinition name="SECLABEL" required="true"
type="string">
<Description>Default security label</Description>
</AttributeDefinition>
<AttributeDefinition name="SECLEVEL" required="true"
type="string">
<Description>Security level of user</Description>
</AttributeDefinition>
 <AttributeDefinition name="UAUDIT" required="true" type="string">
<Description>RACF logs most events and changed done by the
user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="WHEN.DAYS"
required="true" type="string">
<Description>Days of the week when the user is allowed to
access the system from a terminal</Description>
</AttributeDefinition>
<AttributeDefinition name="WHEN.TIME" required="true"
type="string">
<Description>Hours in the day when the user is allowed to
access the system from a terminal</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.INTERVAL" required="true"
type="string">
<Description>Number of days during which a user's password and
password phrase (if set) remain valid</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.CREATE_DATE" required="true"
type="string">
<Description>Date when user was defined to RACF</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.LAST_LOGIN_DATE" required="true"
type="string">
<Description>Last date user login to system</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.LAST_LOGIN_TIME" required="true"
type="string">
<Description>Last time in INFO.LAST_LOGIN_DATE when user login
to system</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.PASSCHG_DATE" required="true"
type="string">
<Description>Last date user changed his password</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.PHRSCHG_DATE" required="true"
type="string">
<Description>Last date user changed password
phrase</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.UNKNOWNCAT" required="true"
type="string">
<Description>Security level unknown category</Description>
</AttributeDefinition>
<AttributeDefinition name="CICS.OPIDENT" required="true"
type="string">
<Description>Operator ID for use by BMS - CICS
segment</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CICS.OPCLASS"
required="true" type="string">
<Description>classes assigned to this operator to which BMS
(basic mapping support) messages are to be routed - CICS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="CICS.OPPRTY" required="true"
type="string">
<Description>Priority of the operator - CICS
segment</Description>
 </AttributeDefinition>
<AttributeDefinition name="CICS.TIMEOUT" required="true"
type="string">
<Description>Time, in hours and minutes, that the operator is
allowed to be idle before being signed off. - CICS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="CICS.XRFSOFF" required="true"
type="string">
<Description>FORCE means that the user is signed off by CICS
when an XRF takeover occurs - CICS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DFP.DATAAPPL" required="true"
type="string">
<Description>DFP data application identifier - DFP
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DFP.DATACLAS" required="true"
type="string">
<Description>Default data class - DFP segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DFP.MGMTCLAS" required="true"
type="string">
<Description>Default management class - DFP
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DFP.STORCLAS" required="true"
type="string">
<Description>Default storage class - DFP segment</Description>
</AttributeDefinition>
<AttributeDefinition name="LANGUAGE.PRIMARY" required="true"
type="string">
<Description>Primary language of user</Description>
</AttributeDefinition>
<AttributeDefinition name="LANGUAGE.SECONDARY" required="true"
type="string">
<Description>Secondary language of user</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.ALTGRP" required="true"
type="string">
<Description>Alternate console group used in recovery -
OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.AUTH"
required="true" type="string">
<Description>authority this console has to issue operator
commands (MASTER,ALL,INFO,CONS,IO,SYS) - OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.AUTO" required="true"
type="string">
<Description>Whether the extended console can receive messages
that have been automated by the Message Processing Facility (MPF) in the sysplex
(YES / NO) - OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.CMDSYS" required="true"
type="string">
<Description>System name to which commands issued from this
console are sent - OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.DOM" required="true"
type="string">
<Description>Whether this console receives delete operator
message (DOM)requests (NORMAL / ALL / NONE) - OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.KEY" required="true"
type="string">
<Description>Name to display information for all consoles with
the specified key by using the MVS command DISPLAY CONSOLES,KEY - OPERPARM
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.LEVEL" required="true"
type="string">
<Description>Messages this console receives (R, I, CE, E, IN,
NB or ALL) - OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.LOGCMDRESP" required="true"
type="string">
<Description>Whether command responses are logged (YES / NO) -
OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.MFORM"
required="true" type="string">
<Description>Format in which messages are displayed at the
console (J, M, S, T, X) - OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.MIGID" required="true"
type="string">
<Description>Migration ID which is assigned to this console -
OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.MONITOR"
required="true" type="string">
<Description>Information displayed when jobs, TSO sessions, or
data set status are being monitored - OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.MSCOPE"
required="true" type="string">
<Description>Systems from which this console can receive
messages that are not directed to a specific console - OPERPARM
segment</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.ROUTCODE"
required="true" type="string">
<Description>Routing codes of messages this console receives -
OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.STORAGE" required="true"
type="string">
<Description>Amount of storage in megabytes in the TSO address
space that can be used for message queuing to this console - OPERPARM
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.UD" required="true"
type="string">
<Description>Whether this console is to receive undelivered
messages (YES / NO) - OPERPARM segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.ACCTNUM" required="true"
type="string">
 <Description>Default TSO account number when logging on - TSO
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.COMMAND" required="true"
type="string">
<Description>Command run during TSO logon - TSO
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.DEST" required="true"
type="string">
<Description>Default destination to which the system routes
dynamically-allocated SYSOUT data sets - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.HOLDCLASS" required="true"
type="string">
<Description>Default hold class - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.JOBCLASS" required="true"
type="string">
<Description>Default job class - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.MAXSIZE" required="true"
type="string">
<Description>Maximum region size the user can request at logon
- TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.MSGCLASS" required="true"
type="string">
<Description>Default message class - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.PROC" required="true"
type="string">
<Description>Default logon procedure name when logging on
through TSO logon panel - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.SECLABEL" required="true"
type="string">
<Description>Security label entered or used during TSO LOGON -
TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.SIZE" required="true"
type="string">
<Description>Default or requested region size during TSO logon
- TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.SYSOUTCLASS" required="true"
type="string">
<Description>Default SYSOUT class - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.UNIT" required="true"
type="string">
<Description>Default name of a device or group of devices that
a procedure uses for allocations - TSO segment</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO.USERDATA" required="true"
type="string">
<Description>Optional installation data defined for the user -
TSO segment</Description>
</AttributeDefinition>
 <AttributeDefinition name="WORKATTR.WAACCNT" required="true"
type="string">
<Description>Account number for APPC processing - part of
WORKATTR segment.</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAADDR1" required="true"
type="string">
<Description>Additional address line #1 for SYSOUT delivery -
part of WORKATTR segment.</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAADDR2" required="true"
type="string">
<Description>Additional address line #2 for SYSOUT delivery -
part of WORKATTR segment.</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAADDR3" required="true"
type="string">
<Description>Additional address line #3 for SYSOUT delivery -
part of WORKATTR segment.</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAADDR4" required="true"
type="string">
<Description>Additional address line #4 for SYSOUT delivery -
part of WORKATTR segment.</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WABLDG" required="true"
type="string">
<Description>Building that SYSOUT information is to be
delivered to - part of WORKATTR segment.</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WADEPT" required="true"
type="string">
<Description>Department that SYSOUT information is to be
delivered to - part of WORKATTR segment.</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WANAME" required="true"
type="string">
<Description>User name that SYSOUT information is to be
delivered to - part of WORKATTR segment.</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAROOM" required="true"
type="string">
<Description>Room that SYSOUT information is to be delivered
to. - part of WORKATTR segment.</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.ASSIZEMAX" required="true"
type="string">
<Description>RLIMIT_AS hard limit (maximum) resource value that
processes receive when they are dubbed a process - OMVS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.CPUTIMEMAX" required="true"
type="string">
<Description>RLIMIT_CPU hard limit (maximum) resource value
that OMVS processes receive when they are dubbed a process - OMVS
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.FILEPROCMAX" required="true"
type="string">
<Description>Maximum number of files this user is allowed to
have concurrently active or open - OMVS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.HOME" required="true"
type="string">
<Description>OMVS initial directory pathname - OMVS
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.MMAPAREAMAX" required="true"
type="string">
<Description>Maximum amount of data space storage, in pages,
that can be allocated by the user for memory mappings of OMVS files - OMVS
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.PROCUSERMAX" required="true"
type="string">
<Description>Maximum number of processes this user is allowed
to have active at the same time, regardless of how the process became OMVS process
- OMVS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.PROGRAM" required="true"
type="string">
<Description>First program started when TSO command OMVS is
entered or when a batch job is started using the BPXBATCH program - OMVS
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.THREADSMAX" required="true"
type="string">
<Description>Maximum number of pthread_create threads,
including those running, queued, and exited but not detached, that this user can
have concurrently active - OMVS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.UID" required="true"
type="string">
<Description>OMVS User identifier - OMVS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="LNOTES.SNAME" required="true"
type="string">
<Description>Lotus Notes for zOS short-name of the user -
LNOTES segment</Description>
</AttributeDefinition>
<AttributeDefinition name="NDS.UNAME" required="true"
type="string">
<Description>Novell Directory Services for zOS user-name of the
user - NDS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.CONSNAME" required="true"
type="string">
<Description>Default MCS console name used for this operator.
Relevant when no console name is used on the NetView GETCONID command - NETVIEW
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.CTL" required="true"
type="string">
<Description>Whether a security check is performed for this
NetView operator when trying to use a span or trying to do a cross-domain logon
(GENERAL, GLOBAL, SPECIFIC) - NETVIEW segment</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.DOMAINS" required="true"
type="string">
 <Description>Identifiers of NetView programs in another NetView
domain where this operator can start a cross-domain session - NETVIEW
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.IC" required="true"
type="string">
<Description>Command or command list to be processed by NetView
for this operator when this operator logs on to NetView - NETVIEW
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.MSGRECVR" required="true"
type="string">
<Description>Whether this operator is to receive unsolicited
messages that are not routed to a specific NetView operator - NETVIEW
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.NGMFADMN" required="true"
type="string">
<Description>Whether a NetView operator has administrator
authority to the NetView Graphic Monitor Facility (NGMF). - NETVIEW
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.NGMFVSPN" required="true"
type="string">
<Description>Reserved for future use by the NetView Graphic
Monitor Facility - NETVIEW segment</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="NETVIEW.OPCLASS"
required="true" type="string">
<Description>NetView scope classes for which the operator has
authority - NETVIEW segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DCE.AUTOLOGIN" required="true"
type="string">
<Description>Whether OMVS DCE is to log this user into OMVS DCE
automatically - DCE segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DCE.DCENAME" required="true"
type="string">
<Description>DCE principal name defined for this RACF user in
the DCE registry - DCE segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DCE.HOMECELL" required="true"
type="string">
<Description>DCE cell name defined for this RACF user - DCE
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DCE.HOMEUUID" required="true"
type="string">
<Description>DCE universal unique identifier (UUID) for the
cell that this user is defined to - DCE segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DCE.UUID" required="true"
type="string">
<Description>DCE universal unique identifier (UUID) of the DCE
principal defined in DCENAME - DCE segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OVM.FSROOT" required="true"
type="string">
 <Description>Pathname for the file system root - OVM
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OVM.HOME" required="true"
type="string">
<Description>Initial directory pathname - OVM
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OVM.PROGRAM" required="true"
type="string">
<Description>PROGRAM pathname of OMVS shell program) - OVM
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OVM.UID" required="true"
type="string">
<Description>User identifier - OVM segment</Description>
</AttributeDefinition>
<AttributeDefinition name="PROXY.LDAPHOST" required="true"
type="string">
<Description>URL of the LDAP server which the zOS LDAP server
contacts when acting as a proxy on behalf of a requester - PROXY
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="PROXY.BINDDN" required="true"
type="string">
<Description>Distinguished name (DN) which the zOS LDAP server
uses when acting as a proxy on behalf of a requester - PROXY segment</Description>
</AttributeDefinition>
<AttributeDefinition name="PROXY.BINDPW" required="true"
type="string">
<Description>Password which the zOS LDAP server uses when
acting as a proxy on behalf of a requester - PROXY segment</Description>
</AttributeDefinition>
<AttributeDefinition name="RACF_REVOKE_REASON" type="string">
<Description>Revoke reason of account</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="GROUP_ID" featuresString="PROVISIONING"
identityAttribute="GROUP_ID" nativeObjectType="group" objectType="group">
<AttributeDefinition name="GROUP_ID"
remediationModificationType="None" required="true" type="string">
<Description>RACF ID of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="OWNER"
remediationModificationType="None" required="true" type="string">
<Description>RACF defined user or group which is the owner of
the group</Description>
</AttributeDefinition>
<AttributeDefinition name="UNIVERSAL"
remediationModificationType="None" required="true" type="string">
<Description>Universal group with effectively unlimited number
of users who may be connected to it</Description>
</AttributeDefinition>
<AttributeDefinition name="MODEL"
remediationModificationType="None" required="true" type="string">
<Description>A discrete MVS data set profile whcih is the model
for new data sets of this group</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.CREATE_DATE"
remediationModificationType="None" required="true" type="string">
<Description>Date when this group was defined to
RACF</Description>
</AttributeDefinition>
<AttributeDefinition name="DATA"
remediationModificationType="None" required="true" type="string">
<Description>Installation-defined data</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="SUBGROUP"
remediationModificationType="None" required="true" type="string">
<Description>List of all groups which this group is their
SUPGROUP</Description>
</AttributeDefinition>
<AttributeDefinition name="TERMUACC"
remediationModificationType="None" required="true" type="string">
<Description>During terminal authorization checking, RACF
allows any user in the group access to a terminal based on the universal access
authority for that terminal</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.GID"
remediationModificationType="None" required="true" type="string">
<Description>Group identifier - OMVS segment</Description>
</AttributeDefinition>
<AttributeDefinition name="OVM.GID"
remediationModificationType="None" required="true" type="string">
<Description>OpenExtensions VM group identifier - OVM
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DFP.DATAAPPL"
remediationModificationType="None" required="true" type="string">
<Description>DFP data application identifier - DFP
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DFP.DATACLAS"
remediationModificationType="None" required="true" type="string">
<Description>Default data class - DFP segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DFP.MGMTCLAS"
remediationModificationType="None" required="true" type="string">
<Description>Default management class - DFP
segment</Description>
</AttributeDefinition>
<AttributeDefinition name="DFP.STORCLAS"
remediationModificationType="None" required="true" type="string">
<Description>Default storage class - DFP segment</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="TME.ROLES"
remediationModificationType="None" required="true" type="string">
<Description>List of roles that reference this group - TME
segment</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LDAPConnector"
featuresString="AUTHENTICATE, PROVISIONING, SYNC_PROVISIONING, ENABLE, PASSWORD,
MANAGER_LOOKUP, SEARCH" icon="directory2Icon" name="ADAM Template" type="ADAM -
Direct">
<Attributes>
 <Map>
<entry key="deletedObjectsContainer" value="CN=Deleted
Objects,DOMAIN"/>
<entry key="enableaccountattr" value="TRUE"/>
<entry key="formPath" value="ldapAttributesForm.xhtml"/>
<entry key="groupEntitlementAttr" value="memberOf"/>
<entry key="keystore"/>
<entry key="passwordAttr" value="userPassword"/>
<entry key="restoreAction" value="REPLACE"/>
<entry key="restoreAttr" value="msDS-UserAccountDisabled"/>
<entry key="restoreVal" value="FALSE"/>
<entry key="revokeAttr" value="msDS-UserAccountDisabled"/>
<entry key="revokeVal" value="TRUE"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ldap_user_DN"
helpKey="help_con_prov_policy_ldap_user_DN" name="dn" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_password"
helpKey="help_con_prov_policy_ldap_password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_ldap_first_name"
helpKey="help_con_prov_policy_ldap_first_name" name="givenName"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_last_name"
helpKey="help_con_prov_policy_ldap_last_name" name="SN" required="true" section=""
type="string"/>
</Form>
<Form name="group create" objectType="group" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="edit group" objectType="group" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="cn" identityAttribute="dn"
nativeObjectType="user" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
 <Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
<Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="memberOf" schemaObjectType="group" type="string">
<Description>List of groups a user is a member</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
<Description>home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationalISDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
 <AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
</AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="roomNumber" type="string">
<Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street address of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
 </AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
<Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
<Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>object classes of the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdLastSet" type="string">
<Description>User password last set time</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="cn"
featuresString="PROVISIONING" identityAttribute="dn" nativeObjectType="group"
objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="member"/>
</Map>
</Attributes>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LDAPConnector"
featuresString="AUTHENTICATE, CURRENT_PASSWORD, PROVISIONING, SYNC_PROVISIONING,
PASSWORD, MANAGER_LOOKUP, SEARCH, UNLOCK" icon="directory2Icon" name="TDS Template"
type="IBM Tivoli DS - Direct">
<Attributes>
<Map>
 <entry key="LDAPApplicationVersion" value="2.0"/>
<entry key="charsToEscapeAtEndInDN" value=" "/>
<entry key="charsToEscapeAtStartInDN" value=" #"/>
<entry key="charsToEscapeInDN" value=",+\&quot;&lt;>;"/>
<entry key="charsToEscapeWhileProvisioning" value="/"/>
<entry key="disablePooling" value="true"/>
<entry key="formPath" value="ldapNISAttributesForm.xhtml"/>
<entry key="groupEntitlementAttr" value="groups"/>
<entry key="keystore"/>
<entry key="lockAttr" value="pwdAccountLockedTime"/>
<entry key="passwordAttr" value="userPassword"/>
<entry key="unlockAttr">
<value>
<List>
<String>pwdFailureTime</String>
<String>pwdAccountLockedTime</String>
</List>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ldap_user_DN"
helpKey="help_con_prov_policy_ldap_user_DN" name="dn" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_password"
helpKey="help_con_prov_policy_ldap_password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_ldap_full_name"
helpKey="help_con_prov_policy_ldap_full_name" name="CN" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_first_name"
helpKey="help_con_prov_policy_ldap_first_name" name="givenName"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_last_name"
helpKey="help_con_prov_policy_ldap_last_name" name="SN" required="true" section=""
type="string"/>
</Form>
<Form name="group create" objectType="group" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_member"
helpKey="help_con_prov_policy_ldap_member" name="uniquemember" required="true"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="group create" objectType="posixgroup" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_ldap_GID"
helpKey="help_con_prov_policy_ldap_GID" name="gidNumber" required="true"
reviewRequired="true" section="" type="int"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" type="string"/>
</Form>
<Form name="group create" objectType="nisNetgroup" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" type="string"/>
</Form>
<Form name="edit group" objectType="group" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" section="" type="string"/>
</Form>
<Form name="edit group" objectType="posixgroup" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" type="string"/>
</Form>
<Form name="edit group" objectType="nisNetgroup" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="cn" identityAttribute="dn"
nativeObjectType="inetOrgPerson" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
 </AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
<Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups a user is a member</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="posixgroups" schemaObjectType="posixgroup" type="string">
<Description>List of posix groups a user is a
member</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="nisNetgroups" schemaObjectType="nisNetgroup" type="string">
<Description>List of nisnet groups a user is a
member</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
<Description>home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationaliSDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
 <AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
</AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdReset" type="string">
<Description>specifies whether the password has been reset by
admin</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="roomNumber" type="string">
<Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street address of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
 <Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
<Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>object classes of the entity</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="cn"
featuresString="PROVISIONING" identityAttribute="dn"
nativeObjectType="groupOfUniqueNames" objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="uniqueMember"
type="string">
<Description>unique member of a group</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="uniqueMember"/>
<entry key="memberAttribute" value="dn"/>
</Map>
</Attributes>
</Schema>
<Schema displayAttribute="cn" featuresString="PROVISIONING"
identityAttribute="dn" nativeObjectType="nisNetgroup" objectType="nisNetgroup">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="nisNetgroupTriple"
type="string">
<Description>unique member of a nisNetgroup</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
 </AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="nisNetgroupTriple"/>
<entry key="memberAttribute">
<value>
<List>
<String>cn</String>
<String>uid</String>
</List>
</value>
</entry>
<entry key="memberPrefix" value="{,"/>
<entry key="memberSuffix" value=",}"/>
</Map>
</Attributes>
</Schema>
<Schema displayAttribute="cn" featuresString="PROVISIONING"
identityAttribute="dn" nativeObjectType="posixgroup" objectType="posixgroup">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="memberUid" type="string">
<Description>unique member of a posixGroup</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="gidNumber" type="string">
<Description>Group ID</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="memberUid"/>
<entry key="memberAttribute">
<value>
<List>
<String>cn</String>
<String>uid</String>
</List>
</value>
</entry>
</Map>
</Attributes>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="DISCOVER_SCHEMA, PROVISIONING, SYNC_PROVISIONING, UNLOCK, ENABLE,
SEARCH, AUTHENTICATE, PASSWORD, CURRENT_PASSWORD" icon="internetIcon" name="Okta"
type="Okta">
<Attributes>
 <Map>
<entry key="accountReadOnlyAttribute">
<value>
<List>
<String>id</String>
<String>activated</String>
<String>created</String>
<String>status</String>
<String>lastLogin</String>
<String>lastUpdated</String>
<String>passwordChanged</String>
<String>statusChanged</String>
</List>
</value>
</entry>
<entry key="connectorClass"
value="openconnector.connector.okta.OktaConnector"/>
<entry key="encrypted" value="apiToken"/>
<entry key="formPath" value="OktaAttributesForm.xhtml"/>
<entry key="groupAggFilter" value="type eq &quot;BUILT_IN&quot;
or type eq &quot;OKTA_GROUP&quot;"/>
<entry key="groupReadOnlyAttribute">
<value>
<List>
<String>lastUpdated</String>
<String>created</String>
<String>lastMembershipUpdated</String>
<String>type</String>
<String>objectClass</String>
</List>
</value>
</entry>
<entry key="maxPermissibleCalls" value="20"/>
<entry key="restEndPointMap">
<value>
<Map>
<entry key="apps" value="/api/v1/apps"/>
<entry key="auth" value="/api/v1/authn"/>
<entry key="currentUser" value="/api/v1/users/me"/>
<entry key="groups" value="/api/v1/groups"/>
<entry key="logs" value="/api/v1/logs"/>
<entry key="schemas"
value="/api/v1/meta/schemas/user/default"/>
<entry key="users" value="/api/v1/users"/>
</Map>
</value>
</entry>
<entry key="retryableErrors">
<value>
<List>
<String>failed to respond</String>
</List>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create Account" objectType="account" type="Create">
<Attributes>
 <Map>
<entry key="pageTitle" value="Create Account"/>
</Map>
</Attributes>
<Section>
<Field displayName="con_prov_policy_okta_firstname"
helpKey="help_con_prov_policy_okta_firstName" name="firstName" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_okta_lastname"
helpKey="help_con_prov_policy_okta_lastName" name="lastName" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_okta_email"
helpKey="help_con_prov_policy_okta_email" name="email" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_okta_login"
helpKey="help_con_prov_policy_okta_login" name="login" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_okta_activate"
helpKey="help_con_prov_policy_okta_activate" name="activate" required="true"
reviewRequired="true" type="boolean" value="true"/>
<Field displayName="con_prov_policy_okta_password"
helpKey="help_con_prov_policy_okta_password" name="password" reviewRequired="true"
type="secret"/>
<Field displayName="con_prov_policy_okta_providerType"
helpKey="help_con_prov_policy_okta_providerType" name="providerType"
reviewRequired="true" type="string">
<AllowedValuesDefinition>
<Value>
<List>
<String>FEDERATION</String>
<String>SOCIAL</String>
<String>OKTA</String>
<String>ACTIVE_DIRECTORY</String>
<String>LDAP</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field displayName="con_prov_policy_okta_providerName"
helpKey="help_con_prov_policy_okta_providerName" name="providerName"
reviewRequired="true" type="string"/>
</Section>
</Form>
<Form name="Disable Account" objectType="account" type="Disable">
<Attributes>
<Map>
<entry key="pageTitle" value="Disable Account"/>
</Map>
</Attributes>
<Section>
<Field displayName="con_prov_policy_okta_status"
helpKey="help_con_prov_policy_okta_status" name="status" required="true"
reviewRequired="true" type="string" value="Suspend">
<AllowedValuesDefinition>
<Value>
<List>
<String>Suspend</String>
<String>Deprovision</String>
</List>
 </Value>
</AllowedValuesDefinition>
</Field>
</Section>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Attributes>
<Map>
<entry key="pageTitle" value="Create Group"/>
</Map>
</Attributes>
<Section>
<Field displayName="con_prov_policy_okta_group_name"
helpKey="help_con_prov_policy_okta_groupName" name="name" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_okta_group_description"
helpKey="help_con_prov_policy_okta_groupDesc" name="description"
reviewRequired="true" type="string"/>
</Section>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="login" identityAttribute="id"
instanceAttribute="" nativeObjectType="user" objectType="account">
<AttributeDefinition name="id" type="string">
<Description>Unique key for user</Description>
</AttributeDefinition>
<AttributeDefinition name="login" type="string">
<Description>Unique identifier for the user
(username)</Description>
</AttributeDefinition>
<AttributeDefinition name="email" type="string">
<Description>Primary email address of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="secondEmail" type="string">
<Description>Secondary email address of user typically used for
account recovery</Description>
</AttributeDefinition>
<AttributeDefinition name="firstName" type="string">
<Description>First name of user</Description>
</AttributeDefinition>
<AttributeDefinition name="lastName" type="string">
<Description>Last name of user</Description>
</AttributeDefinition>
<AttributeDefinition name="middleName" type="string">
<Description>Middle name(s) of user</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>Name of the user, suitable for display to end
users</Description>
</AttributeDefinition>
<AttributeDefinition name="nickName" type="string">
<Description>Casual way to address the user in real
life</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>User's title, such as "Vice
President"</Description>
</AttributeDefinition>
 <AttributeDefinition name="honorificPrefix" type="string">
<Description>Honorific prefix(es) of the user, or title in most
Western languages</Description>
</AttributeDefinition>
<AttributeDefinition name="honorificSuffix" type="string">
<Description>Honorific suffix(es) of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="profileUrl" type="string">
<Description>URL of user's online profile (e.g. a web
page)</Description>
</AttributeDefinition>
<AttributeDefinition name="primaryPhone" type="string">
<Description>Primary phone number of user such as home
number</Description>
</AttributeDefinition>
<AttributeDefinition name="mobilePhone" type="string">
<Description>Mobile phone number of user</Description>
</AttributeDefinition>
<AttributeDefinition name="streetAddress" type="string">
<Description>Full street address component of user's
address</Description>
</AttributeDefinition>
<AttributeDefinition name="city" type="string">
<Description>City or locality component of user's
address</Description>
</AttributeDefinition>
<AttributeDefinition name="state" type="string">
<Description>State or region component of user's
address</Description>
</AttributeDefinition>
<AttributeDefinition name="zipCode" type="string">
<Description>Zip code or postal code component of user's
address</Description>
</AttributeDefinition>
<AttributeDefinition name="countryCode" type="string">
<Description>Country name component of user's
address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>Mailing address component of user's
address</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>User's preferred written or spoken
languages</Description>
</AttributeDefinition>
<AttributeDefinition name="locale" type="string">
<Description>User's default location for purposes of localizing
items such as currency, date time format, numerical representations
etc.</Description>
</AttributeDefinition>
<AttributeDefinition name="timezone" type="string">
<Description>User's time zone</Description>
</AttributeDefinition>
<AttributeDefinition name="userType" type="string">
<Description>Used to identify the organization to user
relationship such as "Employee" or "Contractor"</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
 <Description>Organization or company assigned unique identifier
for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="costCenter" type="string">
<Description>Name of cost center assigned to the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="organization" type="string">
<Description>Name of user's organization</Description>
</AttributeDefinition>
<AttributeDefinition name="division" type="string">
<Description>Name of user's division</Description>
</AttributeDefinition>
<AttributeDefinition name="department" type="string">
<Description>Name of user's department</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>Display name of the user's manager</Description>
</AttributeDefinition>
<AttributeDefinition name="managerId" type="string">
<Description>ID of a user's manager</Description>
</AttributeDefinition>
<AttributeDefinition name="status" type="string">
<Description>Status of the user. e.g. ACTIVE, PROVISIONED,
DEPROVISIONED etc.</Description>
</AttributeDefinition>
<AttributeDefinition name="created" type="string">
<Description>Timestamp of user creation</Description>
</AttributeDefinition>
<AttributeDefinition name="activated" type="string">
<Description>Timestamp when transition to ACTIVE status
completed</Description>
</AttributeDefinition>
<AttributeDefinition name="statusChanged" type="string">
<Description>Timestamp when status last changed</Description>
</AttributeDefinition>
<AttributeDefinition name="lastUpdated" type="string">
<Description>Timestamp when user was last updated</Description>
</AttributeDefinition>
<AttributeDefinition name="lastLogin" type="string">
<Description>Timestamp of last login</Description>
</AttributeDefinition>
<AttributeDefinition name="passwordChanged" type="string">
<Description>Timestamp when password was last
changed</Description>
</AttributeDefinition>
<AttributeDefinition name="providerType"
remediationModificationType="None" type="string">
<Description>Type of the credential provider</Description>
</AttributeDefinition>
<AttributeDefinition name="providerName"
remediationModificationType="None" type="string">
<Description>Name of the credential provider</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>Groups assigned to the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="applications" schemaObjectType="application" type="string">
<Description>Applications assigned to the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" type="string">
<Description>Administrator roles assigned to the
user</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" descriptionAttribute="description"
displayAttribute="name" featuresString="PROVISIONING" identityAttribute="groupId"
nativeObjectType="group" objectType="group">
<AttributeDefinition name="groupId"
remediationModificationType="None" type="string">
<Description>Unique key for group</Description>
</AttributeDefinition>
<AttributeDefinition name="name"
remediationModificationType="None" type="string">
<Description>Name of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="created"
remediationModificationType="None" type="string">
<Description>Timestamp when group was created</Description>
</AttributeDefinition>
<AttributeDefinition name="description"
remediationModificationType="None" type="string">
<Description>Description of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="lastMembershipUpdated"
remediationModificationType="None" type="string">
<Description>Timestamp when group's memberships were last
updated</Description>
</AttributeDefinition>
<AttributeDefinition name="type"
remediationModificationType="None" type="string">
<Description>Determines how a group's profile and memberships
are managed</Description>
</AttributeDefinition>
<AttributeDefinition name="lastUpdated"
remediationModificationType="None" type="string">
<Description>Timestamp when group's profile was last
updated</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
remediationModificationType="None" type="string">
<Description>Determines the group's profile</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="applications"
schemaObjectType="application" type="string">
<Description>Applications assigned to group</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="label"
identityAttribute="applicationId" nativeObjectType="application"
objectType="application">
<AttributeDefinition name="applicationId"
remediationModificationType="None" type="string">
<Description>Unique key for application</Description>
</AttributeDefinition>
 <AttributeDefinition name="name"
remediationModificationType="None" type="string">
<Description>Unique key for application
definition</Description>
</AttributeDefinition>
<AttributeDefinition name="label"
remediationModificationType="None" type="string">
<Description>Unique user-defined display name for
application</Description>
</AttributeDefinition>
<AttributeDefinition name="created"
remediationModificationType="None" type="string">
<Description>Timestamp when application was
created</Description>
</AttributeDefinition>
<AttributeDefinition name="status"
remediationModificationType="None" type="string">
<Description>Status of application</Description>
</AttributeDefinition>
<AttributeDefinition name="signOnMode"
remediationModificationType="None" type="string">
<Description>Authentication mode of application</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="features"
remediationModificationType="None" type="string">
<Description>Enabled application features</Description>
</AttributeDefinition>
<AttributeDefinition name="lastUpdated"
remediationModificationType="None" type="string">
<Description>Timestamp when application was last
updated</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="SEARCH, PROVISIONING" icon="internetIcon" name="Oracle Fusion HCM"
type="Oracle Fusion HCM">
<Attributes>
<Map>
<entry key="attributeMappings">
<value>
<Map>
<entry key="ADDRESS_LINE_1" value="AddressLine1"/>
<entry key="ADDRESS_LINE_2" value="AddressLine2"/>
<entry key="ADDRESS_LINE_3" value="AddressLine3"/>
<entry key="ASSIGNMENT_ACTION_CODE" value="assignments[?
(@.PrimaryWorkRelationFlag==true)].ActionCode"/>
<entry key="ASSIGNMENT_BUSINESS_UNIT_ID"
value="assignments[?(@.PrimaryWorkRelationFlag==true)].BusinessUnitId"/>
<entry key="ASSIGNMENT_DEPARTMENT_ID" value="assignments[?
(@.PrimaryWorkRelationFlag==true)].DepartmentId"/>
<entry key="ASSIGNMENT_EFFECTIVE_END_DATE"
value="assignments[?(@.PrimaryWorkRelationFlag==true)].EffectiveEndDate"/>
<entry key="ASSIGNMENT_EFFECTIVE_START_DATE"
value="assignments[?(@.PrimaryWorkRelationFlag==true)].EffectiveStartDate"/>
<entry key="ASSIGNMENT_JOB_ID" value="assignments[?
(@.PrimaryWorkRelationFlag==true)].JobId"/>
<entry key="ASSIGNMENT_LOCATION_ID" value="assignments[?
(@.PrimaryWorkRelationFlag==true)].LocationId"/>
<entry key="ASSIGNMENT_MANAGER_ID" value="assignments[?
(@.PrimaryWorkRelationFlag==true)].ManagerId"/>
<entry key="ASSIGNMENT_MANAGER_TYPE" value="assignments[?
(@.PrimaryWorkRelationFlag==true)].ManagerType"/>
<entry key="ASSIGNMENT_NAME" value="assignments[?
(@.PrimaryWorkRelationFlag==true)].AssignmentName"/>
<entry key="ASSIGNMENT_POSITION_ID" value="assignments[?
(@.PrimaryWorkRelationFlag==true)].PositionId"/>
<entry key="ASSIGNMENT_STATUS" value="assignments[?
(@.PrimaryWorkRelationFlag==true)].AssignmentStatus"/>
<entry key="ASSIGNMENT_TERMINATION_DATE"
value="assignments[?(@.PrimaryWorkRelationFlag==true)].ActualTerminationDate"/>
<entry key="ASSIGNMENT_WORKER_CATEGORY"
value="assignments[?(@.PrimaryWorkRelationFlag==true)].WorkerCategory"/>
<entry key="CITY" value="City"/>
<entry key="COUNTRY" value="Country"/>
<entry key="DISPLAY_NAME" value="DisplayName"/>
<entry key="FIRST_NAME" value="FirstName"/>
<entry key="HIRE_DATE" value="HireDate"/>
<entry key="HOME_TELEPHONE" value="HomePhoneNumber"/>
<entry key="LAST_NAME" value="LastName"/>
<entry key="LEGAL_ENTITY_ID" value="LegalEntityId"/>
<entry key="NATIONAL_ID" value="NationalId"/>
<entry key="NATIONAL_ID_EXPIRATION_DATE"
value="NationalIdExpirationDate"/>
<entry key="NATIONAL_ID_TYPE" value="NationalIdType"/>
<entry key="PERSON_NUMBER" value="PersonNumber"/>
<entry key="REGION" value="Region"/>
<entry key="TERMINATION_DATE" value="TerminationDate"/>
<entry key="USER_NAME" value="UserName"/>
<entry key="WORKER_TYPE" value="WorkerType"/>
<entry key="WORK_EMAIL" value="WorkEmail"/>
<entry key="WORK_MOBILE" value="WorkMobilePhoneNumber"/>
<entry key="WORK_TELEPHONE" value="WorkPhoneNumber"/>
</Map>
</value>
</entry>
<entry key="authenticationType" value="Basic"/>
<entry key="connectorClass"
value="openconnector.connector.oraclefusionhcm.OracleFusionHCMConnector"/>
<entry key="formPath" value="OracleFusionHCMConfigForm.xhtml"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="DISPLAY_NAME"
identityAttribute="PERSON_NUMBER" nativeObjectType="account" objectType="account">
<AttributeDefinition name="PERSON_NUMBER"
remediationModificationType="None" required="true" type="string">
<Description>Unique identifier of Person</Description>
</AttributeDefinition>
<AttributeDefinition name="DISPLAY_NAME"
remediationModificationType="None" required="true" type="string">
<Description>Person's display name</Description>
</AttributeDefinition>
<AttributeDefinition name="USER_NAME"
remediationModificationType="None" required="true" type="string">
<Description>User name of Person</Description>
</AttributeDefinition>
 <AttributeDefinition name="HOME_TELEPHONE"
remediationModificationType="None" type="string">
<Description>Person's home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="REGION"
remediationModificationType="None" type="string">
<Description>Person's region</Description>
</AttributeDefinition>
<AttributeDefinition name="TERMINATION_DATE"
remediationModificationType="None" type="string">
<Description>Person's termination date</Description>
</AttributeDefinition>
<AttributeDefinition name="CITY"
remediationModificationType="None" type="string">
<Description>Person's City</Description>
</AttributeDefinition>
<AttributeDefinition name="WORK_EMAIL"
remediationModificationType="None" type="string">
<Description>Primary work email of person</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKER_TYPE"
remediationModificationType="None" type="string">
<Description>Person type i.e. Employee,
Contingent</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_NAME"
remediationModificationType="None" type="string">
<Description>Person's primary assignment name</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_POSITION_ID"
remediationModificationType="None" type="string">
<Description>Person's primary assignment position
id</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_DEPARTMENT_ID"
remediationModificationType="None" type="string">
<Description>Person's primary assignment department
id</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_MANAGER_ID"
remediationModificationType="None" type="string">
<Description>Person's primary assignment manager
id</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_LOCATION_ID"
remediationModificationType="None" type="string">
<Description>Person's primary assignment location
id</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_ACTION_CODE"
remediationModificationType="None" type="string">
<Description>Person's primary assignment's action code i.e.
HIRE</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_TERMINATION_DATE"
remediationModificationType="None" type="string">
<Description>Person's primary assignment termination
date</Description>
</AttributeDefinition>
 <AttributeDefinition name="ASSIGNMENT_JOB_ID"
remediationModificationType="None" type="string">
<Description> Person's primary assignment job id</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_BUSINESS_UNIT_ID"
remediationModificationType="None" type="string">
<Description>Person's primary assignment business unit
id</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_WORKER_CATEGORY"
remediationModificationType="None" type="string">
<Description>Person's primary assignment worker
category</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_MANAGER_TYPE"
remediationModificationType="None" type="string">
<Description>Person's primary assignment's manager
type</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_EFFECTIVE_START_DATE"
remediationModificationType="None" type="string">
<Description>Person's primary assignment effective start
date</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_EFFECTIVE_END_DATE"
remediationModificationType="None" type="string">
<Description>Person's primary assignment effective end
date</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_STATUS"
remediationModificationType="None" type="string">
<Description>Person's primary assignment status</Description>
</AttributeDefinition>
<AttributeDefinition name="LEGAL_ENTITY_ID"
remediationModificationType="None" type="string">
<Description>Id of legal employer's legal entity</Description>
</AttributeDefinition>
<AttributeDefinition name="NATIONAL_ID_TYPE"
remediationModificationType="None" type="string">
<Description>Type of person's national Id</Description>
</AttributeDefinition>
<AttributeDefinition name="NATIONAL_ID"
remediationModificationType="None" type="string">
<Description>Person's national Id</Description>
</AttributeDefinition>
<AttributeDefinition name="NATIONAL_ID_EXPIRATION_DATE"
remediationModificationType="None" type="string">
<Description>Person's national Id expiration date</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_NAME"
remediationModificationType="None" type="string">
<Description>Last name of Person</Description>
</AttributeDefinition>
<AttributeDefinition name="FIRST_NAME"
remediationModificationType="None" type="string">
<Description>First name of Person</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDRESS_LINE_1"
remediationModificationType="None" type="string">
 <Description>Address line number 1</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDRESS_LINE_2"
remediationModificationType="None" type="string">
<Description>Address line number 2</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDRESS_LINE_3"
remediationModificationType="None" type="string">
<Description>Address line number 3</Description>
</AttributeDefinition>
<AttributeDefinition name="HIRE_DATE"
remediationModificationType="None" type="string">
<Description>Person's hire date</Description>
</AttributeDefinition>
<AttributeDefinition name="COUNTRY"
remediationModificationType="None" type="string">
<Description>Person' Country </Description>
</AttributeDefinition>
<AttributeDefinition name="WORK_TELEPHONE"
remediationModificationType="None" type="string">
<Description>Person' telephone number of type work
</Description>
</AttributeDefinition>
<AttributeDefinition name="WORK_MOBILE"
remediationModificationType="None" type="string">
<Description>Person' mobile number of type work </Description>
</AttributeDefinition>
<AttributeDefinition name="FUTURE_DATE"
remediationModificationType="None" type="string">
<Description>Person's future hire or termination date
</Description>
</AttributeDefinition>
<AttributeDefinition name="FUTURE_ACTION"
remediationModificationType="None" type="string">
<Description>Person's future action</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, ENABLE, UNLOCK, SEARCH,
UNSTRUCTURED_TARGETS, PASSWORD, CURRENT_PASSWORD" icon="enterpriseIcon" name="AIX -
Direct" type="AIX - Direct">
<Attributes>
<Map>
<entry key="NoOutput" value="none"/>
<entry key="PasswdBasicErrors">
<value>
<Map>
<entry key="You are not authorized to change" value="You
are not authorized to change password"/>
<entry key="passwd: not found." value="passwd: not
found."/>
<entry key="sudo: not found." value="sudo: not found."/>
</Map>
</value>
</entry>
<entry key="PasswdErrors">
<value>
 <Map>
<entry key="BAD PASSWORD: is too similar to the old one"
value="BAD PASSWORD: Password is too similar to the old one."/>
<entry key="BAD PASSWORD: it is based on a dictionary word"
value="BAD PASSWORD: Password is based on a dictionary word."/>
<entry key="Error changing password" value="Error changing
password."/>
<entry key="Password read timed out." value="Password read
timed out."/>
<entry key="Sorry, passwords do not match."
value="Passwords do not match."/>
<entry key="Sorry, try again." value="Invalid sudo user
password."/>
<entry key="is not in the sudoers file. This incident will
be reported." value="sudo user not configured."/>
<entry key="passwd: Authentication token manipulation
error" value="Invalid current user password."/>
</Map>
</value>
</entry>
<entry key="PasswdPrompts">
<value>
<Map>
<entry key="0">
<value>
<Map>
<entry key="Old password:" value="CurrentPassword"/>
</Map>
</value>
</entry>
<entry key="1">
<value>
<Map>
<entry key="New password:" value="NewPassword"/>
</Map>
</value>
</entry>
<entry key="2">
<value>
<Map>
<entry key="Enter the new password again:"
value="NewPassword"/>
</Map>
</value>
</entry>
<entry key="3">
<value>
<Map>
<entry key="new password:" value="NewPassword"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="PasswdSuccess">
<value>
<List>
<String>none</String>
 </List>
</value>
</entry>
<entry key="Prompt" value="SAILPOINT>"/>
<entry key="SSHLoginTimeout" value="1000"/>
<entry key="SetPrompt" value="PS1=&apos;SAILPOINT>&apos;"/>
<entry key="SudoBasicError" value="sudo: Command not found."/>
<entry key="SudoBasicErrorCode" value="127"/>
<entry key="SudoError" value="Sorry, try again."/>
<entry key="SudoErrorCode" value="1"/>
<entry key="aggregate.account" value="lsuser -R files ALL"/>
<entry key="aggregate.group" value="lsgroup -R files ALL"/>
<entry key="change.password" value="passwd"/>
<entry key="chmod g-">
<value>
<Map>
<entry key="flags">
<value>
<Map>
<entry key="execute" value="x"/>
<entry key="read" value="r"/>
<entry key="write" value="w"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="chmod u-">
<value>
<Map>
<entry key="flags">
<value>
<Map>
<entry key="execute" value="x"/>
<entry key="read" value="r"/>
<entry key="write" value="w"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="connect" value="ssh"/>
<entry key="connectorClass"
value="openconnector.connector.unix.AIXConnector"/>
<entry key="create.account" value="mkuser"/>
<entry key="create.group" value="mkgroup"/>
<entry key="delete.account" value="userdel"/>
<entry key="delete.group" value="rmgroup"/>
<entry key="disable.account" value="chuser account_locked=true"/>
<entry key="echo &apos;TestConnection&apos;">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="Success" value="TestConnection"/>
</Map>
 </value>
</entry>
</Map>
</value>
</entry>
<entry key="enable.account" value="chuser account_locked=false"/>
<entry key="encrypted"
value="SudoUserPassword,PassphraseForPrivateKey"/>
<entry key="formPath" value="UnixAttributesForm.xhtml"/>
<entry key="get.group" value="lsgroup"/>
<entry key="get.oldaccountval" value="lsuser -a"/>
<entry key="get.oldgroupval" value="lsgroup -a"/>
<entry key="modify.account" value="chuser"/>
<entry key="modify.group" value="chgroup"/>
<entry key="password.lastupdate" value="lsuser -a lastupdate"/>
<entry key="read.account" value="lsuser"/>
<entry key="remove.account.permission" value="chmod u-"/>
<entry key="remove.group.permission" value="chmod g-"/>
<entry key="remove.remotefile" value="\rm -f"/>
<entry key="retryableErrors">
<value>
<List>
<String>Login failed</String>
</List>
</value>
</entry>
<entry key="setDelay" value="1"/>
<entry key="sshTimeOut" value="120000"/>
<entry key="sshWaitTime" value="500"/>
<entry key="testconnection" value="echo
&apos;TestConnection&apos;"/>
<entry key="unlock.account" value="chuser
unsuccessful_login_count=0"/>
<entry key="userdel">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="Cannot update the /etc/group
or /etc/user_attr file but the login is removed from the /etc/passwd file."/>
<entry key="12" value="Cannot remove or otherwise
modify the home directory."/>
<entry key="2" value="Invalid command syntax. A usage
message for the userdel command is displayed."/>
<entry key="6" value="The account to be removed does
not exist."/>
<entry key="8" value="The account to be removed is in
use."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="removeHome" value="-r"/>
</Map>
</value>
</entry>
 </Map>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_form_aix_direct_username"
helpKey="help_con_aix_direct_username" name="User Name" required="true"
type="string"/>
<Field displayName="con_form_aix_direct_userid"
helpKey="help_con_aix_direct_userid" name="id" reviewRequired="true"
type="string"/>
<Field displayName="con_form_aix_direct_password"
helpKey="help_con_aix_direct_password" name="password" reviewRequired="true"
type="secret"/>
<Field displayName="con_form_aix_direct_group"
helpKey="help_con_aix_direct_group" name="pgrp" reviewRequired="true"
type="string"/>
<Field displayName="con_form_aix_direct_home"
helpKey="help_con_aix_direct_home" name="home" reviewRequired="true"
type="string"/>
<Field displayName="con_form_aix_direct_shell"
helpKey="help_con_aix_direct_shell" name="shell" reviewRequired="true"
type="string"/>
<Field displayName="con_form_aix_direct_description"
helpKey="help_con_aix_direct_descrp" name="gecos" reviewRequired="true"
type="string"/>
<Field displayName="con_form_aix_direct_login"
helpKey="help_con_aix_direct_login" name="login" reviewRequired="true"
type="string"/>
<Field displayName="con_form_aix_direct_rlogin"
helpKey="help_con_aix_direct_rlogin" name="rlogin" reviewRequired="true"
type="string"/>
<Field displayName="con_form_aix_direct_su"
helpKey="help_con_aix_direct_su" name="su" reviewRequired="true" type="string"/>
<Field displayName="con_form_aix_direct_admin"
helpKey="help_con_aix_direct_admin" name="admin" reviewRequired="true"
type="string"/>
<Field displayName="con_form_aix_direct_sugroups"
helpKey="help_con_aix_direct_sugroup" multi="true" name="sugroups"
reviewRequired="true" type="string"/>
<Field displayName="con_form_aix_direct_admgroups"
helpKey="help_con_aix_direct_admgrp" multi="true" name="admgroups"
reviewRequired="true" type="string"/>
<Field displayName="con_form_aix_direct_umask"
helpKey="help_con_aix_direct_umask" name="umask" reviewRequired="true"
type="string"/>
<Field displayName="con_form_aix_direct_default_roles"
helpKey="help_con_aix_direct_role" multi="true" name="default_roles"
reviewRequired="true" type="string"/>
</Form>
<Form name="create group" objectType="group" type="Create">
<Field displayName="con_form_aix_direct_groupname"
helpKey="help_con_aix_direct_grpname" name="Group Name" required="true"
type="string"/>
<Field displayName="con_form_aix_direct_groupid"
helpKey="help_con_aix_direct_grpid" name="id" reviewRequired="true" type="string"/>
<Field displayName="con_form_aix_direct_users"
helpKey="help_con_aix_direct_users" multi="true" name="users" reviewRequired="true"
type="string"/>
</Form>
<Form name="update group" objectType="group" type="Update">
<Field displayName="con_form_aix_direct_groupid"
helpKey="help_con_aix_direct_grpid" name="id" reviewRequired="true" type="string"/>
<Field displayName="con_form_aix_direct_users"
helpKey="help_con_aix_direct_users" multi="true" name="users" reviewRequired="true"
type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="User Name" identityAttribute="User Name"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="User Name"
remediationModificationType="None" required="true" type="string">
<Description>Name of User</Description>
</AttributeDefinition>
<AttributeDefinition name="id" remediationModificationType="None"
required="true" type="string">
<Description>User Id</Description>
</AttributeDefinition>
<AttributeDefinition name="pgrp"
remediationModificationType="None" type="string">
<Description>Primary Group of the User</Description>
</AttributeDefinition>
<AttributeDefinition name="home"
remediationModificationType="None" type="string">
<Description>Home Directory</Description>
</AttributeDefinition>
<AttributeDefinition name="gecos"
remediationModificationType="None" type="string">
<Description>Description</Description>
</AttributeDefinition>
<AttributeDefinition name="shell"
remediationModificationType="None" type="string">
<Description>Shell</Description>
</AttributeDefinition>
<AttributeDefinition name="login"
remediationModificationType="None" type="string">
<Description>Indicates whether the user can log in to the
system with the login command</Description>
</AttributeDefinition>
<AttributeDefinition name="su" remediationModificationType="None"
required="true" type="string">
<Description>Indicates whether another user can switch to the
specified user account with the su command</Description>
</AttributeDefinition>
<AttributeDefinition name="rlogin"
remediationModificationType="None" required="true" type="string">
<Description>Permits access to the account from a remote
location with the telnet or rlogin commands</Description>
</AttributeDefinition>
<AttributeDefinition name="daemon"
remediationModificationType="None" required="true" type="string">
<Description>Indicates whether the user specified by the Name
parameter can run programs using the cron daemon or the src (system resource
controller) daemon</Description>
</AttributeDefinition>
 <AttributeDefinition name="dce_export"
remediationModificationType="None" required="true" type="string">
<Description>Allows the DCE registry to overwrite the local
user information with the DCE user information during a DCE export
operation</Description>
</AttributeDefinition>
<AttributeDefinition name="admin"
remediationModificationType="None" required="true" type="string">
<Description>Administrative status of the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="sugroups"
remediationModificationType="None" required="true" type="string">
<Description>Defines the groups that can use the su command to
switch to the specified user account</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="admgroups"
remediationModificationType="None" required="true" type="string">
<Description>Defines the groups that the user
administrates</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="tpath"
remediationModificationType="None" required="true" type="string">
<Description>Indicates the user's trusted path
status</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ttys"
remediationModificationType="None" required="true" type="string">
<Description>Defines the terminals that can access the account
specified by the Name parameter</Description>
</AttributeDefinition>
<AttributeDefinition name="expires"
remediationModificationType="None" type="string">
<Description>Identifies the expiration date of the
account</Description>
</AttributeDefinition>
<AttributeDefinition name="auth1"
remediationModificationType="None" type="string">
<Description>Defines the primary methods for authenticating the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="auth2"
remediationModificationType="None" type="string">
<Description>Defines the secondary methods used to authenticate
the user</Description>
</AttributeDefinition>
<AttributeDefinition name="umask"
remediationModificationType="None" type="string">
<Description>Determines file permissions</Description>
</AttributeDefinition>
<AttributeDefinition name="registry"
remediationModificationType="None" type="string">
<Description>Registry</Description>
</AttributeDefinition>
<AttributeDefinition name="SYSTEM"
remediationModificationType="None" type="string">
<Description>SYSTEM</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="logintimes"
remediationModificationType="None" type="string">
 <Description>Defines the days and times that the user is
allowed to access the system</Description>
</AttributeDefinition>
<AttributeDefinition name="loginretries"
remediationModificationType="None" type="string">
<Description>Defines the number of unsuccessful login attempts
allowed after the last successful login before the system locks the
account</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdwarntime"
remediationModificationType="None" type="string">
<Description>Defines the number of days before the system
issues a warning that a password change is required</Description>
</AttributeDefinition>
<AttributeDefinition name="account_locked"
remediationModificationType="None" type="string">
<Description>Indicates if the user account is
locked</Description>
</AttributeDefinition>
<AttributeDefinition name="minage"
remediationModificationType="None" type="string">
<Description>Defines the minimum age (in weeks) a password must
be before it can be changed</Description>
</AttributeDefinition>
<AttributeDefinition name="maxage"
remediationModificationType="None" type="string">
<Description>Defines the maximum age (in weeks) of a
password</Description>
</AttributeDefinition>
<AttributeDefinition name="maxexpired"
remediationModificationType="None" type="string">
<Description>Defines the maximum time (in weeks) beyond the
maxage value that a user can change an expired password</Description>
</AttributeDefinition>
<AttributeDefinition name="minalpha"
remediationModificationType="None" type="string">
<Description>Defines the minimum number of alphabetic
characters that must be in a new password</Description>
</AttributeDefinition>
<AttributeDefinition name="minother"
remediationModificationType="None" type="string">
<Description>Defines the minimum number of non-alphabetic
characters that must be in a new password</Description>
</AttributeDefinition>
<AttributeDefinition name="mindiff"
remediationModificationType="None" type="string">
<Description>Defines the minimum number of characters required
in a new password that were not in the old password</Description>
</AttributeDefinition>
<AttributeDefinition name="maxrepeats"
remediationModificationType="None" type="string">
<Description>Defines the maximum number of times a character
can be repeated in a new password</Description>
</AttributeDefinition>
<AttributeDefinition name="minlen"
remediationModificationType="None" type="string">
<Description>Defines the minimum length of a
password</Description>
</AttributeDefinition>
 <AttributeDefinition name="histexpire"
remediationModificationType="None" type="string">
<Description>Defines the period of time (in weeks) that a user
cannot reuse a password</Description>
</AttributeDefinition>
<AttributeDefinition name="histsize"
remediationModificationType="None" type="string">
<Description>Defines the number of previous passwords a user
cannot reuse</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="pwdchecks"
remediationModificationType="None" type="string">
<Description>Defines the password restriction methods enforced
on new passwords</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="dictionlist"
remediationModificationType="None" type="string">
<Description>Defines the password dictionaries</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="default_roles"
remediationModificationType="None" type="string">
<Description>Specifies the default roles for the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="fsize"
remediationModificationType="None" type="string">
<Description>Defines the soft limit for the largest file a
user's process can create or extend</Description>
</AttributeDefinition>
<AttributeDefinition name="cpu"
remediationModificationType="None" type="string">
<Description>Identifies the soft limit for the largest amount
of system unit time (in seconds) that a user's process can use</Description>
</AttributeDefinition>
<AttributeDefinition name="data"
remediationModificationType="None" type="string">
<Description>Specifies the soft limit for the largest data
segment for a user's process</Description>
</AttributeDefinition>
<AttributeDefinition name="stack"
remediationModificationType="None" type="string">
<Description>Specifies the soft limit for the largest process
stack segment for a user's process</Description>
</AttributeDefinition>
<AttributeDefinition name="core"
remediationModificationType="None" type="string">
<Description>Specifies the soft limit for the largest core file
a user's process can create</Description>
</AttributeDefinition>
<AttributeDefinition name="rss"
remediationModificationType="None" type="string">
<Description>The soft limit for the largest amount of physical
memory a user's process can allocate</Description>
</AttributeDefinition>
<AttributeDefinition name="nofiles"
remediationModificationType="None" type="string">
<Description>Defines the soft limit for the number of file
descriptors a user process may have open at one time</Description>
</AttributeDefinition>
 <AttributeDefinition name="stack_hard"
remediationModificationType="None" type="string">
<Description>Specifies the largest process stack segment of a
user's process</Description>
</AttributeDefinition>
<AttributeDefinition name="time_last_login"
remediationModificationType="None" type="string">
<Description>Specifies the number of seconds since the epoch
(00:00:00 GMT, January 1, 1970) since the last successful login</Description>
</AttributeDefinition>
<AttributeDefinition name="tty_last_login"
remediationModificationType="None" type="string">
<Description>Specifies the terminal on which the user last
logged in</Description>
</AttributeDefinition>
<AttributeDefinition name="host_last_login"
remediationModificationType="None" type="string">
<Description>Specifies the host from which the user last logged
in</Description>
</AttributeDefinition>
<AttributeDefinition name="unsuccessful_login_count"
remediationModificationType="None" type="string">
<Description>Specifies the number of unsuccessful login
attempts since the last successful login</Description>
</AttributeDefinition>
<AttributeDefinition name="lastPasswordUpdated"
remediationModificationType="None" type="string">
<Description>Specifies the time when user's password last
updated.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" remediationModificationType="None" type="string">
<Description>The administrative roles for this
user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Identifies the groups to which user
belongs</Description>
</AttributeDefinition>
<AttributeDefinition name="host_last_unsuccessful_login"
remediationModificationType="None" type="string">
<Description>Identifies last unsuccessful login of
host</Description>
</AttributeDefinition>
<AttributeDefinition name="time_last_unsuccessful_login"
remediationModificationType="None" type="string">
<Description>Identifies last unsuccessful login
time</Description>
</AttributeDefinition>
<AttributeDefinition name="minloweralpha"
remediationModificationType="None" type="string">
<Description>Defines the minimum number of alphabetic
characters in lowercase that must be in a new password</Description>
</AttributeDefinition>
<AttributeDefinition name="minupperalpha"
remediationModificationType="None" type="string">
<Description>Defines the minimum number of alphabetic
characters in uppercase that must be in a new password</Description>
</AttributeDefinition>
<AttributeDefinition name="minspecialchar"
remediationModificationType="None" type="string">
<Description>Defines the minimum number of special characters
that must be in a new password</Description>
</AttributeDefinition>
<AttributeDefinition name="mindigit"
remediationModificationType="None" type="string">
<Description>Defines the minimum number of digit that must be
in a new password</Description>
</AttributeDefinition>
<AttributeDefinition name="tty_last_unsuccessful_login"
remediationModificationType="None" type="string">
<Description>Identifies last unsuccessful login of host from
tty</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="Group Name" featuresString="PROVISIONING"
identityAttribute="Group Name" nativeObjectType="group" objectType="group">
<AttributeDefinition name="Group Name"
remediationModificationType="None" type="string">
<Description>Name of Group</Description>
</AttributeDefinition>
<AttributeDefinition name="admin"
remediationModificationType="None" type="string">
<Description>Defines the administrative status of the
group</Description>
</AttributeDefinition>
<AttributeDefinition name="id" remediationModificationType="None"
type="string">
<Description>The group ID</Description>
</AttributeDefinition>
<AttributeDefinition name="registry"
remediationModificationType="None" type="string">
<Description>Registry</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="users"
remediationModificationType="None" required="true" type="string">
<Description>A list of one or more users in the form:
User1,User2,...,Usern. Separate group member names with commas</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LDAPConnector"
featuresString="AUTHENTICATE, MANAGER_LOOKUP, SEARCH, PROVISIONING,
SYNC_PROVISIONING" icon="directory2Icon" name="LDAP Template" type="LDAP">
<Attributes>
<Map>
<entry key="enableaccountattr"/>
<entry key="formPath" value="ldapAttributesForm.xhtml"/>
<entry key="groupEntitlementAttr" value="groups"/>
<entry key="passwordAttr" value="userPassword"/>
<entry key="restoreAction"/>
<entry key="restoreAttr"/>
<entry key="restoreVal"/>
<entry key="revokeAttr"/>
<entry key="revokeVal"/>
 </Map>
</Attributes>
<ProvisioningForms>
<Form name="Account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ldap_user_DN"
helpKey="help_con_prov_policy_ldap_user_DN" name="dn" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_password"
helpKey="help_con_prov_policy_ldap_password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_ldap_full_name"
helpKey="help_con_prov_policy_ldap_full_name" name="CN" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_first_name"
helpKey="help_con_prov_policy_ldap_first_name" name="givenName"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_last_name"
helpKey="help_con_prov_policy_ldap_last_name" name="SN" required="true" section=""
type="string"/>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field displayName="con_prov_policy_ldap_owner" name="owner"
type="string"/>
<Field displayName="con_prov_policy_ldap_common_name" name="cn"
type="string"/>
<Field displayName="con_prov_policy_ldap_object_class"
multi="true" name="objectClass" type="string">
<DefaultValue>
<List>
<String>top</String>
<String>groupOfUniqueNames</String>
</List>
</DefaultValue>
</Field>
<Field displayName="con_prov_policy_ldap_description"
name="description" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="cn" identityAttribute="dn"
nativeObjectType="inetOrgPerson" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
<Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups a user is a member</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
<Description>home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationaliSDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
 <AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
</AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="roomNumber" type="string">
<Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street address of this object</Description>
 </AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
<Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
<Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>object classes of the entity</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="cn"
featuresString="PROVISIONING" identityAttribute="dn"
nativeObjectType="groupOfUniqueNames" objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="uniqueMember"/>
</Map>
</Attributes>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LDAPConnector"
featuresString="AUTHENTICATE, CURRENT_PASSWORD, PROVISIONING, SYNC_PROVISIONING,
ENABLE, UNLOCK, PASSWORD, MANAGER_LOOKUP, SEARCH" icon="directory2Icon"
name="Oracle Internet Directory - Direct Template" type="Oracle Internet Directory
- Direct">
<Attributes>
 <Map>
<entry key="formPath" value="ldapAttributesForm.xhtml"/>
<entry key="groupEntitlementAttr" value="groups"/>
<entry key="keystore"/>
<entry key="lockAttr" value="pwdaccountlockedtime"/>
<entry key="passwordAttr" value="userPassword"/>
<entry key="restoreAttr" value="orclIsEnabled"/>
<entry key="restoreVal" value="DISABLED"/>
<entry key="revokeAttr" value="orclIsEnabled"/>
<entry key="revokeVal" value="DISABLED"/>
<entry key="unlockAction" value="add"/>
<entry key="unlockAttr" value="orclpwdaccountunlock"/>
<entry key="unlockVal" value="1"/>
</Map>
</Attributes>
<ProvisioningConfig>
<PlanInitializerScript>
<Source>
import sailpoint.object.*;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.Operation;
import java.util.ArrayList;
import java.util.List;
List accountRequests = plan.getAccountRequests();
if(accountRequests != null)
{
for (AccountRequest acctReq : accountRequests)
{
AccountRequest.Operation op = acctReq.getOperation();
if(op == AccountRequest.Operation.Create)
{
List attrRequests =acctReq.getAttributeRequests();
AccountRequest.Operation op = acctReq.getOperation();
if(op == AccountRequest.Operation.Create)
{
if(attrRequests != null)
{
if(!attrRequests.contains("objectclass"))
{
List objectClasses = new ArrayList();
objectClasses.add("inetorgperson");
objectClasses.add("orclUser");
objectClasses.add("orclUserV2");
attrRequests.add(new
AttributeRequest("objectclass",objectClasses));
}
}
}
}
}
}
</Source>
</PlanInitializerScript>
</ProvisioningConfig>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ldap_user_DN"
helpKey="help_con_prov_policy_ldap_user_DN" name="dn" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_password"
helpKey="help_con_prov_policy_ldap_password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_ldap_full_name"
helpKey="help_con_prov_policy_ldap_full_name" name="CN" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_first_name"
helpKey="help_con_prov_policy_ldap_first_name" name="givenName"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_last_name"
helpKey="help_con_prov_policy_ldap_last_name" name="SN" required="true" section=""
type="string"/>
</Form>
<Form name="group create" objectType="group" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="edit group" objectType="group" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="cn" identityAttribute="dn"
nativeObjectType="inetOrgPerson" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
 </AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
<Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups a user is a member</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
<Description>home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationaliSDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
 </AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdReset" type="string">
<Description>specifies whether the password has been reset by
admin</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="roomNumber" type="string">
<Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street address of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
<Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
 <Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>object classes of the entity</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="cn"
featuresString="PROVISIONING" identityAttribute="dn"
nativeObjectType="groupOfUniqueNames" objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="uniqueMember"/>
</Map>
</Attributes>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, AUTHENTICATE, SEARCH, UNLOCK, ENABLE, PASSWORD,
CURRENT_PASSWORD, DIRECT_PERMISSIONS, SYNC_PROVISIONING" icon="enterpriseIcon"
name="RSA Template" type="RSA Authentication Manager - Direct">
<Attributes>
<Map>
<entry key="connector-classpath">
<value>
<List>
<String>/lib/am-client.jar</String>
<String>/lib/ognl-3.0.8.jar</String>
<String>/lib/iScreen-ognl-2-0-0.jar</String>
<String>/lib-connectors/spring-4.3.23/</String>
</List>
</value>
</entry>
<entry key="connectorClass"
value="openconnector.connector.RSAConnector"/>
<entry key="encrypted" value="cmdClientPassword"/>
<entry key="formPath" value="RSAAttributesForm.xhtml"/>
</Map>
 </Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_UserID"
helpKey="help_con_prov_policy_UserID" name="userID" required="true" type="string"/>
<Field displayName="con_prov_policy_Password"
helpKey="help_con_prov_policy_RsaPassword" name="password" required="true"
type="secret"/>
<Field displayName="con_prov_policy_LastName"
helpKey="help_con_prov_policy_LastName" name="lastName" required="true"
type="string"/>
<Field displayName="con_prov_policy_FirstName"
helpKey="help_con_prov_policy_FirstName" name="firstName" reviewRequired="true"
type="string"/>
<Field displayName="con_prov_policy_Email"
helpKey="help_con_prov_policy_RsaEmail" name="email" reviewRequired="true"
type="string"/>
<Field displayName="con_prov_policy_ChangePassAtNextLogon"
helpKey="help_con_prov_policy_forceChangePassword" name="forceChangePassword"
reviewRequired="true" type="boolean" value="false"/>
<Field displayName="con_prov_policy_AssignNextToken"
helpKey="help_con_prov_policy_AssignNextToken" name="nextAvailableToken"
reviewRequired="true" type="boolean" value="false"/>
</Form>
<Form name="update group" objectType="group" type="Update">
<Field displayName="con_prov_policy_GroupName"
helpKey="help_con_prov_policy_GroupName" name="groupName" required="true"
type="string"/>
<Field displayName="con_prov_policy_Notes"
helpKey="help_con_prov_policy_Description" name="notes" type="string"/>
<Field displayName="con_prov_policy_SecurityDomain"
helpKey="help_con_prov_policy_SecurityDomain" name="securityDomain" readOnly="true"
type="string"/>
<Field displayName="con_prov_policy_IdentitySource"
helpKey="help_con_prov_policy_IdentitySource" name="identitySource" readOnly="true"
type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="userID" identityAttribute="guid"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="userID" type="string">
<Description>name by which the entity is known by</Description>
</AttributeDefinition>
<AttributeDefinition name="firstName" type="string">
<Description>first name of the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="middleName" type="string">
<Description>middle name of the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="lastName" type="string">
<Description>last name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="notes" type="string">
<Description>notes or description for the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="email" type="string">
<Description>Email of the entity</Description>
 </AttributeDefinition>
<AttributeDefinition name="guid" type="string">
<Description>Guid of the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="certificateDN" type="string">
<Description>certificate DN of the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="securityDomain" type="string">
<Description>Security Domain Name to which entity
belongs</Description>
</AttributeDefinition>
<AttributeDefinition name="identitySource" type="string">
<Description>Identity Source Name to which entity
belongs</Description>
</AttributeDefinition>
<AttributeDefinition name="lastModifiedBy" type="string">
<Description>Admin or user which modified the entity last
time</Description>
</AttributeDefinition>
<AttributeDefinition name="lastModifiedOn" type="string">
<Description>Last time when the entity was
modified</Description>
</AttributeDefinition>
<AttributeDefinition name="accountStartDate" type="string">
<Description>Time when the entity was created</Description>
</AttributeDefinition>
<AttributeDefinition name="accountExpireDate" type="string">
<Description>Time when the entity will get
expired</Description>
</AttributeDefinition>
<AttributeDefinition name="lastLogin" type="string">
<Description>Last time when the entity was logged
in</Description>
</AttributeDefinition>
<AttributeDefinition name="forceChangePassword" type="boolean">
<Description>Whether or not user need to change the password
during next logon</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" type="string">
<Description>roles</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>Group Membership</Description>
</AttributeDefinition>
<AttributeDefinition name="Mobile Number" type="string">
<Description>Mobile Number of the entity</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="notes" displayAttribute="groupName"
featuresString="PROVISIONING" identityAttribute="guid" nativeObjectType="group"
objectType="group">
<AttributeDefinition name="groupName" type="string">
<Description>name by which the entity is known by</Description>
</AttributeDefinition>
<AttributeDefinition name="notes" type="string">
<Description>notes or description for the entity</Description>
</AttributeDefinition>
 <AttributeDefinition name="guid" type="string">
<Description>Guid of the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="identitySource" type="string">
<Description>Identity Source to which entity
belongs</Description>
</AttributeDefinition>
<AttributeDefinition name="securityDomain" type="string">
<Description>Security Domain to which entity
belongs</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.sm.SMConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING, SEARCH, UNSTRUCTURED_TARGETS,
UNLOCK, ENABLE, PASSWORD" icon="mainframeIcon" name="ACF2" type="ACF2 - Full">
<Attributes>
<Map>
<entry key="IBMcharacterSet" value="IBM1047"/>
<entry key="MscsType" value="ACF2"/>
<entry key="fieldDelimiter" value="#"/>
<entry key="formPath"
value="SMWithoutContainerAttributesForm.xhtml"/>
<entry key="listDelimiter" value=";"/>
<entry key="splAccountAttributes">
<value>
<Map>
<entry key="RU_LOCKED" value="false"/>
<entry key="RU_SUSPENDED" value="false"/>
</Map>
</value>
</entry>
<entry key="splAceAttributes">
<value>
<Map>
<entry key="ACCESS" value="false"/>
<entry key="ACTIVE" value="false"/>
<entry key="ALLOC" value="false"/>
<entry key="DATA" value="false"/>
<entry key="DDN" value="false"/>
<entry key="EXEC" value="false"/>
<entry key="FOR" value="false"/>
<entry key="LIB" value="false"/>
<entry key="NEXTKEY" value="false"/>
<entry key="PGM" value="false"/>
<entry key="READ" value="false"/>
<entry key="RECCHECK" value="false"/>
<entry key="RESMASK" value="false"/>
<entry key="SERVICE" value="true"/>
<entry key="SHIFT" value="false"/>
<entry key="SOURCE" value="false"/>
<entry key="UID" value="false"/>
<entry key="UNTIL" value="false"/>
<entry key="VERIFY" value="false"/>
<entry key="VOL" value="false"/>
<entry key="WRITE" value="false"/>
</Map>
</value>
 </entry>
<entry key="splResourceAttributes">
<value>
<Map>
<entry key="CHANGE" value="true"/>
<entry key="COPYRES" value="false"/>
<entry key="DATELAST" value="false"/>
<entry key="DATEUSER" value="false"/>
<entry key="MODE" value="false"/>
<entry key="NEXTKEYS" value="true"/>
<entry key="NOSORT" value="false"/>
<entry key="OWNER" value="false"/>
<entry key="PREFIX" value="false"/>
<entry key="RCHANGE" value="true"/>
<entry key="RECNAME" value="false"/>
<entry key="RESMODEL" value="false"/>
<entry key="RESOWNER" value="false"/>
<entry key="USERDATA" value="false"/>
</Map>
</value>
</entry>
<entry key="splTargetPermissionsInterestingKwds">
<value>
<Map>
<entry key="ACCESS" value="false"/>
<entry key="ACTIVE" value="false"/>
<entry key="ALLOC" value="false"/>
<entry key="DATA" value="false"/>
<entry key="DDN" value="false"/>
<entry key="EXEC" value="false"/>
<entry key="FOR" value="false"/>
<entry key="LIB" value="false"/>
<entry key="NEXTKEY" value="false"/>
<entry key="PGM" value="false"/>
<entry key="READ" value="false"/>
<entry key="RECCHECK" value="false"/>
<entry key="RESMASK" value="false"/>
<entry key="SERVICE" value="false"/>
<entry key="SHIFT" value="false"/>
<entry key="SOURCE" value="false"/>
<entry key="UID" value="false"/>
<entry key="UNTIL" value="false"/>
<entry key="VERIFY" value="false"/>
<entry key="VOL" value="false"/>
<entry key="WRITE" value="false"/>
</Map>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningConfig>
<PlanInitializerScript>
<Source>
import java.util.*;
import sailpoint.object.ProvisioningPlan.ObjectOperation;
import sailpoint.object.ProvisioningPlan.ObjectRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.GenericRequest;
 import sailpoint.api.*;
import sailpoint.object.*;
import sailpoint.tools.*;

List accounts = plan.getAccountRequests();

if (accounts != null) {
for (AccountRequest req : accounts) {
AccountRequest.Operation op = req.getOperation();
if (op == AccountRequest.Operation.Create) {
String userId = req.getNativeIdentity();
if (userId != null) {
req.setNativeIdentity(userId.toUpperCase());
}
}
if (op == AccountRequest.Operation.Enable) {
AttributeRequest att = new
AttributeRequest("REVOKE_TYPE", "SUSPEND");
req.add(att);
}
if (op == AccountRequest.Operation.Disable) {
AttributeRequest att = new
AttributeRequest("REVOKE_TYPE", "SUSPEND");
req.add(att);
}
if(context != null)
{
IdentityService identityService = new
IdentityService(context);
application = context.getObject(Application.class,
req.getApplicationName());
if(application != null)
{
String shouldUseMSAdminDefined = (String)
application.getAttributeValue("useMSAdminDefined");
String msAdmin=null;
if(Util.isNotNullOrEmpty(shouldUseMSAdminDefined))
{
if(shouldUseMSAdminDefined.equals("Y"))
{
List idnList = plan.getRequesters();
if(idnList!=null)
{
if(!idnList.isEmpty())
{
Identity idn=(Identity) idnList.get(0);
List lnkList = identityService.getLinks(idn,
application);
if(lnkList!=null)
{
if(!lnkList.isEmpty())
{
Link lnk = (Link) lnkList.get(0);
//System.out.println("Adding msAdmin in
provisioning plan.");
req.addArgument("msAdmin",
lnk.getDisplayableName());
}
}
else
 System.out.println("Requester does not have
a link from application " + application.getName());
}
}
else
System.out.println("No requester found.");
}
}
//else
//System.out.println("shouldUseMSAdminDefined is
not set to Y");
}
}
}
}
List groups = plan.getObjectRequests();
if (groups != null) {
for (ObjectRequest req : groups) {
ObjectOperation op = req.getOp();
if (op == ObjectOperation.Create){
String groupId = req.getNativeIdentity();
if (groupId != null){

req.setNativeIdentity(groupId.toUpperCase());
}
}
if(context != null) {
application =
context.getObject(Application.class, req.getApplicationName());
}
List attrRequests = req.getAttributeRequests();
if(attrRequests != null) {
if(application != null) {
Schema grpSchema =
application.getSchema("group");
if(grpSchema != null) {
if(grpSchema.getAttributeNames() !=
null) {
for (AttributeRequest attrreq :
attrRequests) {

if(grpSchema.getAttributeNames().contains(attrreq.getName())) {
if(attrreq.getValue()
instanceof java.lang.String) {

attrreq.setValue(attrreq.getValue().toUpperCase());
}
}
}
}
}
}
}
if(context != null)
{
IdentityService identityService = new
IdentityService(context);
if(application != null)
{
 String shouldUseMSAdminDefined = (String)
application.getAttributeValue("useMSAdminDefined");
String msAdmin=null;

if(Util.isNotNullOrEmpty(shouldUseMSAdminDefined))
{
if(shouldUseMSAdminDefined.equals("Y"))
{
List idnList = plan.getRequesters();
if(idnList!=null)
{
if(!idnList.isEmpty())
{
Identity idn=(Identity) idnList.get(0);
List lnkList =
identityService.getLinks(idn, application);
if(lnkList!=null)
{
if(!lnkList.isEmpty())
{
Link lnk = (Link) lnkList.get(0);
//System.out.println("Adding
msAdmin in provisioning plan.");
req.addArgument("msAdmin",
lnk.getDisplayableName());
}
}
else
System.out.println("Requester does
not have a link from application " + application.getName());
}
}
else
System.out.println("No requester
found.");
}
}
//else
//System.out.println("shouldUseMSAdminDefined
is not set to Y");
}
}
}
}
</Source>
</PlanInitializerScript>
</ProvisioningConfig>
<ProvisioningForms>
<Form name="Create Account" objectType="account" type="Create">
<Field displayName="User ID" name="USER_ID" required="true"
type="string"/>
<Field displayName="Password" name="password" required="true"
section="" type="secret"/>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
<value>
 <DynamicValue value=""/>
</value>
</entry>
</Map>
</Attributes>
<Field name="GROUP_ID" required="true" section="" type="string"/>
<Field displayName="UIDMASKS" name="UIDMASKS" required="true"
section="" type="string"/>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field name="DESCRIPTION" section="" type="string"/>
<Field displayName="UIDMASKS" name="UIDMASKS" required="true"
section="" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="USER_ID" identityAttribute="USER_ID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="USER_ID" required="true"
type="string">
<Description>ACF2 ID of the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" required="true" schemaObjectType="group" type="string">
<Description>List of groups this user belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.ASSIZE" required="true"
type="string">
<Description>Max address space size - OMVS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.CPUTIME" required="true"
type="string">
<Description>Max cputime for a dubbed process - OMVS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.FILEPROC" required="true"
type="string">
<Description>Max files per process - OMVS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.HOME" required="true"
type="string">
<Description>Home-directory - defines the pathname of the
initial directory used when a user enters the OMVS command or enters the ISPF shell
- OMVS user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.MEMLIMIT" required="true"
type="string">
<Description>Maximum number of bytes of non-shared memory space
that can be allocated by the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.SHMEMMAX" required="true"
type="string">
<Description>Maximum number of bytes of shared memory space
that can be allocated by the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.MMAPAREA" required="true"
type="string">
<Description>Max-data-space pages-for-HFS-mappings - OMVS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.OMVSPGM" required="true"
type="string">
<Description>OMVS shell program started when the OMVS command
is entered or when an OMVS batch job is started using the BPXBATCH program - OMVS
user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.PROCUSER" required="true"
type="string">
<Description>Max number of processes - OMVS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.THREADS" required="true"
type="string">
<Description>Max number of pthread created threads - OMVS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVS.UID" required="true"
type="string">
<Description>User identification - OMVS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CICS.OPIDENT" required="true"
type="string">
<Description>Operator ID - CICS user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CICS.OPPRTY" required="true"
type="string">
<Description>Operator priority - CICS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CICS.TIMEOUT" required="true"
type="string">
<Description>Idle time value - CICS user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CICS.FORCE" required="true"
type="string">
<Description>Indicates whether the user is signed off (FORCE)
or not signed off (NOFORCE) when an XRF takeover occurs. - CICS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CICS.OPCLASS"
required="true" type="string">
<Description>Operator class values - CICS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="DCE.AUTOLOG" required="true"
type="string">
<Description>User should be automatically signed on to OMVS DCE
- DCE user profile</Description>
</AttributeDefinition>
 <AttributeDefinition name="DCE.UUID" required="true"
type="string">
<Description>UUID 36 characters - DCE user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="DCE.HOMEUUID" required="true"
type="string">
<Description>Home cell UUID - DCE user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="DCE.HOMECELL" required="true"
type="string">
<Description>Home cell name- DCE user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="DCE.DCENAME" required="true"
type="string">
<Description>Principal name of the user - DCE user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="KERB.KERBNAME" required="true"
type="string">
<Description>Kerberos-principal-name - KERB user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="KERB.MAXTKTLF" required="true"
type="string">
<Description>Maximum ticket life in seconds - KERB user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="KERB.KERB_VIO" required="true"
type="string">
<Description>Number of Kerberos key violations for
user</Description>
</AttributeDefinition>
<AttributeDefinition name="KERB.DES" required="true"
type="string">
<Description>DES encryption type is set for this logonid - KERB
user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="KERB.DES3" required="true"
type="string">
<Description>DES3 encryption type is set for this logonid -
KERB user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="KERB.DESD" required="true"
type="string">
<Description>DESD encryption type is set for this logonid -
KERB user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="LANGUAGE.PRIMARY" required="true"
type="string">
<Description>Three-character language code for the primary
language of user - LANGUAGE user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="LANGUAGE.SECONDRY" required="true"
type="string">
<Description>Three-character language code for the secondary
language of user - LANGUAGE user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="LNOTES.SNAME" required="true"
type="string">
<Description>Application-user-id - LNOTES user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="NDS.UNAME" required="true"
type="string">
<Description>Application-user-id - NDS user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.STORAGE" required="true"
type="string">
<Description>Amount of storage in MB to be used for message
queuing - OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.AUTH" required="true"
type="string">
<Description>Authority level to issue console commands
(MASTER,ALL,SYSTEM,IO,CONSOLE,INFO) - OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.AUTO" required="true"
type="string">
<Description>Indicates whether to receive unsolicited messages
- OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.MFORM"
required="true" type="string">
<Description>Message-format (TIME,SYSID,JOBNAME,MESSAGE,EXEMPT)
- OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.MONITOR"
required="true" type="string">
<Description>Options when monitoring jobs, TSO users or data
set status (JOBNAMES,TSOSESS,TSOTIME,STATUS) - OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.ROUTCODE"
required="true" type="string">
<Description>routing codes or ranges associated with this
console session - OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.LOGCMD" required="true"
type="string">
<Description>Whether command responses are to be logged in the
hard copy log - OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.MIGID" required="true"
type="string">
<Description>Whether a one-byte migration ID is to be assigned
to this console - OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.DOM" required="true"
type="string">
<Description>Delete-operator-message (NORMAL,ALL,NONE) -
OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.UD" required="true"
type="string">
<Description>Whether undelivered messages are to be received -
OPERPARM user profile</Description>
</AttributeDefinition>
 <AttributeDefinition name="OPERPARM.KEY" required="true"
type="string">
<Description>console-key - OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.CMDSYS" required="true"
type="string">
<Description>System name to which commands issued from this
console are to be sent - OPERPARM user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERPARM.ALTGROUP" required="true"
type="string">
<Description>Console group to be used in recovery - OPERPARM
user profile</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.OPERMSCP"
required="true" type="string">
<Description>A list of system names from which this console can
receive messages that are not directed to a specific console - OPERPARM user
profile</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPERPARM.MSGLEVEL"
required="true" type="string">
<Description>Messages to be received by this console (OPER
REPLY,IMMEDIATE, CRITICAL EVENTUAL, EVENTUAL, INFO, NO BROADCAST, ALL) - OPERPARM
user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WANAME" required="true"
type="string">
<Description>User name - WORKATTR user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WABLDG" required="true"
type="string">
<Description>Building name - WORKATTR user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WADEPT" required="true"
type="string">
<Description>Department name - WORKATTR user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAROOM" required="true"
type="string">
<Description>Room name - WORKATTR user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAADDR1" required="true"
type="string">
<Description>Address line 1 - WORKATTR user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAADDR2" required="true"
type="string">
<Description>Address line 2 - WORKATTR user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAADDR3" required="true"
type="string">
<Description>Address line 3 - WORKATTR user
profile</Description>
</AttributeDefinition>
 <AttributeDefinition name="WORKATTR.WAADDR4" required="true"
type="string">
<Description>Address line 4 - WORKATTR user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKATTR.WAACCNT" required="true"
type="string">
<Description>Account number - WORKATTR user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.IC" required="true"
type="string">
<Description>The initial command to be executed when the user
signs on - NETVIEW user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.CONSNAME" required="true"
type="string">
<Description>Default zOS console identifier - NETVIEW user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.SECCTL" required="true"
type="string">
<Description>Security check indicator - NETVIEW user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.MSGRECVR" required="true"
type="string">
<Description>Indicates whether the user can receive unsolicited
messages - NETVIEW user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIEW.NGMFADMN" required="true"
type="string">
<Description>Indicates whether the user has administrative
authority to the Graphic Monitor Facility - NETVIEW user profile</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="NETVIEW.NTVCLASS"
required="true" type="string">
<Description>A list of scope classes - NETVIEW user
profile</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="NETVIEW.DOMAINS"
required="true" type="string">
<Description>A list of program identifiers in another domain to
which the user has authority - NETVIEW user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="TSORGN" required="true" type="string">
<Description>Default TSO region size in kilobytes</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOSIZE" required="true"
type="string">
<Description>Maximum TSO region size</Description>
</AttributeDefinition>
<AttributeDefinition name="REVOKE_TYPE" required="true"
type="string">
<Description>Revoke type (SUSPEND, CANCEL, Both) of the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="NAME" required="true" type="string">
<Description>Name of the user</Description>
 </AttributeDefinition>
<AttributeDefinition name="PHONE" required="true" type="string">
<Description>Telephone number of a user</Description>
</AttributeDefinition>
<AttributeDefinition name="UID" required="true" type="string">
<Description>UID pseudo field, concatenation of selected
logonid fields</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="UIDX" required="true"
type="string">
<Description>Multiple values UID</Description>
</AttributeDefinition>
<AttributeDefinition name="GROUP" required="true" type="string">
<Description>Default group name for a logonid</Description>
</AttributeDefinition>
<AttributeDefinition name="SEC_VIO" required="true"
type="string">
<Description>Number of cumulative security violations for a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="UPD_TOD" required="true"
type="string">
<Description>Date and time that this logonid record was last
updated (read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="HOMENODE" required="true"
type="string">
<Description>Node name where this logonid record is stored in a
Logonid database in a distributed database network (read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="MONITOR" required="true"
type="string">
<Description>Whether a message is sent to the security console
and to a designated person each time this user enters the system</Description>
</AttributeDefinition>
<AttributeDefinition name="TRACE" required="true" type="string">
<Description>Whether CA ACF2 creates SMF loggings for all data
set and resource access attempts made by this user</Description>
</AttributeDefinition>
<AttributeDefinition name="MON_LOG" required="true"
type="string">
<Description>Whether an SMF record is written (for the Invalid
Password - Authority Log, ACFRPTPW) each time this user enters the
system</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO_TRC" required="true"
type="string">
<Description>Whether CA ACF2 traces all TSO commands issued by
this user for the Command Statistics Report (ACFRPTCR)</Description>
</AttributeDefinition>
<AttributeDefinition name="ACTIVE" required="true" type="string">
<Description>Activates the logonid one minute after midnight on
the date contained in this field</Description>
</AttributeDefinition>
<AttributeDefinition name="EXPIRE" required="true" type="string">
<Description>When the privileges for this logonid will
expire</Description>
</AttributeDefinition>
<AttributeDefinition name="CSDATE" required="true" type="string">
 <Description>Date that the CANCEL, SUSPEND, MON-LOG, or MONITOR
field was set for this user (read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="CSWHO" required="true" type="string">
<Description>Logonid of the user who set the CANCEL, SUSPEND,
MON-LOG, or MONITOR field for this user (read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="SECURITY" required="true"
type="string">
<Description>User is a security administrator</Description>
</AttributeDefinition>
<AttributeDefinition name="ACCOUNT" required="true"
type="string">
<Description>User can insert, list, change, and delete logonid
records</Description>
</AttributeDefinition>
<AttributeDefinition name="LEADER" required="true" type="string">
<Description>User can display and alter certain fields of
logonid records for other users.</Description>
</AttributeDefinition>
<AttributeDefinition name="AUDIT" required="true" type="string">
<Description>User can display the records and parameters of the
CA ACF2 system.</Description>
</AttributeDefinition>
<AttributeDefinition name="CONSULT" required="true"
type="string">
<Description>User can display other logonid
records</Description>
</AttributeDefinition>
<AttributeDefinition name="REFRESH" required="true"
type="string">
<Description>User can issue the /F ACF2,REFRESH operator
command to update GSO</Description>
</AttributeDefinition>
<AttributeDefinition name="READALL" required="true"
type="string">
<Description>User has read and execute access to all data sets
at the site</Description>
</AttributeDefinition>
<AttributeDefinition name="PROGRAM" required="true"
type="string">
<Description>Program (name or mask) must be used to submit jobs
for this logonid</Description>
</AttributeDefinition>
<AttributeDefinition name="SCPLIST" required="true"
type="string">
<Description>Scope record that restricts accesses for this
privileged user</Description>
</AttributeDefinition>
<AttributeDefinition name="TSO" required="true" type="string">
<Description>User can log on to TSO</Description>
</AttributeDefinition>
<AttributeDefinition name="JOB" required="true" type="string">
<Description>Batch or background jobs can use this
logonid</Description>
</AttributeDefinition>
<AttributeDefinition name="STC" required="true" type="string">
<Description>Logonid is for use by started tasks
only</Description>
 </AttributeDefinition>
<AttributeDefinition name="CICS" required="true" type="string">
<Description>User can sign on to CICS</Description>
</AttributeDefinition>
<AttributeDefinition name="IMS" required="true" type="string">
<Description>user can sign on to IMS</Description>
</AttributeDefinition>
<AttributeDefinition name="BDT" required="true" type="string">
<Description>Address space for this logonid belongs to the Bulk
Data Transfer (BDT) product</Description>
</AttributeDefinition>
<AttributeDefinition name="TAPE_BLP" required="true"
type="string">
<Description>User can use full bypass label processing (BLP)
when accessing tape data sets</Description>
</AttributeDefinition>
<AttributeDefinition name="TAPE_LBL" required="true"
type="string">
<Description>User has limited bypass label processing authority
when using tapes</Description>
</AttributeDefinition>
<AttributeDefinition name="SUBAUTH" required="true"
type="string">
<Description>Jobs that specify this logonid can be submitted
only through APF-authorized programs</Description>
</AttributeDefinition>
<AttributeDefinition name="JOBFROM" required="true"
type="string">
<Description>User can use //*JOBFROM control
statements</Description>
</AttributeDefinition>
<AttributeDefinition name="LOGSHIFT" required="true"
type="string">
<Description>User can access the system outside of the time
period specified in the SHIFT field of the logonid record</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTODUMP" required="true"
type="string">
<Description>CA ACF2 takes an SVC dump whenever a data set or
resource violation occurs</Description>
</AttributeDefinition>
<AttributeDefinition name="DUMPAUTH" required="true"
type="string">
<Description>User can generate a dump, even in an execute-only
environment</Description>
</AttributeDefinition>
<AttributeDefinition name="RESTRICT" required="true"
type="string">
<Description>Logonid is for production use only. A restricted
logonid does not require a password for user verification</Description>
</AttributeDefinition>
<AttributeDefinition name="RULEVLD" required="true"
type="string">
<Description>Access rule must authorize any data set accesses
that a user makes</Description>
</AttributeDefinition>
<AttributeDefinition name="NO_STORE" required="true"
type="string">
<Description>User cannot store or delete rule
sets</Description>
</AttributeDefinition>
<AttributeDefinition name="NO_INH" required="true" type="string">
<Description>Network job cannot inherit this logonid from its
submitter</Description>
</AttributeDefinition>
<AttributeDefinition name="NO_SMC" required="true" type="string">
<Description>User can bypass step-must-complete (SMC)
controls</Description>
</AttributeDefinition>
<AttributeDefinition name="MAINT" required="true" type="string">
<Description>A logonid can access data sets without CA ACF2
rule validation or loggings by means of a specified program executed from a
specified library</Description>
</AttributeDefinition>
<AttributeDefinition name="NON_CNCL" required="true"
type="string">
<Description>A user with the NON-CNCL privilege defined in
their logonid record has full access to any data set or resource despite any
security violations that can occur during the access attempt</Description>
</AttributeDefinition>
<AttributeDefinition name="PPGM" required="true" type="string">
<Description>User can execute the protected programs specified
in the GSO PPGM record</Description>
</AttributeDefinition>
<AttributeDefinition name="SYNCNODE" required="true"
type="string">
<Description>Name of the node where the synchronized logonid
for a user resides. This node name is the logical node name as defined by a NETNODE
record.</Description>
</AttributeDefinition>
<AttributeDefinition name="CMD_PROP" required="true"
type="string">
<Description>user can use the SET TARGET command or the TARGET
parameter on the INSERT, CHANGE, LIST, and DELETE commands to override the global
CPF target list</Description>
</AttributeDefinition>
<AttributeDefinition name="ACC_CNT" required="true"
type="string">
<Description>System accesses counter made by this logonid since
it was created (read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="ACC_DATE" required="true"
type="string">
<Description>The date of the last system access by this user
(read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="ACC_SRCE" required="true"
type="string">
<Description>Logical or physical input source name or source
group name from which this user last accessed the system. (read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="ACC_TIME" required="true"
type="string">
<Description>Time of the last system access by this user (read
only)</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_EXP" required="true"
type="string">
 <Description>Password has been manually expired</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_TOD" required="true"
type="string">
<Description>Date and time when a password was last
changed</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_DAT" required="true"
type="string">
<Description>Date of the last invalid password or password
phrase attempt (read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_TIM" required="true"
type="string">
<Description>last time a user entered an invalid password (read
only)</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_SRC" required="true"
type="string">
<Description>Logical or physical input source name or source
group name from which a user last entered an invalid password (read
only)</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_INV" required="true"
type="string">
<Description>Number of password violations that occurred since
the last successful logon (read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_VIO" required="true"
type="string">
<Description>Number of password violations that occurred on
PSWD_DAT</Description>
</AttributeDefinition>
<AttributeDefinition name="MAXDAYS" required="true"
type="string">
<Description>Maximum number of days permitted between password
changes before the password expires</Description>
</AttributeDefinition>
<AttributeDefinition name="MINDAYS" required="true"
type="string">
<Description>Minimum number of days that must elapse before a
user can change their password</Description>
</AttributeDefinition>
<AttributeDefinition name="DFT_DEST" required="true"
type="string">
<Description>Default remote destination for TSO-spun SYSOUT
data sets</Description>
</AttributeDefinition>
<AttributeDefinition name="DFT_PFX" required="true"
type="string">
<Description>Default TSO prefix that is set in the user profile
at logon time</Description>
</AttributeDefinition>
<AttributeDefinition name="DFT_SOUT" required="true"
type="string">
<Description>Default TSO SYSOUT class</Description>
</AttributeDefinition>
<AttributeDefinition name="DFT_SUBC" required="true"
type="string">
 <Description>Default TSO submit class</Description>
</AttributeDefinition>
<AttributeDefinition name="DFT_SUBH" required="true"
type="string">
<Description>Default TSO submit hold class</Description>
</AttributeDefinition>
<AttributeDefinition name="DFT_SUBM" required="true"
type="string">
<Description>Default TSO submit message class</Description>
</AttributeDefinition>
<AttributeDefinition name="LGN_ACCT" required="true"
type="string">
<Description>Permission to specify an account number at logon
time</Description>
</AttributeDefinition>
<AttributeDefinition name="PMT_ACCT" required="true"
type="string">
<Description>CA ACF2 requires a user to specify an account
number at logon time</Description>
</AttributeDefinition>
<AttributeDefinition name="LGN_PROC" required="true"
type="string">
<Description>Permission to specify the TSO procedure name at
logon time</Description>
</AttributeDefinition>
<AttributeDefinition name="PMT_PROC" required="true"
type="string">
<Description>CA ACF2 requires a user to specify a TSO procedure
name at logon time</Description>
</AttributeDefinition>
<AttributeDefinition name="LGN_RCVR" required="true"
type="string">
<Description>Permission to use the recover option of the
TSO</Description>
</AttributeDefinition>
<AttributeDefinition name="LGN_SIZE" required="true"
type="string">
<Description>User is authorized to specify any region size at
logon time (overriding TSOSIZE)</Description>
</AttributeDefinition>
<AttributeDefinition name="LGN_TIME" required="true"
type="string">
<Description>Permission to specify the TSO session time limit
at logon time</Description>
</AttributeDefinition>
<AttributeDefinition name="LGN_UNIT" required="true"
type="string">
<Description>Permission to specify the TSO unit name at logon
time</Description>
</AttributeDefinition>
<AttributeDefinition name="LGN_DEST" required="true"
type="string">
<Description>Permission to specify a remote output destination
at TSO logon that overrides the value specified in the DFT-DEST field</Description>
</AttributeDefinition>
<AttributeDefinition name="LGN_MSG" required="true"
type="string">
<Description>User has permission to specify a message class at
logon time</Description>
 </AttributeDefinition>
<AttributeDefinition name="LGN_PERF" required="true"
type="string">
<Description>permission to specify a performance group at logon
time</Description>
</AttributeDefinition>
<AttributeDefinition name="MODE" required="true" type="string">
<Description>User wants to receive modal messages from
TSO</Description>
</AttributeDefinition>
<AttributeDefinition name="OPERATOR" required="true"
type="string">
<Description>User has TSO operator privileges</Description>
</AttributeDefinition>
<AttributeDefinition name="CONSOLE" required="true"
type="string">
<Description>Permits user to access the TSO CONSOLE
facility</Description>
</AttributeDefinition>
<AttributeDefinition name="PAUSE" required="true" type="string">
<Description>User wants a program to pause when a multilevel
message is issued by a command executed in a CLIST</Description>
</AttributeDefinition>
<AttributeDefinition name="PROMPT" required="true" type="string">
<Description>CA ACF2 prompts a user for missing or incorrect
parameters</Description>
</AttributeDefinition>
<AttributeDefinition name="MOUNT" required="true" type="string">
<Description>Permission to issue mounts for
devices</Description>
</AttributeDefinition>
<AttributeDefinition name="RECOVER" required="true"
type="string">
<Description>User can specify the recover option of the
TSO</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOACCT" required="true"
type="string">
<Description>Default TSO logon account</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOCMDS" required="true"
type="string">
<Description>TSO command list module name that contains the
list of commands that this user is authorized to use</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOFSCRN" required="true"
type="string">
<Description>User can use the full-screen logon
display</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOPERF" required="true"
type="string">
<Description>Default TSO performance group</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOPROC" required="true"
type="string">
<Description>Default TSO procedure name</Description>
</AttributeDefinition>
<AttributeDefinition name="TSORBA" required="true" type="string">
 <Description>Mail Index Record Pointer (MIRP) for this
user</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOTIME" required="true"
type="string">
<Description>Default TSO time parameter, which is the CPU time
limit (in minutes) associated with the TSO session</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOUNIT" required="true"
type="string">
<Description>Default TSO unit name</Description>
</AttributeDefinition>
<AttributeDefinition name="WTP" required="true" type="string">
<Description>CA ACF2 displays write-to-programmer
messages</Description>
</AttributeDefinition>
<AttributeDefinition name="INTERCOM" required="true"
type="string">
<Description>User is willing to accept messages from other
users through the TSO SEND command</Description>
</AttributeDefinition>
<AttributeDefinition name="JCL" required="true" type="string">
<Description>Indicates the ability to submit batch jobs from
TSO and to use SUBMIT, STATUS, CANCEL, and OUTPUT commands</Description>
</AttributeDefinition>
<AttributeDefinition name="MAIL" required="true" type="string">
<Description>User can receive mail messages from TSO at logon
time</Description>
</AttributeDefinition>
<AttributeDefinition name="NOTICES" required="true"
type="string">
<Description>User can receive TSO notices at logon
time</Description>
</AttributeDefinition>
<AttributeDefinition name="LINE" required="true" type="string">
<Description>TSO line-delete character</Description>
</AttributeDefinition>
<AttributeDefinition name="CHAR" required="true" type="string">
<Description>TSO character-delete character for this
user</Description>
</AttributeDefinition>
<AttributeDefinition name="ATTR2" required="true" type="string">
<Description>Enables a site to do TSO command limiting when you
use SYS1.UADS instead of the Logonid database</Description>
</AttributeDefinition>
<AttributeDefinition name="CMD_LONG" required="true"
type="string">
<Description>CA ACF2 should bypass the TSO command list feature
for this user</Description>
</AttributeDefinition>
<AttributeDefinition name="VLD_ACCT" required="true"
type="string">
<Description>CA ACF2 validates the TSO account number of a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="VLD_PROC" required="true"
type="string">
<Description>CA ACF2 validates the TSO procedure name of a
user</Description>
 </AttributeDefinition>
<AttributeDefinition name="MSGID" required="true" type="string">
<Description>User wants TSO messages to have message IDs
prefixed</Description>
</AttributeDefinition>
<AttributeDefinition name="ACCTPRIV" required="true"
type="string">
<Description>User has TSO accounting privileges</Description>
</AttributeDefinition>
<AttributeDefinition name="ALLCMDS" required="true"
type="string">
<Description>Indicates the ability to bypass the CA ACF2
restricted command lists by entering a special prefix character</Description>
</AttributeDefinition>
<AttributeDefinition name="ACF2CICS" required="true"
type="string">
<Description>CA ACF2 CICS security is to be initialized in any
CICS region running with this address space logonid</Description>
</AttributeDefinition>
<AttributeDefinition name="CICSCL" required="true" type="string">
<Description>CICS operator class</Description>
</AttributeDefinition>
<AttributeDefinition name="CICSID" required="true" type="string">
<Description>CICS operator ID</Description>
</AttributeDefinition>
<AttributeDefinition name="CICSPRI" required="true"
type="string">
<Description>CICS operator priority</Description>
</AttributeDefinition>
<AttributeDefinition name="CICSRSL" required="true"
type="string">
<Description>CICS resource access key</Description>
</AttributeDefinition>
<AttributeDefinition name="IDLE" required="true" type="string">
<Description>Maximum time permitted (in minutes) between
terminal transactions for this user</Description>
</AttributeDefinition>
<AttributeDefinition name="MUSDLID" required="true"
type="string">
<Description>Default logonid for a multiple-user single address
space system (MUSASS) address space</Description>
</AttributeDefinition>
<AttributeDefinition name="MUSID" required="true" type="string">
<Description>Multiple-user single address space ID
(MUSASS)</Description>
</AttributeDefinition>
<AttributeDefinition name="MUSUPDT" required="true"
type="string">
<Description>A MUSASS logonid with this privilege has the
authority to make calls on behalf of users who are updating the
databases</Description>
</AttributeDefinition>
<AttributeDefinition name="SOURCE" required="true" type="string">
<Description>Logical or physical input source name or source
group name from which a user must access the system</Description>
</AttributeDefinition>
<AttributeDefinition name="SHIFT" required="true" type="string">
<Description>Shift record name that defines the period during
which a user can log on to the system</Description>
 </AttributeDefinition>
<AttributeDefinition name="ZONE" required="true" type="string">
<Description>Zone record name that defines the time zone from
which this logonid normally accesses the system</Description>
</AttributeDefinition>
<AttributeDefinition name="PREFIX" required="true" type="string">
<Description>Prefix key of the rule used to validate access to
a data set</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHSUP1" required="true"
type="string">
<Description>Extended user authentication (EUA) routine for a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHSUP2" required="true"
type="string">
<Description>Extended user authentication (EUA) routine for a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHSUP3" required="true"
type="string">
<Description>Extended user authentication (EUA) routine for a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHSUP4" required="true"
type="string">
<Description>Extended user authentication (EUA) routine for a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHSUP5" required="true"
type="string">
<Description>Extended user authentication (EUA) routine for a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHSUP6" required="true"
type="string">
<Description>Extended user authentication (EUA) routine for a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHSUP7" required="true"
type="string">
<Description>Extended user authentication (EUA) routine for a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="AUTHSUP8" required="true"
type="string">
<Description>Extended user authentication (EUA) routine for a
user</Description>
</AttributeDefinition>
<AttributeDefinition name="SMSINFO" required="true"
type="string">
<Description>CONTROL(SMS) record name that contains the default
storage management class values for a user</Description>
</AttributeDefinition>
<AttributeDefinition name="RSRCVLD" required="true"
type="string">
<Description>Resource rule must authorize any resource accesses
that a user makes</Description>
</AttributeDefinition>
 <AttributeDefinition name="PRIV_CTL" required="true"
type="string">
<Description>Logonid is valid for dynamic logonid
privileges</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_UPP" required="true"
type="string">
<Description>New password is to be upper-case</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_MIX" required="true"
type="string">
<Description>Current password is case-sensitive</Description>
</AttributeDefinition>
<AttributeDefinition name="LDS" required="true" type="string">
<Description>Whether logonid administrative changes for this
user were propagated to all active Lightweight-Directory Access Protocol (LDAP)
servers in the network</Description>
</AttributeDefinition>
<AttributeDefinition name="MUSASS" required="true" type="string">
<Description>Logonid is for a multiple-user single address
space system, such as CICS or IMS</Description>
</AttributeDefinition>
<AttributeDefinition name="MUSIDINF" required="true"
type="string">
<Description>MUSID field should be used to restrict access to a
MUSASS region for CA ACF2 Info type system entry calls</Description>
</AttributeDefinition>
<AttributeDefinition name="NOMAXVIO" required="true"
type="string">
<Description>Prevents the user violation counter from
incrementing and MAXVIO processing from occurring</Description>
</AttributeDefinition>
<AttributeDefinition name="NO_OMVS" required="true"
type="string">
<Description>User cannot use any z/OS UNIX System
Services</Description>
</AttributeDefinition>
<AttributeDefinition name="NO_STATS" required="true"
type="string">
<Description>Last access statistics on a successful full
validation (ACVAMVAL) MUSASS signon request are bypassed</Description>
</AttributeDefinition>
<AttributeDefinition name="PP_TRC" required="true" type="string">
<Description>Whether CA ACF2 creates SMF loggings that contain
the Active Library List for all data set access attempts made by this logonid in a
batch job</Description>
</AttributeDefinition>
<AttributeDefinition name="PP_TRCV" required="true"
type="string">
<Description>Whether CA ACF2 creates SMF loggings that contain
the Active Library List for all data set access violations made by this logonid in
a batch job</Description>
</AttributeDefinition>
<AttributeDefinition name="PSWD_XTR" required="true"
type="string">
<Description>Password for the logonid is halfway encrypted and
can be extracted by an APF-authorized program</Description>
</AttributeDefinition>
<AttributeDefinition name="PTICKET" required="true"
type="string">
<Description>Passticket can be used with a userid that has the
RESTRICT attribute</Description>
</AttributeDefinition>
<AttributeDefinition name="SYSPEXCL" required="true"
type="string">
<Description>When the system is active in a sysplex
enivronment, this logonid record should not be written to the
structure</Description>
</AttributeDefinition>
<AttributeDefinition name="TDISKVLD" required="true"
type="string">
<Description>Access rules must exist for all data on temporary
disks that this user accesses</Description>
</AttributeDefinition>
<AttributeDefinition name="UNICNTR" required="true"
type="string">
<Description>User also resides on the CA Common Services (CCS)
platform</Description>
</AttributeDefinition>
<AttributeDefinition name="VLDRSTCT" required="true"
type="string">
<Description>PROGRAM and SUBAUTH are to be validated even when
this RESTRICTed logonid is inherited</Description>
</AttributeDefinition>
<AttributeDefinition name="PROXY.BINDDN" required="true"
type="string">
<Description>Distinguished name (DN) which will be used in
conjunction with the BIND password if the LDAP Server needs to supply an
administrator or user identity to BIND with another LDAP server - PROXY user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="PROXY.BINDPTOD" required="true"
type="string">
<Description>Date and time the BINDPW field was last changed -
PROXY user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="PROXY.BINDPW" required="true"
type="string">
<Description>Password for the DN defined in the BINDDN
parameter - PROXY user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="PROXY.LDAPHOST" required="true"
type="string">
<Description>URL of the LDAP server that the zOS LDAP Server
will contact when acting as a proxy on behalf of a requester - PROXY user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="LINUX.AUTOUIDL" required="true"
type="string">
<Description>Automatically assigns a LINUXUID value when there
is an active GSO AUTOIDLX record that specifies ASSIGNU - LINUX user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="LINUX.LINUXGRP" required="true"
type="string">
<Description>Name of the LINUX group profile record - LINUX
user profile</Description>
</AttributeDefinition>
 <AttributeDefinition name="LINUX.LINUXHOM" required="true"
type="string">
<Description>Pathname of the Initial Directory when a user
enters a Linux command or the ISPF shell - LINUX user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="LINUX.LINUXNAM" required="true"
type="string">
<Description>LINUX Application User Identity - LINUX user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="LINUX.LINUXPGM" required="true"
type="string">
<Description>LINUX Service Shell Program when Linux command is
first entered - LINUX user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="LINUX.LINUXUID" required="true"
type="string">
<Description>LINUX uid - LINUX user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="KEYRING.DEFAULT" required="true"
type="string">
<Description>Record key of a CERTDATA certificate record that
is to be used as the default certificate for this key ring</Description>
</AttributeDefinition>
<AttributeDefinition name="KEYRING.RINGNAME" required="true"
type="string">
<Description>Key ring name</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.ACTIVE" required="true"
type="string">
<Description>Date when the profile record associating the user
to the certificate becomes active - CERTDATA user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.CERTID" required="true"
type="string">
<Description>Serial number and certification authority's
distinguished name as extracted from the certificate - CERTDATA user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.DSA" required="true"
type="string">
<Description>Key pair has been generated using the Digital
Signature Algorithm instead of the RSA algorithm - CERTDATA user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.DSN" required="true"
type="string">
<Description>zOS data set that contains the digital certificate
that is inserted into a CERTDATA profile record - CERTDATA user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.EXPIRE" required="true"
type="string">
<Description>Date which gives the security administrator the
ability to specify when the profile record associating the user to the certificate
expires - CERTDATA user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.HITRUST" required="true"
type="string">
 <Description>Certificate is both highly trusted and trusted -
CERTDATA user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.ICSF" required="true"
type="string">
<Description>Private key for the certificate is placed in ICSF
- CERTDATA user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.LABEL" required="true"
type="string">
<Description>Label to be associated with the certificate -
CERTDATA user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.PCICC" required="true"
type="string">
<Description>PCICC was specified on the GENCERT or INSERT
command - CERTDATA user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.SUBJDN" required="true"
type="string">
<Description>Subject distinguished name as extracted from the
certificate - CERTDATA user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="CERTDATA.TRUST" required="true"
type="string">
<Description>Certificate is trusted - CERTDATA user
profile</Description>
</AttributeDefinition>
<AttributeDefinition name="KERBCUR" required="true"
type="string">
<Description>Current Kerberos key</Description>
</AttributeDefinition>
<AttributeDefinition name="KERBCURV" required="true"
type="string">
<Description>Current Kerberos key version</Description>
</AttributeDefinition>
<AttributeDefinition name="KERBPRE" required="true"
type="string">
<Description>Previous Kerberos key</Description>
</AttributeDefinition>
<AttributeDefinition name="KERBPREV" required="true"
type="string">
<Description>Previous Kerberos key version</Description>
</AttributeDefinition>
<AttributeDefinition name="KERBLINK.KBLKNAME" required="true"
type="string">
<Description>Userid that is to be associated with the foreign
principal - KERBLINK user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="PASSWORD.@PSWDCNT" required="true"
type="string">
<Description>Number of previous passwords stored in the record
for extended password history - PASSWORD user profile</Description>
</AttributeDefinition>
<AttributeDefinition name="PASSWORD.@PWD_TOD" required="true"
type="string">
<Description>Date and time of the user current password -
PASSWORD user profile</Description>
</AttributeDefinition>
 <AttributeDefinition name="CRE_TOD" required="true"
type="string">
<Description>Date and time that a logonid record was created
(read only)</Description>
</AttributeDefinition>
<AttributeDefinition name="KERB_VIO" required="true"
type="string">
<Description>Number of Kerberos key violations</Description>
</AttributeDefinition>
<AttributeDefinition name="PWP_VIO" required="true"
type="string">
<Description>Number of password phrase violations that occurred
on PSWD-DAT</Description>
</AttributeDefinition>
<AttributeDefinition name="PWPHRASE.PWP_EXP" required="true"
type="string">
<Description>Password phrase has been manually
expired</Description>
</AttributeDefinition>
<AttributeDefinition name="PWPHRASE.PWP_TOD" required="true"
type="string">
<Description>Date and time when a password phrase was last
changed</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="DESCRIPTION"
displayAttribute="GROUP_ID" featuresString="PROVISIONING"
identityAttribute="GROUP_ID" nativeObjectType="group" objectType="group">
<AttributeDefinition name="GROUP_ID" required="true"
type="string">
<Description>ACF2 ID of the group</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="DESCRIPTION"
required="true" type="string">
<Description>Description of Group (free text)</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="UIDMASKS" required="true"
type="string">
<Description>UID mask which defines this Group. (All users
matching this UID mask belong to this group)</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE, PASSWORD, ENABLE,
UNLOCK, SEARCH, UNSTRUCTURED_TARGETS" icon="internetIcon" name="NetSuite"
type="NetSuite">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.netsuite.NetsuiteConnector"/>
<entry key="encrypted"
value="accountId,applicationId,clientId,clientSecret,tokenId,tokenSecret"/>
<entry key="formPath" value="NetsuiteForm.xhtml"/>
<entry key="isDeleteEnable" value="false"/>
</Map>
</Attributes>
<ProvisioningForms>
 <Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_netsuite_EmpID"
helpKey="help_con_form_netsuite_EmpID" name="EmpID" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_netsuite_Password"
helpKey="help_con_form_netsuite_Password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_netsuite_Email"
helpKey="help_con_form_netsuite_Email" name="Email" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_netsuite_Fax"
helpKey="help_con_form_netsuite_Fax" name="Fax" reviewRequired="true" section=""
type="string"/>
<Field displayName="con_prov_policy_netsuite_OfficePhoneNumber"
helpKey="help_con_form_netsuite_OfficePhoneNumber" name="OfficePhoneNumber"
reviewRequired="true" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="EmpID" identityAttribute="InternalID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="EmpID"
remediationModificationType="None" required="true" type="string">
<Description>The User Name(EntityID)</Description>
</AttributeDefinition>
<AttributeDefinition name="InternalID"
remediationModificationType="None" required="true" type="string">
<Description>The User ID(Internal ID)</Description>
</AttributeDefinition>
<AttributeDefinition name="Email"
remediationModificationType="None" required="true" type="string">
<Description>The Email of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="EmployeeStatus"
remediationModificationType="None" required="true" type="string">
<Description>Status of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="SocialSecurityNumber"
remediationModificationType="None" required="true" type="string">
<Description>Social Security number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="DateOfBirth"
remediationModificationType="None" required="true" type="string">
<Description>The Date of Birth of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Initial"
remediationModificationType="None" required="true" type="string">
<Description>The Initials of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Fax"
remediationModificationType="None" required="true" type="string">
<Description>The Fax of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OfficePhoneNumber"
remediationModificationType="None" required="true" type="string">
<Description>The Office Phone Number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="HomePhoneNumber"
remediationModificationType="None" required="true" type="string">
 <Description>The Home Phone Number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="MobilePhoneNumber"
remediationModificationType="None" required="true" type="string">
<Description>The Mobile Number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Department"
remediationModificationType="None" required="true" type="string">
<Description>The Department of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Class"
remediationModificationType="None" required="true" type="string">
<Description>Class for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="BillingClass"
remediationModificationType="None" required="true" type="string">
<Description>Billing class for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="GlobalSubscriptionStatus"
remediationModificationType="None" required="true" type="string">
<Description>Global subscription status of the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="Supervisor"
remediationModificationType="None" required="true" type="string">
<Description>The supervisor of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="TimeApprover"
remediationModificationType="None" required="true" type="string">
<Description>The time approver manager for the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="Type"
remediationModificationType="None" required="true" type="string">
<Description>User Type</Description>
</AttributeDefinition>
<AttributeDefinition name="DateOfHiring"
remediationModificationType="None" required="true" type="string">
<Description>Hiring date of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="JobTitle"
remediationModificationType="None" required="true" type="string">
<Description>The Title of the job of user</Description>
</AttributeDefinition>
<AttributeDefinition name="jobDescription"
remediationModificationType="None" required="true" type="string">
<Description>The job of the User</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Groups" schemaObjectType="group" type="string">
<Description>It specifies all the groups to which user belongs
to.</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="GroupName"
identityAttribute="GroupInternalID" nativeObjectType="group" objectType="group">
<AttributeDefinition name="GroupName"
remediationModificationType="None" required="true" type="string">
<Description>Name of the Group</Description>
 </AttributeDefinition>
<AttributeDefinition name="GroupInternalID"
remediationModificationType="None" required="true" type="string">
<Description>Internal ID of the Group</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="DISCOVER_SCHEMA, PROVISIONING, SYNC_PROVISIONING, ENABLE, PASSWORD"
icon="internetIcon" name="SCIM" type="SCIM">
<Attributes>
<Map>
<entry key="authType" value="oauth2"/>
<entry key="connectorClass"
value="openconnector.connector.SCIMConnector"/>
<entry key="contentType" value="json"/>
<entry key="enableComplexAttributeSupport" value="true"/>
<entry key="encrypted"
value="client_secret,refresh_token,oauthBearerToken,oauthTokenInfo,apiToken,private
_key,private_key_password"/>
<entry key="formPath" value="scimAttributesForm.xhtml"/>
<entry key="grant_type" value="CLIENT_CREDENTIALS"/>
<entry key="host"/>
<entry key="oAuthJwtHeader">
<value>
<Map>
<entry key="alg" value="RS256"/>
</Map>
</value>
</entry>
<entry key="oAuthJwtPayload">
<value>
<Map>
<entry key="aud"/>
<entry key="exp" value="15f"/>
<entry key="iss"/>
<entry key="sub"/>
</Map>
</value>
</entry>
<entry key="password"/>
<entry key="scimAttrMapping">
<value>
<Map>
<entry key="emails">
<value>
<Map>
<entry key="email" value="value"/>
<entry key="email_primary" value="primary"/>
<entry key="email_type" value="type"/>
</Map>
</value>
</entry>
<entry key="entitlements">
<value>
<Map>
<entry key="entitlements_primary" value="primary"/>
<entry key="entitlements_value" value="value"/>
 </Map>
</value>
</entry>
<entry key="name">
<value>
<Map>
<entry key="familyName" value="familyName"/>
<entry key="formattedName" value="formatted"/>
<entry key="givenName" value="givenName"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="skipSchemaAttributes">
<value>
<List>
<String>alias</String>
<String>groups</String>
</List>
</value>
</entry>
<entry key="user"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create account" objectType="account" type="Create">
<Field displayName="User Name" name="userName" required="true"
reviewRequired="true" type="string">
<Script>
<Source>return identity.getName();</Source>
</Script>
</Field>
<Field displayName="First Name" name="givenName"
reviewRequired="true" type="string">
<Script>
<Source>return identity.getFirstname();</Source>
</Script>
</Field>
<Field displayName="Last Name" name="familyName"
reviewRequired="true" type="string">
<Script>
<Source>return identity.getLastname();</Source>
</Script>
</Field>
<Field displayName="Full Name" name="formattedName"
reviewRequired="true" type="string">
<Script>
<Source>return identity.getFullName();</Source>
</Script>
</Field>
<Field displayName="Password" name="password"
reviewRequired="true" type="secret"/>
<Field displayName="Email Type" name="email_type"
reviewRequired="true" type="string">
<AllowedValues>
<String>work</String>
<String>home</String>
 <String>other</String>
</AllowedValues>
</Field>
<Field displayName="Email" name="email" reviewRequired="true"
type="string"/>
<Field displayName="Email Primary" name="email_primary"
reviewRequired="true" type="boolean"/>
</Form>
<Form name="Update group" objectType="group" type="Update">
<Field displayName="Display Name" name="displayName"
required="true" type="string"/>
<Field displayName="External ID" name="externalId"
type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="userName" identityAttribute="id"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="id" remediationModificationType="None"
required="true" type="string">
<Description>A unique identifier for a SCIM
resource</Description>
</AttributeDefinition>
<AttributeDefinition name="userName"
remediationModificationType="None" required="true" type="string">
<Description>Name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="externalId"
remediationModificationType="None" type="string">
<Description>A String that is an identifier for the
resource</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName"
remediationModificationType="None" type="string">
<Description>The name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="nickName"
remediationModificationType="None" type="string">
<Description>The casual way to address the user in real
life</Description>
</AttributeDefinition>
<AttributeDefinition name="profileUrl"
remediationModificationType="None" type="string">
<Description>A fully qualified URL to a page representing the
Users Online profile</Description>
</AttributeDefinition>
<AttributeDefinition name="title"
remediationModificationType="None" type="string">
<Description>The user's title</Description>
</AttributeDefinition>
<AttributeDefinition name="userType"
remediationModificationType="None" type="string">
<Description>Used to identify the organization to user
relationship</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage"
remediationModificationType="None" type="string">
<Description>Indicates the User's preferred written or spoken
language</Description>
 </AttributeDefinition>
<AttributeDefinition name="locale"
remediationModificationType="None" type="string">
<Description>Used to indicate the User's default location for
purposes of localizing items</Description>
</AttributeDefinition>
<AttributeDefinition name="timezone"
remediationModificationType="None" type="string">
<Description>The User's time zone in the Olson timezone
database format</Description>
</AttributeDefinition>
<AttributeDefinition name="formattedName"
remediationModificationType="None" type="string">
<Description>The full name, including all middle names, titles,
and suffixes</Description>
</AttributeDefinition>
<AttributeDefinition name="familyName"
remediationModificationType="None" type="string">
<Description>The family name (last name) of the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName"
remediationModificationType="None" type="string">
<Description>The family name (last name) of the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="middleName"
remediationModificationType="None" type="string">
<Description>The middle name(s) of the User</Description>
</AttributeDefinition>
<AttributeDefinition name="honorificPrefix"
remediationModificationType="None" type="string">
<Description>The honorific prefix(es) of the User</Description>
</AttributeDefinition>
<AttributeDefinition name="honorificSuffix"
remediationModificationType="None" type="string">
<Description>The honorific suffix(es) of the User</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber"
remediationModificationType="None" type="string">
<Description>Numeric or alphanumeric identifier assigned to a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="costCenter"
remediationModificationType="None" type="string">
<Description>Identifies the name of a cost center</Description>
</AttributeDefinition>
<AttributeDefinition name="organization"
remediationModificationType="None" type="string">
<Description>Identifies the name of an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="division"
remediationModificationType="None" type="string">
<Description>Identifies the name of a division</Description>
</AttributeDefinition>
<AttributeDefinition name="department"
remediationModificationType="None" type="string">
<Description>Identifies the name of a department</Description>
 </AttributeDefinition>
<AttributeDefinition name="managerId"
remediationModificationType="None" type="string">
<Description>The id of the SCIM resource representing the Users
manager</Description>
</AttributeDefinition>
<AttributeDefinition name="managerName"
remediationModificationType="None" type="string">
<Description>Name of the manager</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="emails"
remediationModificationType="None" type="string">
<Description>E-mail addresses for the User</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.home.primary.value"
remediationModificationType="None" type="string">
<Description>Primary home e-mail address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="emails.home.secondary.value" remediationModificationType="None"
type="string">
<Description>Secondary home e-mail addresses for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.work.primary.value"
remediationModificationType="None" type="string">
<Description>Primary work e-mail address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="emails.work.secondary.value" remediationModificationType="None"
type="string">
<Description>Secondary work e-mail addresses for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.other.primary.value"
remediationModificationType="None" type="string">
<Description>Primary other e-mail address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="emails.other.secondary.value" remediationModificationType="None"
type="string">
<Description>Secondary other e-mail addresses for the
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="emails_objects"
remediationModificationType="None" type="string">
<Description>A list of all of the users email
addresses</Description>
</AttributeDefinition>
<AttributeDefinition name="emails_primary"
remediationModificationType="None" type="boolean">
<Description>The users primary email address</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="phoneNumbers"
remediationModificationType="None" type="string">
<Description>Phone numbers for the User</Description>
 </AttributeDefinition>
<AttributeDefinition name="phoneNumbers.home.primary.value"
remediationModificationType="None" type="string">
<Description>Primary home phone number for the
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="phoneNumbers.home.secondary.value" remediationModificationType="None"
type="string">
<Description>Secondary home phone numbers for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="phoneNumbers.work.primary.value"
remediationModificationType="None" type="string">
<Description>Primary work phone number for the
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="phoneNumbers.work.secondary.value" remediationModificationType="None"
type="string">
<Description>Secondary work phone numbers for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="phoneNumbers.mobile.primary.value"
remediationModificationType="None" type="string">
<Description>Primary mobile phone number for the
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="phoneNumbers.mobile.secondary.value" remediationModificationType="None"
type="string">
<Description>Secondary mobile phone numbers for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="phoneNumbers.other.primary.value"
remediationModificationType="None" type="string">
<Description>Primary other phone number for the
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="phoneNumbers.other.secondary.value" remediationModificationType="None"
type="string">
<Description>Secondary other phone numbers for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="phoneNumbers.fax.primary.value"
remediationModificationType="None" type="string">
<Description>Primary fax number for the User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="phoneNumbers.fax.secondary.value" remediationModificationType="None"
type="string">
<Description>Secondary fax numbers for the User</Description>
</AttributeDefinition>
<AttributeDefinition name="phoneNumbers.pager.primary.value"
remediationModificationType="None" type="string">
<Description>Primary pager number for the User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="phoneNumbers.pager.secondary.value" remediationModificationType="None"
type="string">
<Description>Secondary pager numbers for the User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="phoneNumbers_objects"
remediationModificationType="None" type="string">
<Description>A list of all of the users phone
numbers</Description>
</AttributeDefinition>
<AttributeDefinition name="phoneNumbers_primary"
remediationModificationType="None" type="boolean">
<Description>The users primary phone number</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ims"
remediationModificationType="None" type="string">
<Description>Instant messaging address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="ims.aim.value"
remediationModificationType="None" type="string">
<Description>AIM instant messaging address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="ims.gtalk.value"
remediationModificationType="None" type="string">
<Description>Gtalk instant messaging address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="ims.icq.value"
remediationModificationType="None" type="string">
<Description>ICQ instant messaging address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="ims.xmpp.value"
remediationModificationType="None" type="string">
<Description>XMPP instant messaging address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="ims.msn.value"
remediationModificationType="None" type="string">
<Description>MSN instant messaging address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="ims.skype.value"
remediationModificationType="None" type="string">
<Description>Skype instant messaging address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="ims.qq.value"
remediationModificationType="None" type="string">
<Description>QQ instant messaging address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition name="ims.yahoo.value"
remediationModificationType="None" type="string">
<Description>Yahoo instant messaging address for the
User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ims_objects"
remediationModificationType="None" type="string">
<Description>A list of all of the instant messaging
usernames</Description>
</AttributeDefinition>
<AttributeDefinition name="ims_primary"
remediationModificationType="None" type="boolean">
<Description>The users primary instant messaging
username</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="photos"
remediationModificationType="None" type="string">
<Description>URL of a photo of the User</Description>
</AttributeDefinition>
<AttributeDefinition name="photos.photo.value"
remediationModificationType="None" type="string">
<Description>URL of a photo of the User</Description>
</AttributeDefinition>
<AttributeDefinition name="photos.thumbnail.value"
remediationModificationType="None" type="string">
<Description>URL of a thumbnail photo of the User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="photos_objects"
remediationModificationType="None" type="string">
<Description>A list of URLs of all of the users
photos</Description>
</AttributeDefinition>
<AttributeDefinition name="photos_primary"
remediationModificationType="None" type="boolean">
<Description>The URL of the users primary photo</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="addresses"
remediationModificationType="None" type="string">
<Description>A physical mailing address for this
User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.home.formatted"
remediationModificationType="None" type="string">
<Description>Formatted home address for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.home.streetAddress"
remediationModificationType="None" type="string">
<Description>Home Street address for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.home.locality"
remediationModificationType="None" type="string">
<Description>Home address locality address for this
User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.home.region"
remediationModificationType="None" type="string">
<Description>Home address region for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.home.postalCode"
remediationModificationType="None" type="string">
<Description>Home address postal code for this
User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.home.country"
remediationModificationType="None" type="string">
 <Description>Home address country for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.work.formatted"
remediationModificationType="None" type="string">
<Description>Formatted work address for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.work.streetAddress"
remediationModificationType="None" type="string">
<Description>Work Street address for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.work.locality"
remediationModificationType="None" type="string">
<Description>Work address locality address for this
User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.work.region"
remediationModificationType="None" type="string">
<Description>Work address region for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.work.postalCode"
remediationModificationType="None" type="string">
<Description>Work address postal code for this
User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.work.country"
remediationModificationType="None" type="string">
<Description>Work address country for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.other.formatted"
remediationModificationType="None" type="string">
<Description>Formatted other address for this
User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.other.streetAddress"
remediationModificationType="None" type="string">
<Description>Other Street address for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.other.locality"
remediationModificationType="None" type="string">
<Description>Other address locality address for this
User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.other.region"
remediationModificationType="None" type="string">
<Description>Other address region for this User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.other.postalCode"
remediationModificationType="None" type="string">
<Description>Other address postal code for this
User</Description>
</AttributeDefinition>
<AttributeDefinition name="addresses.other.country"
remediationModificationType="None" type="string">
<Description>Other address country for this User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="addresses_objects"
remediationModificationType="None" type="string">
<Description>A list of all of the users physical mailing
addresses</Description>
 </AttributeDefinition>
<AttributeDefinition name="addresses_primary"
remediationModificationType="None" type="boolean">
<Description>The users primary physical mailing
address</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>A list of groups that the user belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="groups_objects"
remediationModificationType="None" type="string">
<Description>A list of all of the users group
memberships</Description>
</AttributeDefinition>
<AttributeDefinition name="groups_primary"
remediationModificationType="None" type="boolean">
<Description>The users primary group membership</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="entitlements" remediationModificationType="None" type="string">
<Description>A list of entitlements for the User that represent
a thing the User has</Description>
</AttributeDefinition>
<AttributeDefinition managed="true"
name="entitlements.primary.value" remediationModificationType="None" type="string">
<Description>Primary entitlement for the User that represent a
thing the User has</Description>
</AttributeDefinition>
<AttributeDefinition managed="true" multi="true"
name="entitlements.secondary.value" remediationModificationType="None"
type="string">
<Description>A list of secondary entitlements for the User that
represent a thing the User has</Description>
</AttributeDefinition>
<AttributeDefinition managed="true"
name="entitlements.primary.display" remediationModificationType="None"
type="string">
<Description>Primary entitlement for the User that represent a
thing the User has</Description>
</AttributeDefinition>
<AttributeDefinition managed="true" multi="true"
name="entitlements.secondary.display" remediationModificationType="None"
type="string">
<Description>A list of secondary entitlements for the User that
represent a thing the User has</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="entitlements_objects"
remediationModificationType="None" type="string">
<Description>A list of all of the users
entitlements</Description>
</AttributeDefinition>
<AttributeDefinition name="entitlements_primary"
remediationModificationType="None" type="boolean">
<Description>The users primary entitlement</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" remediationModificationType="None" type="string">
<Description>A list of roles for the User that collectively
represent who the User is</Description>
</AttributeDefinition>
<AttributeDefinition name="roles.primary.value"
remediationModificationType="None" type="string">
<Description>Users primary role</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="roles.secondary.value"
remediationModificationType="None" type="string">
<Description>Users secondary roles</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="roles_objects"
remediationModificationType="None" type="string">
<Description>A list of all of the user's roles, including
whether it is their primary role</Description>
</AttributeDefinition>
<AttributeDefinition name="roles_primary"
remediationModificationType="None" type="boolean">
<Description>The users primary role</Description>
</AttributeDefinition>
<AttributeDefinition name="created"
remediationModificationType="None" type="string">
<Description>The Date Time details of the Resource was added to
the Service Provider</Description>
</AttributeDefinition>
<AttributeDefinition name="lastModified"
remediationModificationType="None" type="string">
<Description>The most recent Date Time details of this Resource
were updated at the Service Provider</Description>
</AttributeDefinition>
<AttributeDefinition name="location"
remediationModificationType="None" type="string">
<Description>The URL of the Resource being
returned</Description>
</AttributeDefinition>
<AttributeDefinition name="version"
remediationModificationType="None" type="string">
<Description>The version of the Resource being
returned</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="displayName"
featuresString="PROVISIONING" hierarchyAttribute="memberGroups"
identityAttribute="id" nativeObjectType="group" objectType="group">
<AttributeDefinition name="id" remediationModificationType="None"
type="string">
<Description>A unique identifier for the group</Description>
</AttributeDefinition>
<AttributeDefinition name="externalId"
remediationModificationType="None" type="string">
<Description>A String that is an identifier for the
group</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName"
remediationModificationType="None" type="string">
<Description>The name of the group</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="members"
remediationModificationType="None" type="string">
<Description>List of user's belongs to the group</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="memberGroups"
remediationModificationType="None" type="string">
<Description>A list of the sub-groups of this
group</Description>
</AttributeDefinition>
<AttributeDefinition name="created"
remediationModificationType="None" type="string">
<Description>The Date Time the group was added to the Service
Provider</Description>
</AttributeDefinition>
<AttributeDefinition name="lastModified"
remediationModificationType="None" type="string">
<Description>The most recent Date Time details of this group
were updated at the Service Provider</Description>
</AttributeDefinition>
<AttributeDefinition name="location"
remediationModificationType="None" type="string">
<Description>The URL of the Group being returned</Description>
</AttributeDefinition>
<AttributeDefinition name="version"
remediationModificationType="None" type="string">
<Description>The version of the Group being
returned</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.SAPHANAConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING, PASSWORD, ENABLE, UNLOCK"
icon="enterpriseIcon" name="SAP HANA" type="SAP HANA Database">
<Attributes>
<Map>
<entry key="encrypted" value="password"/>
<entry key="endDateOnDelete">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="formPath" value="SAPHANAAttributesForm.xhtml"/>
<entry key="useRestrictOnDrop">
<value>
<Boolean>true</Boolean>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create Account" objectType="account" type="Create">
<Attributes>
<Map>
<entry key="pageTitle" value="Create Account"/>
</Map>
</Attributes>
<Section label="Create Account" name="Section 1">
<Field
displayName="con_prov_policy_user_create_sap_hana_username"
helpKey="help_con_prov_policy_user_create_sap_hana_username" name="USER_NAME"
required="true" type="string"/>
<Field
displayName="con_prov_policy_user_create_sap_hana_userpassword"
helpKey="help_con_prov_policy_user_create_sap_hana_userpassword" name="password"
required="true" type="secret"/>
<Field
displayName="con_prov_policy_user_create_sap_hana_pwdchange"
helpKey="help_con_prov_policy_user_create_sap_hana_pwdchange"
name="FORCE_PWD_CHG_ON_NEXT_LOGON" reviewRequired="true" type="string" value="YES">
<AllowedValues>
<String>YES</String>
<String>NO</String>
</AllowedValues>
</Field>
<Field
displayName="con_prov_policy_user_create_sap_hana_restricted"
helpKey="help_con_prov_policy_user_create_sap_hana_restricted" name="IS_RESTRICTED"
reviewRequired="true" type="string" value="FALSE">
<AllowedValues>
<String>TRUE</String>
<String>FALSE</String>
</AllowedValues>
</Field>
</Section>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="USER_NAME" identityAttribute="USER_ID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="USER_ID" type="string">
<Description>ID of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="USER_NAME" type="string">
<Description>Name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="USER_MODE" type="string">
<Description>Mode of the user: 'LOCAL', 'GLOBAL',
'EXTERNAL'</Description>
</AttributeDefinition>
<AttributeDefinition name="CREATOR" type="string">
<Description>Creator of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="VALID_FROM" type="string">
<Description>Specify a date time from which the user account is
valid.</Description>
</AttributeDefinition>
<AttributeDefinition name="VALID_UNTIL" type="string">
<Description>Specify a date time until which the user account
is valid.</Description>
</AttributeDefinition>
<AttributeDefinition name="IS_RESTRICTED" type="string">
<Description>Specifies if the user is a restricted
user</Description>
</AttributeDefinition>
<AttributeDefinition name="IS_CLIENT_CONNECT_ENABLED"
type="string">
<Description>Specifies if the user is able to connect to
client</Description>
 </AttributeDefinition>
<AttributeDefinition name="HAS_REMOTE_USERS" type="string">
<Description>Specifies if there is a database user in another
tenant database as the remote identity of the database user.</Description>
</AttributeDefinition>
<AttributeDefinition name="SESSION_CLIENT" type="string">
<Description>Specifies the client whose data can be accessed by
user</Description>
</AttributeDefinition>
<AttributeDefinition name="EMAIL_ADDRESS" type="string">
<Description>Email address of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="TIME_ZONE" type="string">
<Description>Time zone of the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="AUTHENTICATION_TYPE"
type="string">
<Description>Different Authentication methods supported by
user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="SYSTEM_PRIVILEGES" type="string">
<Description>System Privileges assigned to the
user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="APPLICATION_PRIVILEGES" type="string">
<Description>Application Privileges assigned to the
user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="CATALOG_ROLES" schemaObjectType="CATALOG_ROLE" type="string">
<Description>Catalog Roles assigned to the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="REPOSITORY_ROLES" schemaObjectType="REPOSITORY_ROLE"
type="string">
<Description>Repository Roles assigned to the
user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="FORCE_PWD_CHG_ON_NEXT_LOGON" type="string">
<Description> If value is "YES", the password is set in initial
mode else it is set in permanent mode </Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="ROLE_NAME" identityAttribute="ROLE_ID"
nativeObjectType="CATALOG_ROLE" objectType="CATALOG_ROLE">
<AttributeDefinition name="ROLE_NAME" type="string">
<Description> Role name </Description>
</AttributeDefinition>
<AttributeDefinition name="ROLE_ID" type="string">
<Description> Role ID </Description>
</AttributeDefinition>
<AttributeDefinition name="ROLE_MODE" type="string">
<Description> Mode of the role: 'LOCAL' </Description>
</AttributeDefinition>
<AttributeDefinition name="GLOBAL_IDENTITY" type="string">
<Description> Identity specified for role with ROLE_MODE GLOBAL
</Description>
</AttributeDefinition>
<AttributeDefinition name="CREATOR" type="string">
<Description> Name of the user who created the role
</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="GRANTED_ROLES"
type="string">
<Description> The roles which are assigned to the current role
</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="ROLE_NAME" identityAttribute="ROLE_ID"
nativeObjectType="REPOSITORY_ROLE" objectType="REPOSITORY_ROLE">
<AttributeDefinition name="ROLE_NAME" type="string">
<Description> Role name </Description>
</AttributeDefinition>
<AttributeDefinition name="ROLE_ID" type="string">
<Description> Role ID </Description>
</AttributeDefinition>
<AttributeDefinition name="ROLE_MODE" type="string">
<Description> Mode of the role: 'LOCAL' </Description>
</AttributeDefinition>
<AttributeDefinition name="GLOBAL_IDENTITY" type="string">
<Description> Identity specified for role with ROLE_MODE GLOBAL
</Description>
</AttributeDefinition>
<AttributeDefinition name="CREATOR" type="string">
<Description> Name of the user who created the role
</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="GRANTED_ROLES"
type="string">
<Description> The roles which are assigned to the current role
</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.VMSConnector"
icon="enterpriseIcon" name="VMS Template" type="VMS">
<Attributes>
<Map>
<entry key="encrypted" value="transportUserPassword"/>
<entry key="formPath" value="vmsAttributesForm.xhtml"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="Username" identityAttribute="Username"
nativeObjectType="user" objectType="account">
<AttributeDefinition multi="true" name="Privileges"
type="string">
<Description>List of the authorized and default privileges
combined</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Authorized Privileges"
type="string">
<Description>List of Authorized Privileges</Description>
</AttributeDefinition>
 <AttributeDefinition multi="true" name="Default Privileges"
type="string">
<Description>List of Default Privileges</Description>
</AttributeDefinition>
<AttributeDefinition name="Username" type="string">
<Description>Username</Description>
</AttributeDefinition>
<AttributeDefinition name="Owner" type="string">
<Description>Owner</Description>
</AttributeDefinition>
<AttributeDefinition name="Account" type="string">
<Description>Account</Description>
</AttributeDefinition>
<AttributeDefinition name="UIC" type="string">
<Description>UIC</Description>
</AttributeDefinition>
<AttributeDefinition name="CLI" type="string">
<Description>CLI</Description>
</AttributeDefinition>
<AttributeDefinition name="Tables" type="string">
<Description>Tables</Description>
</AttributeDefinition>
<AttributeDefinition name="Default" type="string">
<Description>Default</Description>
</AttributeDefinition>
<AttributeDefinition name="Network Primary" type="string">
<Description>Primary Network</Description>
</AttributeDefinition>
<AttributeDefinition name="Batch Primary" type="string">
<Description>Primary Batch</Description>
</AttributeDefinition>
<AttributeDefinition name="Local Primary" type="string">
<Description>Primary Local</Description>
</AttributeDefinition>
<AttributeDefinition name="Dialup Primary" type="string">
<Description>Primary Dialup</Description>
</AttributeDefinition>
<AttributeDefinition name="Remote Primary" type="string">
<Description>Primary Remote</Description>
</AttributeDefinition>
<AttributeDefinition name="Network Secondary" type="string">
<Description>Secondary Network</Description>
</AttributeDefinition>
<AttributeDefinition name="Batch Secondary" type="string">
<Description>Secondary Batch</Description>
</AttributeDefinition>
<AttributeDefinition name="Local Secondary" type="string">
<Description>Secondary Local</Description>
</AttributeDefinition>
<AttributeDefinition name="Dialup Secondary" type="string">
<Description>Secondary Dialup</Description>
</AttributeDefinition>
<AttributeDefinition name="Remote Secondary" type="string">
<Description>Secondary Remote</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Flags" type="string">
<Description>List of flags</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Identifier"
type="string">
<Description>List of identifiers</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.HostAccessConnector"
icon="mainframeIcon" name="Mainframe Template" type="Mainframe">
<Schemas>
<Schema displayAttribute="NAME" identityAttribute="USER"
nativeObjectType="User" objectType="account">
<AttributeDefinition name="USER" type="string">
<Description>User ID</Description>
</AttributeDefinition>
<AttributeDefinition name="NAME" type="string">
<Description>User Name</Description>
</AttributeDefinition>
<AttributeDefinition name="DEFAULT-GROUP" type="string">
<Description>Default Group</Description>
</AttributeDefinition>
<AttributeDefinition name="OWNER" type="string">
<Description>Owner</Description>
</AttributeDefinition>
<AttributeDefinition name="SECURITY-LABEL" type="string">
<Description>Security Label</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ATTRIBUTES"
type="string">
<Description>Attributes</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="GROUP" type="string">
<Description>Groups</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OracleAppsHRMSConnector"
featuresString="PROVISIONING, MANAGER_LOOKUP, ENABLE" icon="enterpriseIcon"
name="Oracle HRMS" type="Oracle HRMS">
<Attributes>
<Map>
<entry key="aggregateOnlyOrganisationData" value="true"/>
<entry key="formPath"
value="OracleAppsHRMSAttributesForm.xhtml"/>
<entry key="useEnhancedAggregation" value="true"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="FULL_NAME" identityAttribute="PERSON_ID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="FULL_NAME" type="string">
<Description>Full name of the person</Description>
</AttributeDefinition>
<AttributeDefinition name="FIRST_NAME" type="string">
<Description>First name of the person</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_NAME" type="string">
<Description>Last name of the person</Description>
 </AttributeDefinition>
<AttributeDefinition name="MIDDLE_NAMES" type="string">
<Description>Middle name of the person</Description>
</AttributeDefinition>
<AttributeDefinition name="EMPLOYEE_NUMBER" type="string">
<Description>Employee number of the person</Description>
</AttributeDefinition>
<AttributeDefinition name="PERSON_ID" type="string">
<Description>Unique ID of the person</Description>
</AttributeDefinition>
<AttributeDefinition name="START_DATE" type="string">
<Description>Start date of the person</Description>
</AttributeDefinition>
<AttributeDefinition name="END_DATE" type="string">
<Description>End date of the person</Description>
</AttributeDefinition>
<AttributeDefinition name="GENDER" type="string">
<Description>Gender of the person</Description>
</AttributeDefinition>
<AttributeDefinition name="EMAIL_ADDRESS" type="string">
<Description>Email ID of the person</Description>
</AttributeDefinition>
<AttributeDefinition name="MARITAL_STATUS" type="string">
<Description>Marital status</Description>
</AttributeDefinition>
<AttributeDefinition name="DATE_OF_BIRTH" type="string">
<Description>Date of Birth</Description>
</AttributeDefinition>
<AttributeDefinition name="SUPERVISOR_ID" type="string">
<Description>Person ID of the supervisor</Description>
</AttributeDefinition>
<AttributeDefinition name="SUPERVISOR" type="string">
<Description>Name of supervisor/mentor/manager of an
employee</Description>
</AttributeDefinition>
<AttributeDefinition name="POSITION" type="string">
<Description>Current position or job title of an
employee</Description>
</AttributeDefinition>
<AttributeDefinition name="ORGANIZATION" type="string">
<Description>Organization name</Description>
</AttributeDefinition>
<AttributeDefinition name="PERSON_TYPE" type="string">
<Description>Type of person define for an organization. For
example, Employee, applicant</Description>
</AttributeDefinition>
<AttributeDefinition name="BUSINESS_GROUP" type="string">
<Description>Business group of an employee</Description>
</AttributeDefinition>
<AttributeDefinition name="JOB" type="string">
<Description>Job details of an employee</Description>
</AttributeDefinition>
<AttributeDefinition name="ASSIGNMENT_STATUS" type="string">
<Description>Assignment status information of an employee. For
example, Active, Suspend, Terminate, End</Description>
</AttributeDefinition>
<AttributeDefinition name="WORK_TELEPHONE" type="string">
<Description>Work telephone of an employee</Description>
</AttributeDefinition>
 <AttributeDefinition entitlement="true" managed="true"
multi="true" name="ROLE_NAME" schemaObjectType="group" type="string">
<Description>Role name of an employee</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="ROLE_NAME" identityAttribute="ROLE_NAME"
nativeObjectType="group" objectType="group">
<AttributeDefinition name="ROLE_NAME" type="string">
<Description>Role name of group</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING" icon="internetIcon" name="Dropbox" type="Dropbox">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.DropBoxConnector"/>
<entry key="encrypted" value="accesstoken"/>
<entry key="formPath" value="DropBoxAttributesForm.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Dropbox member creation" objectType="account"
type="Create">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
<value>
<DynamicValue value=""/>
</value>
</entry>
</Map>
</Attributes>
<Field displayName="con_prov_policy_db_email" filterString=""
helpKey="help_con_prov_policy_dropbox_email" name="email" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_db_fname" filterString=""
helpKey="help_con_prov_policy_dropbox_fname" name="given_name" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_db_surname" filterString=""
helpKey="help_con_prov_policy_dropbox_surname" name="surname" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_db_extid" filterString=""
helpKey="help_con_prov_policy_dropbox_extid" name="external_id"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_db_welcome_mail"
filterString="" helpKey="help_con_prov_policy_dropbox_welcome_mail"
name="send_welcome_email" reviewRequired="true" type="boolean" value="true"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="display_name" groupAttribute="groups"
identityAttribute="team_member_id" nativeObjectType="user" objectType="account">
<AttributeDefinition displayName="Member Id"
name="team_member_id" type="string">
<Description>Member ID</Description>
</AttributeDefinition>
 <AttributeDefinition name="status" type="string">
<Description>Status of the member whether
active/invited/suspended/removed </Description>
</AttributeDefinition>
<AttributeDefinition name="surname" type="string">
<Description>Member's surname.</Description>
</AttributeDefinition>
<AttributeDefinition displayName="First Name" name="given_name"
type="string">
<Description>Member's first name</Description>
</AttributeDefinition>
<AttributeDefinition name="email" type="string">
<Description>Email address of the member.</Description>
</AttributeDefinition>
<AttributeDefinition name="email_verified" type="string">
<Description>Boolean attribute describes whether user's email
is verified to be owned by the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
name="role" type="string">
<Description>Roles on the Dropbox, it can be admin or
member</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups connected to member</Description>
</AttributeDefinition>
<AttributeDefinition name="external_id" type="string">
<Description>External Id</Description>
</AttributeDefinition>
<AttributeDefinition name="familiar_name" type="string">
<Description>Locale-dependent name. In the US, a person's
familiar name is their given_name, but elsewhere,
it could be any combination of a person's given_name and
surname</Description>
</AttributeDefinition>
<AttributeDefinition name="display_name" type="string">
<Description>A name that can be used directly to represent the
name of a user's Dropbox account</Description>
</AttributeDefinition>
<AttributeDefinition name="abbreviated_name" type="string">
<Description> An abbreviated form of the person's name. Their
initials in most locales</Description>
</AttributeDefinition>
<AttributeDefinition name="account_id" type="string">
<Description>A user's dropbox account identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="joined_on " type="date">
<Description>The date and time the user joined as a member of a
specific team</Description>
</AttributeDefinition>
<AttributeDefinition name="persistent_id" type="string">
<Description>Persistent ID that a team can attach to the user.
The persistent ID is unique ID to be used for SAML authentication</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="group_name" identityAttribute="group_id"
nativeObjectType="group" objectType="group">
<AttributeDefinition displayName="Group Id" name="group_id"
type="string">
<Description>Group ID</Description>
</AttributeDefinition>
<AttributeDefinition displayName="Group external id"
name="group_external_id" type="string">
<Description>This is an arbitrary ID that an admin can attach
to a group</Description>
</AttributeDefinition>
<AttributeDefinition displayName="Group Name" name="group_name"
type="string">
<Description>Name of the group</Description>
</AttributeDefinition>
<AttributeDefinition displayName="Number of Members"
name="member_count" type="int">
<Description>Total count of the members connected to the
group</Description>
</AttributeDefinition>
<AttributeDefinition displayName="Group Members" multi="true"
name="members" type="string">
<Description>List of group member</Description>
</AttributeDefinition>
<AttributeDefinition displayName="Group Owner" multi="true"
name="group owners" type="string">
<Description>List of group owners</Description>
</AttributeDefinition>
<AttributeDefinition displayName="Group management type"
name="group_management_type" type="string">
<Description>The group type determines how a group is managed
i.e. user_managed/company_managed</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.SAPGRCConnector"
featuresString="NO_AGGREGATION, NO_RANDOM_ACCESS" icon="internetIcon" name="SAP
GRC" profileClass="" type="SAP GRC">
<Attributes>
<Map>
<entry key="connectorClass"
value="sailpoint.connector.SAPGRCConnector"/>
<entry key="encrypted" value="grc_password"/>
<entry key="formPath" value="SAPGRCAttributesForm.xhtml"/>
<entry key="grc_mitigation_search_keyword" value="Mitigation
Control"/>
</Map>
</Attributes>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, ENABLE, SEARCH,
NO_PERMISSIONS_PROVISIONING, DIRECT_PERMISSIONS, PASSWORD" icon="internetIcon"
name="AWS" type="AWS">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.aws.AWSConnectorSDK"/>
<entry key="encrypted" value="secret"/>
<entry key="formPath" value="AWSForm.xhtml"/>
<entry key="pageSize" value="100"/>
</Map>
 </Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_AWS_UserName"
helpKey="help_con_form_AWS_UserName" name="UserName" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_AWS_AccountId"
filterString="type == &quot;AWSAccount&quot;" helpKey="help_con_form_AWS_AccountId"
name="AccountId" required="true" section="" type="ManagedAttribute"/>
<Field displayName="con_prov_policy_AWS_password"
helpKey="help_con_form_AWS_password" name="password" postBack="true"
reviewRequired="true" type="secret"/>
<Field displayName="con_prov_policy_AWS_PasswordResetRequired"
dynamic="true" helpKey="help_con_form_AWS_PasswordResetRequired"
name="PasswordResetRequired" reviewRequired="true" type="boolean" value="true">
<Attributes>
<Map>
<entry key="hidden">
<value>
<Script>
<Source>
if (password == null) {
return true;
}
</Source>
</Script>
</value>
</entry>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_AccessKey"
helpKey="help_con_form_AWS_AccessKey" name="AccessKey" reviewRequired="true"
type="boolean">
<ValidationScript>
<Source>
if ((null == password) &amp;&amp; (null == value)) {
return "Either password or programmatic access is
mandatory.";
}
</Source>
</ValidationScript>
</Field>
<Field displayName="con_prov_policy_AWS_Path"
helpKey="help_con_form_AWS_Path" name="Path" reviewRequired="true" section=""
type="string"/>
</Form>
<Form name="EnableAccount" objectType="account" type="Enable">
<Field displayName="con_prov_policy_AWS_password"
helpKey="help_con_form_AWS_password" name="password" reviewRequired="true"
type="secret"/>
<Field displayName="con_prov_policy_AWS_Enable_AccessKeys"
helpKey="help_con_form_AWS_Enable_AccessKeys" name="EnableAccessKeys"
reviewRequired="true" type="boolean"/>
<Field displayName="con_prov_policy_AWS_Enable_SSHKeys"
helpKey="help_con_form_AWS_Enable_SSHKeys" name="EnableSSHKeys"
reviewRequired="true" type="boolean"/>
<Field displayName="con_prov_policy_AWS_Enable_HTTPSCredentials"
helpKey="help_con_form_AWS_Enable_HTTPSCredentials" name="EnableHTTPSCredentials"
reviewRequired="true" type="boolean"/>
</Form>
<Form name="CustomerManagedPolicy"
objectType="CustomerManagedPolicy" type="Create">
<Field displayName="con_prov_policy_AWS_Policy_Name"
helpKey="help_con_form_AWS_Policy_Name" name="PolicyName" required="true"
type="string"/>
<Field displayName="con_prov_policy_AWS_AccountId"
filterString="type == &quot;AWSAccount&quot;"
helpKey="help_con_form_AWS_Policy_AccountId" name="AccountId" required="true"
section="" type="ManagedAttribute"/>
<Field displayName="con_prov_policy_AWS_Policy_Description"
helpKey="help_con_form_AWS_Policy_Description" name="Description"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_AWS_Policy_Document"
helpKey="help_con_form_AWS_Policy_Document" name="PolicyJSON" required="true"
type="string"/>
<Field displayName="con_prov_policy_AWS_Policy_Path"
helpKey="help_con_form_AWS_Policy_Path" name="Path" reviewRequired="true"
type="string"/>
</Form>
<Form name="group" objectType="group" type="Create">
<Field displayName="con_prov_policy_AWS_GroupName"
helpKey="help_con_form_AWS_GroupName" name="GroupName" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_AWS_AccountId"
filterString="type == &quot;AWSAccount&quot;"
helpKey="help_con_form_AWS_Group_AccountId" name="AccountId" required="true"
section="" type="ManagedAttribute"/>
<Field displayName="con_prov_policy_AWS_Group_Path"
helpKey="help_con_form_AWS_Group_Path" name="Path" reviewRequired="true"
type="string"/>
</Form>
<Form name="UpdateGroup" objectType="group" type="Update">
<Field displayName="con_prov_policy_AWS_GroupName"
helpKey="help_con_form_AWS_GroupName" name="GroupName" section="" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_GroupId"
helpKey="help_con_form_AWS_GroupId" name="GroupId" section="" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_Group_Path"
helpKey="help_con_form_AWS_Group_Path" name="Path" reviewRequired="true"
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
 <Field displayName="con_prov_policy_AWS_Group_ARN"
helpKey="help_con_form_AWS_Group_ARN" name="ARN" reviewRequired="true"
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_Group_CreateDate"
helpKey="help_con_form_AWS_Group_CreateDate" name="CreateDate"
reviewRequired="true" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_AWSManagedPolicies"
filterString="type == &quot;AWSManagedPolicy&quot;"
helpKey="help_con_form_AWS_AWSManagedPolicies" multi="true"
name="AWSManagedPolicies" type="ManagedAttribute"/>
<Field displayName="con_prov_policy_AWS_CustomerManagedPolicies"
filterString="type == &quot;CustomerManagedPolicy&quot;"
helpKey="help_con_form_AWS_CustomeManagedPolicies" multi="true"
name="CustomerManagedPolicies" type="ManagedAttribute"/>
<Field displayName="con_prov_policy_AWS_InlinePolicies"
filterString="type == &quot;InlinePolicy&quot;"
helpKey="help_con_form_AWS_InlinePolicies" multi="true" name="InlinePolicies"
type="ManagedAttribute">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
</Form>
<Form name="UpdateRole" objectType="Role" type="Update">
<Field displayName="con_prov_policy_AWS_RoleName"
helpKey="help_con_form_AWS_RoleName" name="RoleName" section="" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_RoleId"
helpKey="help_con_form_AWS_RoleId" name="RoleId" section="" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_Role_Path"
helpKey="help_con_form_AWS_Role_Path" name="Path" reviewRequired="true"
type="string">
<Attributes>
<Map>
 <entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_Role_ARN"
helpKey="help_con_form_AWS_Role_ARN" name="ARN" reviewRequired="true"
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_Role_CreateDate"
helpKey="help_con_form_AWS_Role_CreateDate" name="CreateDate" reviewRequired="true"
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_Role_MaxSessionDuration"
helpKey="help_con_form_AWS_Role_MaxSessionDuration" name="MaxSessionDuration"
reviewRequired="true" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_Role_Trust_Policy_JSON"
helpKey="help_con_form_AWS_Role_Trust_Policy_JSON" name="TrustPolicyJSON"
reviewRequired="true" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_AWS_AWSManagedPolicies"
filterString="type == &quot;AWSManagedPolicy&quot;"
helpKey="help_con_form_AWS_AWSManagedPolicies" multi="true"
name="AWSManagedPolicies" type="ManagedAttribute"/>
<Field displayName="con_prov_policy_AWS_CustomerManagedPolicies"
filterString="type == &quot;CustomerManagedPolicy&quot;"
helpKey="help_con_form_AWS_CustomeManagedPolicies" multi="true"
name="CustomerManagedPolicies" type="ManagedAttribute"/>
<Field displayName="con_prov_policy_AWS_InlinePolicies"
filterString="type == &quot;InlinePolicy&quot;"
helpKey="help_con_form_AWS_InlinePolicies" multi="true" name="InlinePolicies"
type="ManagedAttribute">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
</Form>
 </ProvisioningForms>
<Schemas>
<Schema displayAttribute="UserName" identityAttribute="ARN"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="UserName"
remediationModificationType="None" required="true" type="string">
<Description>The friendly name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="UserId"
remediationModificationType="None" required="true" type="string">
<Description>The unique ID of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Path"
remediationModificationType="None" required="true" type="string">
<Description>Path to the user</Description>
</AttributeDefinition>
<AttributeDefinition name="ARN"
remediationModificationType="None" required="true" type="string">
<Description>Amazon Resource Name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="CreateDate"
remediationModificationType="None" required="true" type="string">
<Description>Creation date of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="ConsoleAccess"
remediationModificationType="None" required="true" type="string">
<Description>Password status of the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Groups" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Groups the user is a part of</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="AWSManagedPolicies" remediationModificationType="None"
schemaObjectType="AWSManagedPolicy" type="string">
<Description>AWS Managed Policies directly assigned to the
user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="CustomerManagedPolicies" remediationModificationType="None"
schemaObjectType="CustomerManagedPolicy" type="string">
<Description>Customer Managed Policies directly assigned to the
user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="InlinePolicies" remediationModificationType="None"
schemaObjectType="InlinePolicy" type="string">
<Description>Inline Policies directly assigned to the
user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Access Keys"
remediationModificationType="None" required="true" type="string">
<Description>Access keys associated with the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="AWS CodeCommit HTTPS
Credentials" remediationModificationType="None" required="true" type="string">
<Description>AWS CodeCommit HTTPS Git credentials associated
with the user</Description>
 </AttributeDefinition>
<AttributeDefinition multi="true" name="AWS CodeCommit SSH Keys"
remediationModificationType="None" required="true" type="string">
<Description>AWS CodeCommit SSH public keys associated with the
user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Signing Certificates"
remediationModificationType="None" required="true" type="string">
<Description>Signing Certificates associated with the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="Multi-Factor Authentication Device"
remediationModificationType="None" required="true" type="string">
<Description>Multi-Factor Authentication device associated with
the user</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordLastUsed"
remediationModificationType="None" required="true" type="string">
<Description>Password last used date of the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="AccessKeyLastUsed"
remediationModificationType="None" required="true" type="string">
<Description>Access key last used details of the user
</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="GroupName" featuresString="PROVISIONING,
NO_GROUP_PERMISSIONS_PROVISIONING" identityAttribute="ARN" nativeObjectType="group"
objectType="group">
<AttributeDefinition name="GroupName"
remediationModificationType="None" required="true" type="string">
<Description>The friendly name of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="GroupId"
remediationModificationType="None" required="true" type="string">
<Description>The unique ID of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="Path"
remediationModificationType="None" required="true" type="string">
<Description>Path to the group</Description>
</AttributeDefinition>
<AttributeDefinition name="ARN"
remediationModificationType="None" required="true" type="string">
<Description>Amazon Resource Name of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="CreateDate"
remediationModificationType="None" required="true" type="string">
<Description>Creation date of the group</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="AWSManagedPolicies" remediationModificationType="None"
schemaObjectType="AWSManagedPolicy" type="string">
<Description>AWS Managed Policies directly assigned to the
group</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="CustomerManagedPolicies" remediationModificationType="None"
schemaObjectType="CustomerManagedPolicy" type="string">
<Description>Customer Managed Policies directly assigned to the
group</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="InlinePolicies" remediationModificationType="None"
schemaObjectType="InlinePolicy" type="string">
<Description>Inline Policies directly assigned to the
group</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="PolicyName"
featuresString="NO_GROUP_PERMISSIONS_PROVISIONING" identityAttribute="ARN"
nativeObjectType="AWSManagedPolicy" objectType="AWSManagedPolicy">
<AttributeDefinition name="PolicyName"
remediationModificationType="None" type="string">
<Description>The friendly name of the AWS managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="PolicyId"
remediationModificationType="None" type="string">
<Description>The unique ID of the AWS managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="Description"
remediationModificationType="None" type="string">
<Description>A friendly description of the AWS managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="ARN"
remediationModificationType="None" type="string">
<Description>Amazon Resource Name of the AWS managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="Path"
remediationModificationType="None" type="string">
<Description>The path to the AWS managed policy</Description>
</AttributeDefinition>
<AttributeDefinition name="CreateDate"
remediationModificationType="None" type="string">
<Description>The creation date of the AWS managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="UpdateDate"
remediationModificationType="None" type="string">
<Description>The last update date of the AWS managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="DefaultVersionId"
remediationModificationType="None" type="string">
<Description>The currently enabled version ID of the AWS
managed policy</Description>
</AttributeDefinition>
<AttributeDefinition name="PolicyJSON"
remediationModificationType="None" type="string">
<Description>The JSON document for the AWS managed
policy</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="PolicyName"
featuresString="PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING"
identityAttribute="ARN" nativeObjectType="CustomerManagedPolicy"
objectType="CustomerManagedPolicy">
<AttributeDefinition name="PolicyName"
remediationModificationType="None" type="string">
<Description>The friendly name of the customer managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="PolicyId"
remediationModificationType="None" type="string">
<Description>The unique ID of the customer managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="Description"
remediationModificationType="None" type="string">
<Description>A friendly description of the customer managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="CreateDate"
remediationModificationType="None" type="string">
<Description>The creation date of the customer managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="UpdateDate"
remediationModificationType="None" type="string">
<Description>The last update date of the customer managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="ARN"
remediationModificationType="None" type="string">
<Description>Amazon Resource Name of the customer managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="Path"
remediationModificationType="None" type="string">
<Description>The path to the customer managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition name="DefaultVersionId"
remediationModificationType="None" type="string">
<Description>The currently enabled version ID of the customer
managed policy</Description>
</AttributeDefinition>
<AttributeDefinition name="PolicyJSON"
remediationModificationType="None" type="string">
<Description>The JSON document for the customer managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="PolicyGroups" remediationModificationType="None" schemaObjectType="group"
type="string">
<Description>Groups attached to the customer managed
policy</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="PolicyRoles" remediationModificationType="None" schemaObjectType="Role"
type="string">
<Description>Roles attached to the customer managed
policy</Description>
</AttributeDefinition>
 </Schema>
<Schema displayAttribute="Name"
featuresString="NO_GROUP_PERMISSIONS_PROVISIONING" identityAttribute="Id"
nativeObjectType="InlinePolicy" objectType="InlinePolicy">
<AttributeDefinition name="Name"
remediationModificationType="None" type="string">
<Description>The friendly name of the policy</Description>
</AttributeDefinition>
<AttributeDefinition name="Id" remediationModificationType="None"
type="string">
<Description>The unique ID of the policy</Description>
</AttributeDefinition>
<AttributeDefinition name="PolicyJSON"
remediationModificationType="None" type="string">
<Description>The JSON document for the policy</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="RoleName"
featuresString="PROVISIONING, NO_GROUP_PERMISSIONS_PROVISIONING"
identityAttribute="ARN" instanceAttribute="" nativeObjectType="Role"
objectType="Role" permissionsRemediationModificationType="None">
<AttributeDefinition name="RoleName"
remediationModificationType="None" required="true" type="string">
<Description>The friendly name of the role</Description>
</AttributeDefinition>
<AttributeDefinition name="RoleId"
remediationModificationType="None" required="true" type="string">
<Description>The unique ID of the role</Description>
</AttributeDefinition>
<AttributeDefinition name="Path"
remediationModificationType="None" required="true" type="string">
<Description>Path to the Role</Description>
</AttributeDefinition>
<AttributeDefinition name="ARN"
remediationModificationType="None" required="true" type="string">
<Description>Amazon Resource Name of the role</Description>
</AttributeDefinition>
<AttributeDefinition name="Description"
remediationModificationType="None" required="true" type="string">
<Description>Role Description</Description>
</AttributeDefinition>
<AttributeDefinition name="CreateDate"
remediationModificationType="None" required="true" type="string">
<Description>Creation date of the role</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="AWSManagedPolicies" remediationModificationType="None"
schemaObjectType="AWSManagedPolicy" type="string">
<Description>AWS Managed Policies directly assigned to the
role</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="CustomerManagedPolicies" remediationModificationType="None"
schemaObjectType="CustomerManagedPolicy" type="string">
<Description>Customer Managed Policies directly assigned to the
role</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="InlinePolicies" remediationModificationType="None"
schemaObjectType="InlinePolicy" type="string">
<Description>Inline Policies directly assigned to the
role</Description>
</AttributeDefinition>
<AttributeDefinition name="TrustPolicyJSON"
remediationModificationType="None" required="true" type="string">
<Description>Trust Relationship Policy JSON</Description>
</AttributeDefinition>
<AttributeDefinition name="MaxSessionDuration"
remediationModificationType="None" required="true" type="string">
<Description>Maximum CLI/API session duration</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="SCPName"
featuresString="NO_GROUP_PERMISSIONS_PROVISIONING" identityAttribute="ARN"
nativeObjectType="SCP" objectType="SCP">
<AttributeDefinition name="SCPName"
remediationModificationType="None" type="string">
<Description>The friendly name of the Service Control
Policy</Description>
</AttributeDefinition>
<AttributeDefinition name="SCPId"
remediationModificationType="None" type="string">
<Description>The unique ID of the Service Control
Policy</Description>
</AttributeDefinition>
<AttributeDefinition name="ARN"
remediationModificationType="None" type="string">
<Description>Amazon Resource Name of the Service Control
Policy</Description>
</AttributeDefinition>
<AttributeDefinition name="Description"
remediationModificationType="None" type="string">
<Description>A friendly description of the Service Control
Policy</Description>
</AttributeDefinition>
<AttributeDefinition name="AWSManaged"
remediationModificationType="None" type="string">
<Description>A boolean value that indicates whether the Service
Control Policy is an AWS managed policy</Description>
</AttributeDefinition>
<AttributeDefinition name="PolicyJSON"
remediationModificationType="None" required="true" type="string">
<Description>The JSON document for the Service Control
Policy</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="AWSAccountName"
identityAttribute="ARN" nativeObjectType="AWSAccount" objectType="AWSAccount">
<AttributeDefinition name="AWSAccountName" type="string">
<Description>The friendly name of the AWS
account.</Description>
</AttributeDefinition>
<AttributeDefinition name="AWSAccountId" type="string">
<Description>The unique ID of the AWS account.</Description>
</AttributeDefinition>
<AttributeDefinition name="ARN" type="string">
<Description>Amazon Resource Name of the AWS
account.</Description>
 </AttributeDefinition>
<AttributeDefinition name="Email" type="string">
<Description>The email address associated with the AWS
account.</Description>
</AttributeDefinition>
<AttributeDefinition name="Status" type="string">
<Description>The status of the AWS account in the
organization.</Description>
</AttributeDefinition>
<AttributeDefinition name="JoinedMethod" type="string">
<Description>The method by which the AWS account joined the
organization.</Description>
</AttributeDefinition>
<AttributeDefinition name="JoinedTimestamp" type="string">
<Description>The date the AWS account became a part of the
organization.</Description>
</AttributeDefinition>
<AttributeDefinition name="OrganizationUnit"
schemaObjectType="OrganizationUnit" type="string">
<Description>Organization unit holding the AWS
Account</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="OUName"
hierarchyAttribute="Parent" identityAttribute="ARN"
nativeObjectType="OrganizationUnit" objectType="OrganizationUnit">
<AttributeDefinition name="OUName" type="string">
<Description>The friendly name of the Organization
Unit</Description>
</AttributeDefinition>
<AttributeDefinition name="OUId" type="string">
<Description>The unique ID of the Organization
Unit</Description>
</AttributeDefinition>
<AttributeDefinition name="ARN" type="string">
<Description>Amazon Resource Name of the Organization
Unit</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="ServiceControlPolicies" schemaObjectType="SCP" type="string">
<Description>Service Control Policies attached to the
Organization Unit</Description>
</AttributeDefinition>
<AttributeDefinition name="Parent"
schemaObjectType="OrganizationUnit" type="string">
<Description>Parent Organization Unit</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="AWSAccounts" schemaObjectType="AWSAccount" type="string">
<Description>AWS Accounts attached to the Organization
Unit</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.SAPPortalSOAPConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING, PASSWORD, ENABLE, SEARCH,
AUTHENTICATE" icon="enterpriseIcon" name="SAP Portal - UMWebService Template"
type="SAP Portal - UMWebService">
 <Attributes>
<Map>
<entry key="formPath" value="SAPPortalSOAPAttributesForm.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create User" objectType="account" type="Create">
<Field
displayName="con_prov_policy_user_create_sapep_unique_name"
helpKey="help_con_prov_policy_user_create_sapep_unique_name" name="uniqueName"
required="true" reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_password"
helpKey="help_con_prov_policy_user_create_sapep_password" name="password"
required="true" reviewRequired="true" type="secret"/>
<Field displayName="con_prov_policy_user_create_sapep_firstname"
helpKey="help_con_prov_policy_user_create_sapep_firstname" name="firstName"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_lastname"
helpKey="help_con_prov_policy_user_create_sapep_lastname" name="lastName"
required="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_dispname"
helpKey="help_con_prov_policy_user_create_sapep_dispname" name="displayName"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_title"
helpKey="help_con_prov_policy_user_create_sapep_title" name="title"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_department"
helpKey="help_con_prov_policy_user_create_sapep_department" name="department"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_salutation"
helpKey="help_con_prov_policy_user_create_sapep_salutaion" name="salutation"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_jotitle"
helpKey="help_con_prov_policy_user_create_sapep_jobtitle" name="jobTitle"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_email"
helpKey="help_con_prov_policy_user_create_sapep_email" name="email"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_street"
helpKey="help_con_prov_policy_user_create_sapep_street" name="street"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_city"
helpKey="help_con_prov_policy_user_create_sapep_city" name="city"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_state"
helpKey="help_con_prov_policy_user_create_sapep_state" name="state"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_country"
helpKey="help_con_prov_policy_user_create_sapep_country" name="country"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_zip"
helpKey="help_con_prov_policy_user_create_sapep_zip" name="zip"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_fax"
helpKey="help_con_prov_policy_user_create_sapep_fax" name="fax"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_user_create_sapep_telephone"
helpKey="help_con_prov_policy_user_create_sapep_telephone" name="telePhone"
reviewRequired="true" type="string"/>
 <Field displayName="con_prov_policy_user_create_sapep_cellphone"
helpKey="Enter cellPhone for user" name="cellPhone" reviewRequired="true"
type="string"/>
<Field defaultValue="default"
displayName="con_prov_policy_user_create_sapep_security_type"
helpKey="help_con_prov_policy_user_create_sapep_security_type" name="securityType"
reviewRequired="true" type="string">
<AllowedValues>
<String>technical</String>
<String>default</String>
</AllowedValues>
</Field>
<Field defaultValue="OPEN"
displayName="con_prov_policy_user_create_sapep_lock_status"
helpKey="help_con_prov_policy_user_create_sapep_lock_status" name="lockStatus"
reviewRequired="true" type="string">
<AllowedValues>
<String>OPEN</String>
<String>LOCKED</String>
</AllowedValues>
</Field>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Field displayName="con_prov_policy_grp_crt_sapep_rolename"
helpKey="help_con_prov_policy_grp_crt_sapep_rolename" name="uniqueName"
required="true" type="string"/>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field displayName="con_prov_policy_grp_update_sapep_desc"
helpKey="help_con_prov_policy_grp_update_sapep_desc" name="description"
reviewRequired="true" type="string"/>
<Field
displayName="con_prov_policy_grp_update_sapep_user_members"
helpKey="help_con_prov_policy_grp_update_sapep_user_members" multi="true"
name="userMembers" reviewRequired="true" type="string"/>
<Field
displayName="con_prov_policy_grp_update_sapep_group_members"
helpKey="help_con_prov_policy_grp_update_sapep_group_members" multi="true"
name="groupMembers" reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="uniqueName"
identityAttribute="uniqueName" nativeObjectType="User" objectType="account">
<AttributeDefinition name="firstName"
remediationModificationType="None" type="string">
<Description>User first name</Description>
</AttributeDefinition>
<AttributeDefinition name="lastName"
remediationModificationType="None" type="string">
<Description>User last name</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName"
remediationModificationType="None" type="string">
<Description>User display name</Description>
</AttributeDefinition>
<AttributeDefinition name="company"
remediationModificationType="None" type="string">
<Description>User company name</Description>
 </AttributeDefinition>
<AttributeDefinition name="title"
remediationModificationType="None" type="string">
<Description>User title</Description>
</AttributeDefinition>
<AttributeDefinition name="uniqueName"
remediationModificationType="None" type="string">
<Description>User unique name</Description>
</AttributeDefinition>
<AttributeDefinition name="uniqueId"
remediationModificationType="None" type="string">
<Description>User unique identification</Description>
</AttributeDefinition>
<AttributeDefinition name="email"
remediationModificationType="None" type="string">
<Description>User email address.</Description>
</AttributeDefinition>
<AttributeDefinition name="street"
remediationModificationType="None" type="string">
<Description>Street name</Description>
</AttributeDefinition>
<AttributeDefinition name="city"
remediationModificationType="None" type="string">
<Description>City name</Description>
</AttributeDefinition>
<AttributeDefinition name="state"
remediationModificationType="None" type="string">
<Description>State name</Description>
</AttributeDefinition>
<AttributeDefinition name="country"
remediationModificationType="None" type="string">
<Description>Country</Description>
</AttributeDefinition>
<AttributeDefinition name="zip"
remediationModificationType="None" type="string">
<Description>Zip code</Description>
</AttributeDefinition>
<AttributeDefinition name="fax"
remediationModificationType="None" type="string">
<Description>Fax</Description>
</AttributeDefinition>
<AttributeDefinition name="telePhone"
remediationModificationType="None" type="string">
<Description>Telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="cellPhone"
remediationModificationType="None" type="string">
<Description>Cell phone number</Description>
</AttributeDefinition>
<AttributeDefinition name="department"
remediationModificationType="None" type="string">
<Description>User department assigned</Description>
</AttributeDefinition>
<AttributeDefinition name="salutation"
remediationModificationType="None" type="string">
<Description>Salutation</Description>
</AttributeDefinition>
<AttributeDefinition name="jobTitle"
remediationModificationType="None" type="string">
 <Description>Job Title</Description>
</AttributeDefinition>
<AttributeDefinition name="timeZone"
remediationModificationType="None" type="string">
<Description>Timezone of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="validFrom"
remediationModificationType="None" type="string">
<Description>Valid From date</Description>
</AttributeDefinition>
<AttributeDefinition name="validTo"
remediationModificationType="None" type="string">
<Description>Valid to date</Description>
</AttributeDefinition>
<AttributeDefinition name="language"
remediationModificationType="None" type="string">
<Description>Language of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="securityType"
remediationModificationType="None" type="string">
<Description>User security type</Description>
</AttributeDefinition>
<AttributeDefinition name="lockStatus"
remediationModificationType="None" type="string">
<Description>User is locked or open</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>User Roles</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" remediationModificationType="None" type="string">
<Description>User groups</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description"
displayAttribute="displayName" featuresString="PROVISIONING"
identityAttribute="uniqueName" nativeObjectType="Role" objectType="group">
<AttributeDefinition name="displayName"
remediationModificationType="None" type="string">
<Description>Display name of the role</Description>
</AttributeDefinition>
<AttributeDefinition name="uniqueName"
remediationModificationType="None" type="string">
<Description>Unique name</Description>
</AttributeDefinition>
<AttributeDefinition name="uniqueId"
remediationModificationType="None" type="string">
<Description>Unique Identification</Description>
</AttributeDefinition>
<AttributeDefinition name="description"
remediationModificationType="None" type="string">
<Description>Description of the role</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="userMembers"
remediationModificationType="None" type="string">
<Description>Users associated to the role</Description>
</AttributeDefinition>
 <AttributeDefinition multi="true" name="groupMembers"
remediationModificationType="None" type="string">
<Description>Groups associated to the role</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, UNLOCK, ENABLE, SEARCH, PASSWORD"
icon="internetIcon" name="Duo" type="Duo">
<Attributes>
<Map>
<entry key="adminUsersUri" value="/admin/v1/admins"/>
<entry key="connectorClass"
value="openconnector.connector.Duo.DuoConnector"/>
<entry key="encrypted" value="authPassword"/>
<entry key="enrollUserUri" value="/admin/v1/users/enroll"/>
<entry key="formPath" value="DuoAttributesForm.xhtml"/>
<entry key="groupUri" value="/admin/v1/groups"/>
<entry key="groups" value="group_id"/>
<entry key="phoneUri" value="/admin/v1/phones"/>
<entry key="phones" value="number"/>
<entry key="tokens" value="token_id"/>
<entry key="usersUri" value="/admin/v1/users"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_duo_user_type"
helpKey="help_con_prov_policy_duo_user_type" name="user_type" postBack="true"
required="true" reviewRequired="true" section="create" type="string" value="User">
<AllowedValuesDefinition>
<Value>
<List>
<String>User</String>
<String>Administrator</String>
</List>
</Value>
</AllowedValuesDefinition>
<Attributes>
<Map>
<entry key="hidden">
<value>
<Script>
<Source>
if ("User".equalsIgnoreCase(field.getValue())) {
if ( form.getSection("create") != null &amp;&amp;
form.getSection("create").getFields() != null ) {
for (Object field :
form.getSection("create").getFields()) {
String name = field.getName();
if (name != null &amp;&amp;
name.indexOf(":") > 0 ) {
String[] nameKeys = name.split(":");
if (nameKeys.length > 1 &amp;&amp;

("username".equalsIgnoreCase(nameKeys[2]))){
field.setRequired(true);
}
 if (nameKeys.length > 1 &amp;&amp;

("name".equalsIgnoreCase(nameKeys[2])
||
"phone".equalsIgnoreCase(nameKeys[2]) || "password".equalsIgnoreCase(nameKeys[2])
|| "role".equalsIgnoreCase(nameKeys[2]))){
field.setHidden(true);
}
}
}
}
} else {
if ( form.getSection("create") != null
&amp;&amp; form.getSection("create").getFields() != null ) {
for (Object field :
form.getSection("create").getFields()) {
String name = field.getName();
if (name != null &amp;&amp;
name.indexOf(":") > 0 ) {
String[] nameKeys = name.split(":");
if (nameKeys.length > 1 &amp;&amp;

("username".equalsIgnoreCase(nameKeys[2])
||
"phones".equalsIgnoreCase(nameKeys[2]))){
field.setHidden(true);
}
if (nameKeys.length > 1 &amp;&amp;

("name".equalsIgnoreCase(nameKeys[2])
||
"phone".equalsIgnoreCase(nameKeys[2]) || "password".equalsIgnoreCase(nameKeys[2])))
{
field.setRequired(true);
}
}
}
}
}

return false;
</Source>
</Script>
</value>
</entry>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_duo_user_name"
helpKey="help_con_prov_policy_duo_user_name" name="username" reviewRequired="true"
section="create" type="string"/>
<Field displayName="con_prov_policy_duo_email"
helpKey="help_con_prov_policy_duo_email" name="email" required="true"
section="create" type="string"/>
<Field displayName="con_prov_policy_duo_real_name"
helpKey="help_con_prov_policy_duo_real_name" name="realname" section="create"
type="string"/>
<Field displayName="con_prov_policy_duo_phone"
helpKey="help_con_prov_policy_duo_phone" multi="true" name="phones"
reviewRequired="true" section="create" type="string">
<ValidationScript>
<Source>
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.ArrayList;
import java.util.List;
List errors = null;
String regex = "(?:\\+?(\\d{1,3}))?[-. (]*(\\d{3})[-. )]*(\\d{3})
[-. ]*(\\d{4})";
Pattern pattern = Pattern.compile(regex);
if (phones != null) {
for (String phone: phones) {
if (phone != null) {
Matcher matcher = pattern.matcher(phone);
if (!matcher.matches()) {
if (errors == null) {
errors = new ArrayList();
}
errors.add(phone + " is not a valid format of phone
number");
}
}
}
}
return errors;
</Source>
</ValidationScript>
</Field>
<Field displayName="con_prov_policy_duo_administrator_name"
helpKey="help_con_prov_policy_duo_administrator_name" name="name"
reviewRequired="true" section="create" type="string"/>
<Field displayName="con_prov_policy_duo_administrator_password"
helpKey="help_con_prov_policy_duo_administrator_password" name="password"
reviewRequired="true" section="create" type="secret"/>
<Field displayName="con_prov_policy_duo_administrator_phone"
helpKey="help_con_prov_policy_duo_administrator_phone" name="phone"
reviewRequired="true" section="create" type="string">
<ValidationScript>
<Source>
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.ArrayList;
import java.util.List;
List errors = null;
String regex = "(?:\\+?(\\d{1,3}))?[-. (]*(\\d{3})[-. )]*(\\d{3})
[-. ]*(\\d{4})";
Pattern pattern = Pattern.compile(regex);
if (phones != null) {
for (String phone: phones) {
if (phone != null) {
Matcher matcher = pattern.matcher(phone);
if (!matcher.matches()) {
if (errors == null) {
errors = new ArrayList();
}
errors.add(phone + " is not a valid format of phone
number");
}
 }
}
}
return errors;
</Source>
</ValidationScript>
</Field>
<Field displayName="con_prov_policy_duo_administrator_role"
helpKey="help_con_prov_policy_duo_role" name="role" reviewRequired="true"
section="create" type="string">
<AllowedValuesDefinition>
<Value>
<List>
<String>Owner</String>
<String>Administrator</String>
<String>Application Manager</String>
<String>User Manager</String>
<String>Help Desk</String>
<String>Billing</String>
<String>Phishing Manager</String>
<String>Read-only</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
</Form>
<Form name="Enable Account" objectType="account" type="Enable">
<Field filterString="" name="status" required="true"
reviewRequired="true" type="string">
<AllowedValuesDefinition>
<Value>
<List>
<String>active</String>
<String>bypass</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field filterString="" name="enableStatus" type="string">
<Attributes>
<Map>
<entry key="hidden" value="true"/>
</Map>
</Attributes>
<Script>
<Source>ref:status</Source>
</Script>
</Field>
</Form>
<Form name="Unlock Account" objectType="account" type="Unlock">
<Field filterString="" name="status" required="true"
reviewRequired="true" type="string">
<AllowedValuesDefinition>
<Value>
<List>
<String>active</String>
<String>bypass</String>
</List>
</Value>
 </AllowedValuesDefinition>
</Field>
<Field filterString="" name="enableStatus" type="string">
<Attributes>
<Map>
<entry key="hidden" value="true"/>
</Map>
</Attributes>
<Script>
<Source>ref:status</Source>
</Script>
</Field>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="username" identityAttribute="user_id"
instanceAttribute="" nativeObjectType="account" objectType="account">
<AttributeDefinition name="username" type="string">
<Description>User Name</Description>
</AttributeDefinition>
<AttributeDefinition name="status"
remediationModificationType="None" type="string">
<Description>User Status</Description>
</AttributeDefinition>
<AttributeDefinition name="email" type="string">
<Description>Email ID </Description>
</AttributeDefinition>
<AttributeDefinition name="user_id" type="string">
<Description>User ID </Description>
</AttributeDefinition>
<AttributeDefinition name="realname" type="string">
<Description>Real Name </Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="notes" type="string">
<Description>Notes </Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Name of Groups to which the user is connected
to</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="phones" type="string">
<Description>Phone numbers of User Account</Description>
</AttributeDefinition>
<AttributeDefinition name="last_login" type="string">
<Description>Last login time of User Account</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="tokens" type="string">
<Description>Token for the User Account</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="desktoptokens"
type="string">
<Description>Desktop tokens for the User Account</Description>
</AttributeDefinition>
<AttributeDefinition name="role" type="string">
<Description>Administrator role</Description>
</AttributeDefinition>
<AttributeDefinition name="user_type" type="string">
 <Description>Type of user</Description>
</AttributeDefinition>
<AttributeDefinition name="restricted_by_admin_units"
type="boolean">
<Description>Administrator account restricted by an
administrative unit assignment</Description>
</AttributeDefinition>
<AttributeDefinition name="alias1" type="string">
<Description>Username Alias 1</Description>
</AttributeDefinition>
<AttributeDefinition name="alias2" type="string">
<Description>Username Alias 2</Description>
</AttributeDefinition>
<AttributeDefinition name="alias3" type="string">
<Description>Username Alias 3</Description>
</AttributeDefinition>
<AttributeDefinition name="alias4" type="string">
<Description>Username Alias 4</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="desc" displayAttribute="name"
identityAttribute="group_id" instanceAttribute="" nativeObjectType="group"
objectType="group">
<AttributeDefinition name="name" type="string">
<Description>Group Name</Description>
</AttributeDefinition>
<AttributeDefinition name="desc" type="string">
<Description>Group Description</Description>
</AttributeDefinition>
<AttributeDefinition name="status" type="string">
<Description>Group Status</Description>
</AttributeDefinition>
<AttributeDefinition name="group_id" type="string">
<Description>Group ID</Description>
</AttributeDefinition>
<AttributeDefinition name="voice_enabled" type="boolean">
<Description>Voice Enabled Flag</Description>
</AttributeDefinition>
<AttributeDefinition name="sms_enabled" type="boolean">
<Description>SMS Enabled Flag</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile_otp_enabled" type="boolean">
<Description>Mobile One Time Password Enabled
Flag</Description>
</AttributeDefinition>
<AttributeDefinition name="push_enabled" type="boolean">
<Description>Push Enabled Flag</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LDAPConnector"
featuresString="AUTHENTICATE, PROVISIONING, SYNC_PROVISIONING, ENABLE, UNLOCK,
PASSWORD, MANAGER_LOOKUP, SEARCH" icon="directory2Icon" name="SunOne Template"
type="SunOne - Direct">
<Attributes>
<Map>
<entry key="LDAPApplicationVersion" value="2.0"/>
<entry key="formPath" value="ldapNISAttributesForm.xhtml"/>
 <entry key="groupEntitlementAttr" value="groups"/>
<entry key="keystore"/>
<entry key="lockAttr" value="passwordretrycount"/>
<entry key="lockVal" value="3"/>
<entry key="passwordAttr" value="userPassword"/>
<entry key="restoreAttr" value="nsRoleDN"/>
<entry key="retryableErrors">
<value>
<List>
<String>java.net.ConnectException</String>
</List>
</value>
</entry>
<entry key="revokeAttr" value="nsRoleDN"/>
<entry key="unlockAttr" value="passwordretrycount"/>
<entry key="unlockVal" value="3"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ldap_user_DN"
helpKey="help_con_prov_policy_ldap_user_DN" name="dn" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_password"
helpKey="help_con_prov_policy_ldap_password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_ldap_full_name"
helpKey="help_con_prov_policy_ldap_full_name" name="CN" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ldap_first_name"
helpKey="help_con_prov_policy_ldap_first_name" name="givenName"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_last_name"
helpKey="help_con_prov_policy_ldap_last_name" name="SN" required="true" section=""
type="string"/>
</Form>
<Form name="group create" objectType="group" type="Create">
<Field displayName="con_prov_policy_ldap_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="group create" objectType="posixgroup" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_ldap_GID"
helpKey="help_con_prov_policy_ldap_GID" name="gidNumber" required="true"
reviewRequired="true" section="" type="int"/>
<Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" type="string"/>
</Form>
<Form name="group create" objectType="nisNetgroup" type="Create">
<Field displayName="con_prov_policy_ldap_group_DN"
helpKey="help_con_prov_policy_ldap_group_DN" name="dn" required="true"
reviewRequired="true" type="string"/>
 <Field displayName="con_prov_policy_ldap_description"
helpKey="help_con_prov_policy_ldap_description" name="description"
reviewRequired="true" type="string"/>
</Form>
<Form name="edit group" objectType="group" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" section="" type="string"/>
</Form>
<Form name="edit group" objectType="posixgroup" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" type="string"/>
</Form>
<Form name="edit group" objectType="nisNetgroup" type="Update">
<Field displayName="con_prov_policy_ldap_description"
name="description" reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="cn" identityAttribute="dn"
nativeObjectType="inetOrgPerson" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
 <Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups a user is a member</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="posixgroups" schemaObjectType="posixgroup" type="string">
<Description>List of posix groups a user is a
member</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="nisNetgroups" schemaObjectType="nisNetgroup" type="string">
<Description>List of nisnet groups a user is a
member</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
<Description>home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationaliSDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
 </AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="roomNumber" type="string">
<Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street address of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
<Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
<Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
 <Description>object classes of the entity</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="cn"
featuresString="PROVISIONING" identityAttribute="dn"
nativeObjectType="groupOfUniqueNames" objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="uniqueMember"/>
<entry key="memberAttribute" value="dn"/>
</Map>
</Attributes>
</Schema>
<Schema displayAttribute="cn" featuresString="PROVISIONING"
identityAttribute="dn" nativeObjectType="nisNetgroup" objectType="nisNetgroup">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="nisNetgroupTriple"
type="string">
<Description>unique member of a nisNetgroup</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="nisNetgroupTriple"/>
<entry key="memberAttribute">
<value>
<List>
<String>cn</String>
<String>uid</String>
</List>
</value>
 </entry>
<entry key="memberPrefix" value="{,"/>
<entry key="memberSuffix" value=",}"/>
</Map>
</Attributes>
</Schema>
<Schema displayAttribute="cn" featuresString="PROVISIONING"
identityAttribute="dn" nativeObjectType="posixgroup" objectType="posixgroup">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="memberUid" type="string">
<Description>unique member of a posixGroup</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="gidNumber" type="string">
<Description>Group ID</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="memberUid"/>
<entry key="memberAttribute">
<value>
<List>
<String>cn</String>
<String>uid</String>
</List>
</value>
</entry>
</Map>
</Attributes>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.RuleFileConnector"
featuresString="DIRECT_PERMISSIONS, NO_RANDOM_ACCESS, DISCOVER_SCHEMA"
icon="enterpriseIcon" name="RuleBasedFileParser Template"
type="RuleBasedFileParser"/>
<Application connector="sailpoint.connector.ADLDAPConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE, MANAGER_LOOKUP,
SEARCH, UNSTRUCTURED_TARGETS, UNLOCK, ENABLE, PASSWORD, CURRENT_PASSWORD"
icon="directory1Icon" name="Active Directory Template" type="Active Directory -
Direct">
<Attributes>
<Map>
<entry key="ADAppVersion" value="V2"/>
<entry key="authSearchAttributes">
<value>
<List>
<String>sAMAccountName</String>
<String>msDS-PrincipalName</String>
<String>mail</String>
</List>
 </value>
</entry>
<entry key="cacheRemoteObjectPort" value="40002"/>
<entry key="cacheRmiPort" value="40001"/>
<entry key="deletedObjectsContainer" value="CN=Deleted
Objects,DOMAIN"/>
<entry key="deltaIterationMode" value="dirSync"/>
<entry key="disableComputePreloading">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="disableFspAggregation">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="displayAttributeForContacts" value="cn"/>
<entry key="enableCache">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="encrypted"
value="domainSettings.password,forestSettings.password,exchangeSettings.password,IQ
ServiceConfiguration.IQServicePassword"/>
<entry key="formPath" value="ADldapAttributesForm.xhtml"/>
<entry key="ldapExtendedControls">
<value>
<List>
<String>1.2.840.113556.1.4.1339</String>
</List>
</value>
</entry>
<entry key="lyncAttributes"
value="RegistrarPool,SipAddressType,SipAddress,SipDomain,msRTCSIP-UserEnabled"/>
<entry key="manageLync">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="manageRecycleBin">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="pageSize" value="100"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ad_objecttype"
name="objectType" postBack="true" reviewRequired="true" section="Account"
type="string" value="User">
<AllowedValuesDefinition>
<Value>
<List>
<String>User</String>
<String>Contact</String>
 </List>
</Value>
</AllowedValuesDefinition>
<Attributes>
<Map>
<entry key="hidden">
<value>
<Script>
<Source>
Object objType = field.getValue();
if ("contact".equalsIgnoreCase(objType)) {
if (form.getSection("Dial-in") != null) {
form.remove(form.getSection("Dial-in"));
}
if (form.getSection("User Details") != null) {
form.remove(form.getSection("User Details"));
}
if (form.getSection("Skype for Business") != null) {
form.remove(form.getSection("Skype for
Business"));
}

if (form.getSection("Exchange") != null &amp;&amp;

form.getSection("Exchange").getFields() != null ) {
for (Object field :
form.getSection("Exchange").getFields()) {
String name = field.getName();
if (name != null &amp;&amp;
name.indexOf(":") > 0 ) {
String[] nameKeys = name.split(":");
if (nameKeys.length > 1 &amp;&amp;

"homeMDB".equalsIgnoreCase(nameKeys[2])){
field.setHidden(true);
}
}
}
}

} else {
if (form.getSection("User Details") != null
&amp;&amp; form.getSection("User Details").getFields() != null ) {
for (Object field : form.getSection("User
Details").getFields()) {
String name = field.getName();
if (name != null &amp;&amp;
name.indexOf(":") > 0 ) {
String[] nameKeys = name.split(":");
if (nameKeys.length > 1 &amp;&amp;

("sAMAccountName".equalsIgnoreCase(nameKeys[2])
||
"password".equalsIgnoreCase(nameKeys[2]))){
field.setRequired(true);
}
}
}
}
 }

return false;
</Source>
</Script>
</value>
</entry>
</Map>
</Attributes>
</Field>
<Field displayName="con_prov_policy_ad_distinguishedName"
helpKey="help_con_prov_policy_ad_distinguishedName" name="distinguishedName"
required="true" section="Account" type="string"/>
<Field displayName="con_prov_policy_ad_sAMAccountName"
helpKey="help_con_prov_policy_ad_sAMAccountName" name="sAMAccountName"
reviewRequired="true" section="User Details" type="string"/>
<Field displayName="con_prov_policy_ad_password"
helpKey="help_con_prov_policy_ad_password" name="password" reviewRequired="true"
section="User Details" type="secret"/>
<Field displayName="con_prov_policy_ad_pwdLastSet"
helpKey="help_con_prov_policy_ad_pwdLastSet" name="pwdLastSet"
reviewRequired="true" section="User Details" type="boolean"/>
<Field displayName="con_prov_policy_ad_IIQDisabled"
helpKey="help_con_prov_policy_ad_IIQDisabled" name="IIQDisabled"
reviewRequired="true" section="User Details" type="boolean" value="false"/>
<Field displayName="con_prov_policy_ad_primaryGroupDN"
helpKey="help_con_prov_policy_ad_primaryGroupDN" name="primaryGroupDN"
reviewRequired="true" section="User Details" type="string"/>
<Field displayName="con_prov_policy_ad_givenName"
helpKey="help_con_prov_policy_ad_givenName" name="givenName" reviewRequired="true"
section="General" type="string"/>
<Field displayName="con_prov_policy_ad_sn"
helpKey="help_con_prov_policy_ad_sn" name="sn" reviewRequired="true"
section="General" type="string"/>
<Field displayName="con_prov_policy_ad_description"
helpKey="help_con_prov_policy_ad_description" name="description"
reviewRequired="true" section="General" type="string"/>
<Field displayName="con_prov_policy_ad_msNPAllowDialin"
helpKey="help_con_prov_policy_ad_msNPAllowDialin" name="msNPAllowDialin"
reviewRequired="true" section="Dial-in" type="string" value="Not Set">
<AllowedValues>
<String>Not Set</String>
<String>true</String>
<String>false</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_ad_msNPCallingStationID"
helpKey="help_con_prov_policy_ad_msNPCallingStationID" multi="true"
name="msNPCallingStationID" reviewRequired="true" section="Dial-in" type="string"/>
<Field displayName="con_prov_policy_ad_msRADIUSCallbackNumber"
helpKey="help_con_prov_policy_ad_msRADIUSCallbackNumber"
name="msRADIUSCallbackNumber" reviewRequired="true" section="Dial-in"
type="string"/>
<Field displayName="con_prov_policy_ad_msRADIUSFramedRoute"
helpKey="help_con_prov_policy_ad_msRADIUSFramedRoute" multi="true"
name="msRADIUSFramedRoute" reviewRequired="true" section="Dial-in" type="string"/>
<Field displayName="con_prov_policy_ad_msRADIUSFramedIPAddress"
helpKey="help_con_prov_policy_ad_msRADIUSFramedIPAddress"
name="msRADIUSFramedIPAddress" reviewRequired="true" section="Dial-in"
type="string"/>
<Field displayName="con_prov_policy_ad_homeMDB"
helpKey="help_con_prov_policy_ad_homeMDB" name="homeMDB" reviewRequired="true"
section="Exchange" type="string"/>
<Field displayName="con_prov_policy_ad_mailNickname"
helpKey="help_con_prov_policy_ad_mailNickname" name="mailNickname"
reviewRequired="true" section="Exchange" type="string"/>
<Field
displayName="con_prov_policy_ad_msExchHideFromAddressLists"
helpKey="help_con_prov_policy_ad_msExchHideFromAddressLists"
name="msExchHideFromAddressLists" reviewRequired="true" section="Exchange"
type="boolean"/>
<Field displayName="con_prov_policy_ad_externalEmailAddress"
helpKey="help_con_prov_policy_ad_externalEmailAddress"
name="exch_externalEmailAddress" reviewRequired="true" section="Exchange"
type="string"/>
<Field displayName="con_prov_policy_ad_SipAddress"
helpKey="help_con_prov_policy_ad_SipAddress" name="SipAddress"
reviewRequired="true" section="Skype for Business" type="string"/>
<Field displayName="con_prov_policy_ad_SipDomain"
helpKey="help_con_prov_policy_ad_SipDomain" name="SipDomain" reviewRequired="true"
section="Skype for Business" type="string"/>
<Field displayName="con_prov_policy_ad_SipAddressType"
helpKey="help_con_prov_policy_ad_SipAddressType" name="SipAddressType"
reviewRequired="true" section="Skype for Business" type="string">
<AllowedValues>
<String>SamAccountName</String>
<String>FirstLastName</String>
<String>EmailAddress</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_ad_RegistrarPool"
helpKey="help_con_prov_policy_ad_RegistrarPool" name="RegistrarPool"
reviewRequired="true" section="Skype for Business" type="string"/>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Field displayName="con_prov_policy_ad_distinguishedName_group"
helpKey="help_con_prov_policy_ad_group_distinguishedName" name="distinguishedName"
required="true" type="string"/>
<Field displayName="con_prov_policy_ad_sAMAccountName"
helpKey="help_con_prov_policy_ad_group_sAMAccountName" name="sAMAccountName"
required="true" type="string"/>
</Form>
<Form name="Update Group" objectType="group" type="Update">
<Field displayName="con_prov_policy_ad_GroupType"
helpKey="help_con_prov_policy_ad_GroupType" name="GroupType" reviewRequired="true"
type="string" value="Security">
<AllowedValues>
<String>Security</String>
<String>Distribution</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_ad_GroupScope"
helpKey="help_con_prov_policy_ad_GroupScope" name="GroupScope"
reviewRequired="true" type="string" value="Global">
<AllowedValues>
<String>Domain local</String>
<String>Global</String>
<String>Universal</String>
 </AllowedValues>
</Field>
<Field displayName="con_prov_policy_ad_description"
helpKey="help_con_prov_policy_ad_group_description" name="description"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_ad_mailNickname"
helpKey="help_con_prov_policy_ad_group_mailNickname" name="mailNickname"
reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="msDS-PrincipalName"
identityAttribute="distinguishedName" nativeObjectType="User" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
</AttributeDefinition>
<AttributeDefinition name="distinguishedName" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
<Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
 <Description>home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationalISDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
</AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
 <AttributeDefinition name="roomNumber" type="string">
<Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="streetAddress" type="string">
<Description>street address of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
<Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
<Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="userPrincipalName" type="string">
<Description>user principal name</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>object classes of the entity</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="memberOf" schemaObjectType="group" type="string">
<Description>Group Membership</Description>
</AttributeDefinition>
<AttributeDefinition name="objectSid" type="string">
<Description>Windows Security Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="objectguid" type="string">
<Description>Object globally unique identifier </Description>
</AttributeDefinition>
<AttributeDefinition name="objectType" type="string">
<Description>Type of Active Directory object</Description>
</AttributeDefinition>
 <AttributeDefinition name="sAMAccountName" type="string">
<Description>sAMAccountName</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="accountFlags"
type="string">
<Description>List of the flags enabled on an
account</Description>
</AttributeDefinition>
<AttributeDefinition name="department" type="string">
<Description>User's department</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="msNPCallingStationID"
type="string">
<Description>CallingStationID</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="msRADIUSFramedRoute"
type="string">
<Description>Static Routes for Dial-In connection</Description>
</AttributeDefinition>
<AttributeDefinition name="msNPAllowDialin" type="string">
<Description>Is dial-in allowed</Description>
</AttributeDefinition>
<AttributeDefinition name="msRADIUSCallbackNumber" type="string">
<Description>Callback Number</Description>
</AttributeDefinition>
<AttributeDefinition name="msRADIUSFramedIPAddress"
type="string">
<Description>Define Static IP Address</Description>
</AttributeDefinition>
<AttributeDefinition internalName="targetAddress"
name="externalEmailAddress" type="string">
<Description>External email address of Mail User</Description>
</AttributeDefinition>
<AttributeDefinition name="mailNickname" type="string">
<Description>Exchange Alias</Description>
</AttributeDefinition>
<AttributeDefinition name="homeMDB" type="string">
<Description>Exchange Database</Description>
</AttributeDefinition>
<AttributeDefinition name="msExchHideFromAddressLists"
type="boolean">
<Description>Hide from Exchange address lists</Description>
</AttributeDefinition>
<AttributeDefinition name="msRTCSIP-UserEnabled" type="boolean">
<Description>User enabled for Skype for Business
Server</Description>
</AttributeDefinition>
<AttributeDefinition name="SipAddress" type="string">
<Description>Skype for Business sipAddress</Description>
</AttributeDefinition>
<AttributeDefinition name="RegistrarPool" type="string">
<Description>Skype for Business Registrar pool</Description>
</AttributeDefinition>
<AttributeDefinition name="LyncPinSet" type="string">
<Description>Skype for Business user pin set
status</Description>
</AttributeDefinition>
<AttributeDefinition name="LyncPinLockedOut" type="string">
<Description>Skype for Business user pin lock
status</Description>
</AttributeDefinition>
<AttributeDefinition name="DialPlan" type="string">
<Description>Skype for Business user dial plan
name</Description>
</AttributeDefinition>
<AttributeDefinition name="msDS-PrincipalName" type="string">
<Description>Name of the entity in the format "NetBIOS domain
name\sAMAccountName"</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="msDS-
PrincipalName" featuresString="PROVISIONING, GROUPS_HAVE_MEMBERS"
hierarchyAttribute="memberOf" identityAttribute="distinguishedName"
nativeObjectType="Group" objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="distinguishedName" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="memberOf" schemaObjectType="group" type="string">
<Description>Group Membership</Description>
</AttributeDefinition>
<AttributeDefinition name="objectSid" type="string">
<Description>Windows Security Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="objectguid" type="string">
<Description>Object globally unique identifier </Description>
</AttributeDefinition>
<AttributeDefinition name="mailNickname" type="string">
<Description>Exchange Distribution Group Name</Description>
</AttributeDefinition>
<AttributeDefinition name="GroupType" type="string">
<Description>Group Type</Description>
</AttributeDefinition>
<AttributeDefinition name="GroupScope" type="string">
<Description>Group Scope</Description>
</AttributeDefinition>
<AttributeDefinition name="sAMAccountName" type="string">
<Description>sAMAccountName</Description>
</AttributeDefinition>
<AttributeDefinition name="msDS-PrincipalName" type="string">
<Description>Name of the entity in the format "NetBIOS domain
name\sAMAccountName"</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="member"/>
</Map>
 </Attributes>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.LotusDomino"
featuresString="PROVISIONING, SYNC_PROVISIONING, ENABLE, AUTHENTICATE, SEARCH,
UNLOCK, PASSWORD, CURRENT_PASSWORD" icon="directory2Icon" name="IBM Lotus Domino -
Direct" type="IBM Lotus Domino - Direct">
<Attributes>
<Map>
<entry key="formPath" value="LotusDomino.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_form_LDC_server_name"
helpKey="help_con_form_LDC_server_name" name="ServerName" required="true"
type="string"/>
<Field displayName="con_form_LDC_use_ca_process"
helpKey="help_con_form_LDC_use_ca_process" name="UseCAProcess"
reviewRequired="true" type="string" value="N">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="con_form_LDC_certifier_name"
helpKey="help_con_form_LDC_certifier_name" name="CertifierName"
reviewRequired="true" type="string"/>
<Field displayName="con_form_LDC_certifier_id"
helpKey="help_con_form_LDC_certifier_id" name="CertifierIDFile"
reviewRequired="true" type="string"/>
<Field displayName="con_form_LDC_certifier_password"
helpKey="help_con_form_LDC_certifier_password" name="CertifierPassword"
reviewRequired="true" type="secret"/>
<Field displayName="con_form_LDC_last_name"
helpKey="help_con_form_LDC_last_name" name="LastName" required="true"
type="string"/>
<Field displayName="con_form_LDC_user_full_name"
helpKey="help_con_form_LDC_user_full_name" name="FullName" required="true"
type="string"/>
<Field displayName="con_form_LDC_user_id"
helpKey="help_con_form_LDC_user_id" name="IDFilePath" required="true"
type="string"/>
<Field displayName="con_form_LDC_user_id_password"
helpKey="help_con_form_LDC_user_id_password" name="UserIDFilePassword"
required="true" type="secret"/>
<Field displayName="con_form_LDC_id_type"
helpKey="help_con_form_LDC_id_type" name="IDType" required="true" type="string"
value="HIERARCHICAL">
<AllowedValues>
<String>FLAT</String>
<String>HIERARCHICAL</String>
<String>CERTIFIER</String>
</AllowedValues>
</Field>
</Form>
<Form name="Change Password" objectType="account"
type="ChangePassword">
 <Field displayName="con_prov_policy_http_password"
name="HTTP_PASSWORD_CHANGE" reviewRequired="true" section="Please select one or
more password types you wish to update" type="string" value="Yes">
<AllowedValuesDefinition>
<Value>
<List>
<String>Yes</String>
<String>No</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field displayName="con_prov_policy_id_vault_password"
name="RESET_PASSWORD" reviewRequired="true" section="Please select one or more
password types you wish to update" type="string" value="No">
<AllowedValuesDefinition>
<Value>
<List>
<String>Yes</String>
<String>No</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
<Field displayName="con_prov_policy_id_file_path"
helpKey="help_con_prov_policy_id_file_path" name="IDFilePath" reviewRequired="true"
section="Please select one or more password types you wish to update"
type="string"/>
</Form>
<Form name="group" objectType="group" type="Create">
<Field displayName="con_form_LDC_group_name"
helpKey="help_con_form_LDC_group_name" name="ListName" required="true"
type="string"/>
</Form>
<Form name="group" objectType="group" type="Update">
<Field displayName="con_form_LDC_group_type"
helpKey="help_con_form_LDC_group_type" name="GroupType" required="true"
type="string" value="Multi-purpose">
<AllowedValues>
<String>Multi-purpose</String>
<String>Mail only</String>
<String>Access Control List only</String>
<String>Deny List only</String>
<String>Servers only</String>
</AllowedValues>
</Field>
<Field displayName="con_form_LDC_list_description"
helpKey="help_con_form_LDC_list_description" name="ListDescription"
reviewRequired="true" type="string"/>
<Field displayName="con_form_LDC_list_owner"
helpKey="help_con_form_LDC_list_owner" name="ListOwner" reviewRequired="true"
type="string"/>
<Field displayName="con_form_LDC_local_admin"
helpKey="help_con_form_LDC_local_admin" name="LocalAdmin" reviewRequired="true"
type="string"/>
<Field displayName="con_form_LDC_mail_domain"
helpKey="help_con_form_LDC_mail_domain" name="MailDomain" reviewRequired="true"
type="string"/>
<Field displayName="con_form_LDC_group_net_address"
helpKey="help_con_form_LDC_group_net_address" name="InternetAddress"
reviewRequired="true" type="string"/>
<Field displayName="con_form_LDC_group_comments" name="Comments"
reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="FullName" identityAttribute="NOTEID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="FirstName"
remediationModificationType="None" required="true" type="string">
<Description>First name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="MiddleInitial"
remediationModificationType="None" type="string">
<Description>Middle initials of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="LastName"
remediationModificationType="None" required="true" type="string">
<Description>Last name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="FullName"
remediationModificationType="None" type="string">
<Description>Full name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="ShortName"
remediationModificationType="None" type="string">
<Description>Short name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="UserName"
remediationModificationType="None" type="string">
<Description>The user full name</Description>
</AttributeDefinition>
<AttributeDefinition name="Type"
remediationModificationType="None" type="string">
<Description>The type of the document</Description>
</AttributeDefinition>
<AttributeDefinition name="Owner"
remediationModificationType="None" type="string">
<Description>The owner of the document</Description>
</AttributeDefinition>
<AttributeDefinition name="MailSystem"
remediationModificationType="None" type="string">
<Description>The type of mail system</Description>
</AttributeDefinition>
<AttributeDefinition name="MailDomain"
remediationModificationType="None" type="string">
<Description>Mail domain of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="MailServer"
remediationModificationType="None" type="string">
<Description>Mail server of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="MailFile"
remediationModificationType="None" type="string">
<Description>Mail file of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="InternetAddress"
remediationModificationType="None" type="string">
 <Description>Mail internet address</Description>
</AttributeDefinition>
<AttributeDefinition name="JobTitle"
remediationModificationType="None" type="string">
<Description>Job title of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="CompanyName"
remediationModificationType="None" type="string">
<Description>Company name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Department"
remediationModificationType="None" type="string">
<Description>Department of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="EmployeeID"
remediationModificationType="None" type="string">
<Description>EmployeeID of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Location"
remediationModificationType="None" type="string">
<Description>Location of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Manager"
remediationModificationType="None" type="string">
<Description>Manager of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OfficePhoneNumber"
remediationModificationType="None" type="string">
<Description>Office phone number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OfficeFAXPhoneNumber "
remediationModificationType="None" type="string">
<Description>Office fax phone number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="CellPhoneNumber"
remediationModificationType="None" type="string">
<Description>Cell phone number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="PhoneNumber_6"
remediationModificationType="None" type="string">
<Description>Phone number_6 of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Assistant"
remediationModificationType="None" type="string">
<Description>Assistant of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OfficeStreetAddress"
remediationModificationType="None" type="string">
<Description>Office street address of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OfficeCity"
remediationModificationType="None" type="string">
<Description>Office city of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OfficeState"
remediationModificationType="None" type="string">
<Description>Office state of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OfficeZIP"
remediationModificationType="None" type="string">
<Description>Office ZIP/Portal of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OfficeCountry"
remediationModificationType="None" type="string">
<Description>Office country of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="OfficeNumber"
remediationModificationType="None" type="string">
<Description>Office number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="StreetAddress"
remediationModificationType="None" type="string">
<Description>Street address of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="State"
remediationModificationType="None" type="string">
<Description>State of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Zip"
remediationModificationType="None" type="string">
<Description>Zip/Postal code of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Country"
remediationModificationType="None" type="string">
<Description>Country of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="PhoneNumber"
remediationModificationType="None" type="string">
<Description>Phone number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="HomeFAXPhoneNumber"
remediationModificationType="None" type="string">
<Description>Home fax phone number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Spouse"
remediationModificationType="None" type="string">
<Description>Spouse of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Children"
remediationModificationType="None" type="string">
<Description>Children of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="PersonalID"
remediationModificationType="None" type="string">
<Description>PersonalID of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Comment"
remediationModificationType="None" type="string">
<Description>Office number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="WebSite"
remediationModificationType="None" type="string">
<Description>Address of the user Web Page</Description>
</AttributeDefinition>
<AttributeDefinition name="PhotoURL"
remediationModificationType="None" type="string">
<Description>Photo URL of the user</Description>
</AttributeDefinition>
 <AttributeDefinition name="LocalAdmin"
remediationModificationType="None" type="string">
<Description>Local Admin of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="CheckPassword"
remediationModificationType="None" type="string">
<Description>Check password of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordChangeInterval"
remediationModificationType="None" type="string">
<Description>Password change interval of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordGracePeriod"
remediationModificationType="None" type="string">
<Description>Password grace period of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Policy"
remediationModificationType="None" type="string">
<Description>Policy of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Profiles"
remediationModificationType="None" type="string">
<Description>Profiles of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="ClientType"
remediationModificationType="None" type="string">
<Description>Type of the client</Description>
</AttributeDefinition>
<AttributeDefinition name="PostalAddress"
remediationModificationType="None" type="string">
<Description>Postal address of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="HomePostalAddress"
remediationModificationType="None" type="string">
<Description>Home postal address of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Street"
remediationModificationType="None" type="string">
<Description>Street of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="BusinessCategory"
remediationModificationType="None" type="string">
<Description>Business category of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="CarLicense"
remediationModificationType="None" type="string">
<Description>Car license of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="DepartmentNumber"
remediationModificationType="None" type="string">
<Description>Department number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="EmployeeNumber"
remediationModificationType="None" type="string">
<Description>Employee number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="EmployeeType"
remediationModificationType="None" type="string">
<Description>Employee type of the user</Description>
 </AttributeDefinition>
<AttributeDefinition name="SametimeServer"
remediationModificationType="None" type="string">
<Description>Home sametime server of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordChangeDate"
remediationModificationType="None" type="string">
<Description>Password change date of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="HTTPPasswordChangeDate"
remediationModificationType="None" type="string">
<Description>HTTP password change date of the
user</Description>
</AttributeDefinition>
<AttributeDefinition name="NOTEID"
remediationModificationType="None" type="string">
<Description>NOTEID of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="$UpdatedBy"
remediationModificationType="None" type="string">
<Description>Name of the user who last updated the user
document</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Groups" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>A list of groups of which the user is a member
of</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="ListDescription"
displayAttribute="GroupName" featuresString="GROUPS_HAVE_MEMBERS, PROVISIONING"
identityAttribute="ListName" nativeObjectType="group" objectType="group">
<AttributeDefinition name="ListName"
remediationModificationType="None" type="string">
<Description>Name of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="GroupType"
remediationModificationType="None" type="string">
<Description>Type of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="ListDescription"
remediationModificationType="None" type="string">
<Description>Description of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="ListOwner"
remediationModificationType="None" type="string">
<Description>Owner of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="LocalAdmin"
remediationModificationType="None" type="string">
<Description>Local admin of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="MailDomain"
remediationModificationType="None" type="string">
<Description>Mail domain of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="InternetAddress"
remediationModificationType="None" type="string">
 <Description>Internet address of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="Comments"
remediationModificationType="None" type="string">
<Description>Comments about the group</Description>
</AttributeDefinition>
<AttributeDefinition name="NOTEID"
remediationModificationType="None" type="string">
<Description>NOTEID of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="$UpdatedBy"
remediationModificationType="None" type="string">
<Description>Name of the user who last updated the group
document</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="Members"/>
</Map>
</Attributes>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, ENABLE, SEARCH, PASSWORD"
icon="enterpriseIcon" name="Siebel" type="Siebel">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.SiebelConnector"/>
<entry key="encrypted" value="passwd"/>
<entry key="formPath" value="SiebelAttributesForm.xhtml"/>
<entry key="retryableErrors">
<value>
<List>
<String>Cannot connect to Siebel Server</String>
</List>
</value>
</entry>
<entry key="setDelay" value="1"/>
</Map>
</Attributes>
<ProvisioningConfig>
<PlanInitializerScript>
<Source>
import java.util.*;
import
sailpoint.object.ProvisioningPlan.ObjectOperation;
import sailpoint.object.ProvisioningPlan.ObjectRequest;
import
sailpoint.object.ProvisioningPlan.AttributeRequest;
import
sailpoint.object.ProvisioningPlan.AccountRequest;
import
sailpoint.object.ProvisioningPlan.GenericRequest;

List accountRequests = plan.getAccountRequests();

if (accountRequests != null)
 {
for (AccountRequest acctReq : accountRequests)
{
AccountRequest.Operation op =
acctReq.getOperation();
if (op == AccountRequest.Operation.Create)
{
String userId =
acctReq.getNativeIdentity();
if (userId != null)
{

acctReq.setNativeIdentity(userId.toUpperCase());
}
}
}
}
</Source>
</PlanInitializerScript>
</ProvisioningConfig>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_form_siebel_loginname"
helpKey="help_con_form_siebel_loginname" name="Login Name" required="true"
section="" type="string"/>
<Field displayName="con_form_siebel_firstname"
helpKey="help_con_form_siebel_firstname" name="First Name" required="true"
section="" type="string"/>
<Field displayName="con_form_siebel_lastname"
helpKey="help_con_form_siebel_lastname" name="Last Name" required="true" section=""
type="string"/>
<Field displayName="con_form_siebel_position"
helpKey="help_con_form_siebel_position" multi="true" name="Position"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_form_siebel_postid"
helpKey="help_con_form_siebel_postid" name="Primary Position Id"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_form_siebel_resp"
helpKey="help_con_form_siebel_resp" multi="true" name="Responsibility"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_form_siebel_password"
helpKey="help_con_form_siebel_pass" name="Password" reviewRequired="true"
section="" type="secret"/>
<Field displayName="con_form_siebel_repass"
helpKey="help_con_form_siebel_repass" name="Verify Password" reviewRequired="true"
section="" type="secret"/>
<Field displayName="con_form_siebel_jobtitle"
helpKey="help_con_form_siebel_jobtitle" name="Job Title" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_siebel_emptype"
helpKey="help_con_form_siebel_emptype" name="Employee Type Code"
reviewRequired="true" section="" type="string">
<AllowedValues>
<String>Contractor</String>
<String>Employee</String>
<String>Intern</String>
</AllowedValues>
</Field>
</Form>
 <Form name="create group" objectType="group" type="Create">
<Field displayName="con_form_siebel_position"
helpKey="help_con_form_siebel_post" name="Name" required="true" section=""
type="string"/>
<Field displayName="con_form_siebel_division"
helpKey="help_con_form_siebel_div" name="Division" required="true" section=""
type="string"/>
<Field displayName="con_form_siebel_posttype"
helpKey="help_con_form_siebel_posttype" name="Position Type" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_siebel_parid"
helpKey="help_con_form_siebel_parid" name="Parent Position Id"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="update group" objectType="group" type="Update">
<Field displayName="con_form_siebel_posttype"
helpKey="help_con_form_siebel_posttype" name="Position Type" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_siebel_parid"
helpKey="help_con_form_siebel_parid" name="Parent Position Id"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_form_siebel_position_id"
helpKey="help_form_siebel_position_id" name="Id" reviewRequired="true" section=""
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_form_siebel_position"
helpKey="help_con_form_siebel_postname" name="Name" reviewRequired="true"
section="" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_form_siebel_lastname"
helpKey="help_con_form_siebel_group_lastname" name="Last Name"
reviewRequired="true" section="" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_form_siebel_division"
helpKey="help_con_form_siebel_group_div" name="Division" reviewRequired="true"
section="" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_form_siebel_role"
helpKey="help_form_siebel_role" name="Role" reviewRequired="true" section=""
type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
<Field displayName="con_form_siebel_startdate"
helpKey="help_form_siebel_startdate" name="Start Date" reviewRequired="true"
section="" type="string">
<Attributes>
<Map>
<entry key="readOnly" value="true"/>
</Map>
</Attributes>
</Field>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="Login Name" identityAttribute="Login
Name" nativeObjectType="account" objectType="account">
<AttributeDefinition name="Login Name"
remediationModificationType="None" required="true" type="string">
<Description>Login Name of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="First Name"
remediationModificationType="None" type="string">
<Description>First Name of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Last Name"
remediationModificationType="None" type="string">
<Description>Last Name of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Employment Status"
remediationModificationType="None" type="string">
<Description>Employment Status</Description>
</AttributeDefinition>
<AttributeDefinition name="Street Address"
remediationModificationType="None" required="true" type="string">
<Description>Street Address</Description>
</AttributeDefinition>
<AttributeDefinition name="Phone Number"
remediationModificationType="None" required="true" type="string">
<Description>Phone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="Fax Number"
remediationModificationType="None" required="true" type="string">
<Description>Fax Number</Description>
</AttributeDefinition>
<AttributeDefinition name="Hire Date"
remediationModificationType="None" required="true" type="string">
<Description>Hire Date</Description>
</AttributeDefinition>
<AttributeDefinition name="Alias"
remediationModificationType="None" required="true" type="string">
<Description>Alias</Description>
</AttributeDefinition>
<AttributeDefinition name="State"
remediationModificationType="None" required="true" type="string">
 <Description>State</Description>
</AttributeDefinition>
<AttributeDefinition name="Availability Status"
remediationModificationType="None" required="true" type="string">
<Description>Availability status of Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="ManagerLogin"
remediationModificationType="None" required="true" type="string">
<Description>Login of Employee's manager</Description>
</AttributeDefinition>
<AttributeDefinition name="Job Title"
remediationModificationType="None" required="true" type="string">
<Description>Job Title</Description>
</AttributeDefinition>
<AttributeDefinition name="Division"
remediationModificationType="None" required="true" type="string">
<Description>Division</Description>
</AttributeDefinition>
<AttributeDefinition name="Primary Responsibility Id"
remediationModificationType="None" type="string">
<Description>Primary responsibility Id of
Employee</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Responsibility"
remediationModificationType="None" type="string">
<Description>It contains a list of responsibilties of
Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Primary Position Id"
remediationModificationType="None" type="string">
<Description>Primary Position Id of Employee</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Position" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>It contains a list of positions assigned to
Employee</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="Name" featuresString="PROVISIONING"
identityAttribute="Id" nativeObjectType="group" objectType="group">
<AttributeDefinition name="Id" remediationModificationType="None"
required="true" type="string">
<Description>Unique Identifier for Position</Description>
</AttributeDefinition>
<AttributeDefinition name="Name"
remediationModificationType="None" required="true" type="string">
<Description>Name of Position</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Last Name"
remediationModificationType="None" required="true" type="string">
<Description>Last Name of Employee that has this
position</Description>
</AttributeDefinition>
<AttributeDefinition name="Division"
remediationModificationType="None" required="true" type="string">
<Description>Division of Position</Description>
</AttributeDefinition>
<AttributeDefinition name="Role"
remediationModificationType="None" required="true" type="string">
<Description>Role</Description>
</AttributeDefinition>
<AttributeDefinition name="Start Date"
remediationModificationType="None" required="true" type="string">
<Description>The date when the position was assigned to
Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="Position Type"
remediationModificationType="None" required="true" type="string">
<Description>Position Type</Description>
</AttributeDefinition>
<AttributeDefinition name="Parent Position Id"
remediationModificationType="None" required="true" type="string">
<Description>Parent Position Id</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.ITIMLDAPConnector"
featuresString="AUTHENTICATE, SEARCH" name="IBM Security Identity Manager Template"
type="IBM Security Identity Manager">
<Attributes>
<Map>
<entry key="formPath" value="ldapAttributesForm.xhtml"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="cn" identityAttribute="dn"
nativeObjectType="organizationalPerson" objectType="account">
<AttributeDefinition name="businessCategory" type="string">
<Description>business category</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="carLicense"
type="string">
<Description>vehicle license or registration
plate</Description>
</AttributeDefinition>
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>distinguished name for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="departmentNumber" type="string">
<Description>identifies a department within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<AttributeDefinition name="destinationIndicator" type="string">
<Description>destination indicator</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>preferred name to be used when displaying
entries</Description>
 </AttributeDefinition>
<AttributeDefinition name="employeeNumber" type="string">
<Description>numerically identifies an employee within an
organization</Description>
</AttributeDefinition>
<AttributeDefinition name="employeeType" type="string">
<Description>type of employment for a person</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="facsimileTelephoneNumber"
type="string">
<Description>Facsimile (Fax) Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="givenName" type="string">
<Description>first name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups a user is a member</Description>
</AttributeDefinition>
<AttributeDefinition name="homePhone" type="string">
<Description>home telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="homePostalAddress" type="string">
<Description>home postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="initials" type="string">
<Description>initials of some or all of names, but not the
surname(s).</Description>
</AttributeDefinition>
<AttributeDefinition name="internationaliSDNNumber"
type="string">
<Description>international ISDN number</Description>
</AttributeDefinition>
<AttributeDefinition name="l" type="string">
<Description>city</Description>
</AttributeDefinition>
<AttributeDefinition name="mail" type="string">
<Description>RFC822 Mailbox</Description>
</AttributeDefinition>
<AttributeDefinition name="manager" type="string">
<Description>DN of manager</Description>
</AttributeDefinition>
<AttributeDefinition name="mobile" type="string">
<Description>mobile telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="pager" type="string">
<Description>pager telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="physicalDeliveryOfficeName"
type="string">
<Description>Physical Delivery Office Name</Description>
 </AttributeDefinition>
<AttributeDefinition name="postOfficeBox" type="string">
<Description>Post Office Box</Description>
</AttributeDefinition>
<AttributeDefinition name="postalAddress" type="string">
<Description>postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="postalCode" type="string">
<Description>postal code</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredDeliveryMethod"
type="string">
<Description>preferred delivery method</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>preferred written or spoken language for a
person</Description>
</AttributeDefinition>
<AttributeDefinition name="registeredAddress" type="string">
<Description>registered postal address</Description>
</AttributeDefinition>
<AttributeDefinition name="roomNumber" type="string">
<Description>room number</Description>
</AttributeDefinition>
<AttributeDefinition name="secretary" type="string">
<Description>DN of secretary</Description>
</AttributeDefinition>
<AttributeDefinition name="seeAlso" type="string">
<Description>DN of related object</Description>
</AttributeDefinition>
<AttributeDefinition name="sn" type="string">
<Description>last (family) name(s) for which the entity is
known by</Description>
</AttributeDefinition>
<AttributeDefinition name="st" type="string">
<Description>state or province which this object resides
in</Description>
</AttributeDefinition>
<AttributeDefinition name="street" type="string">
<Description>street address of this object</Description>
</AttributeDefinition>
<AttributeDefinition name="telephoneNumber" type="string">
<Description>Telephone Number</Description>
</AttributeDefinition>
<AttributeDefinition name="teletexTerminalIdentifier"
type="string">
<Description>Teletex Terminal Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="telexNumber" type="string">
<Description>Telex Number</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>title associated with the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="uid" type="string">
<Description>user identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
 <Description>object classes of the entity</Description>
</AttributeDefinition>
<AttributeDefinition name="erglobalid" type="string">
<Description>ITIM global identifier</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="erroles" type="string">
<Description>ITIM roles DNs</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" name="ITIM roles"
type="string">
<Description>ITIM roles names</Description>
</AttributeDefinition>
<AttributeDefinition name="erparent" type="string">
<Description>ITIM organizational unit DN</Description>
</AttributeDefinition>
<AttributeDefinition name="ITIM org unit" type="string">
<Description>ITIM organizational unit name</Description>
</AttributeDefinition>
<AttributeDefinition name="erpersonstatus" type="int">
<Description>ITIM raw person status</Description>
</AttributeDefinition>
<AttributeDefinition name="inactive" type="boolean">
<Description>ITIM person inactive (based on
status)</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="description" displayAttribute="cn"
identityAttribute="dn" nativeObjectType="groupOfNames" objectType="group">
<AttributeDefinition name="cn" type="string">
<Description>common name(s) for which the entity is known
by</Description>
</AttributeDefinition>
<AttributeDefinition name="dn" type="string">
<Description>Directory Path</Description>
</AttributeDefinition>
<AttributeDefinition name="o" type="string">
<Description>organization this object belongs to</Description>
</AttributeDefinition>
<AttributeDefinition name="ou" type="string">
<Description>organizational unit this object belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="owner" type="string">
<Description>owner (of the object)</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>descriptive information</Description>
</AttributeDefinition>
<Attributes>
<Map>
<entry key="groupMemberAttribute" value="member"/>
</Map>
</Attributes>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.cib.CIBConnector"
featuresString="PROXY, SEARCH" name="Cloud Gateway Template" type="Cloud Gateway">
<Attributes>
 <Map>
<entry key="formPath" value="cibAttributesForm.xhtml"/>
<entry key="sslOpts">
<value>
<Integer>0</Integer>
</value>
</entry>
</Map>
</Attributes>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, ENABLE, UNLOCK, SEARCH,
UNSTRUCTURED_TARGETS, PASSWORD, CURRENT_PASSWORD" icon="enterpriseIcon" name="Linux
- Direct" type="Linux - Direct">
<Attributes>
<Map>
<entry key="ConnectorCode" value="LINUX"/>
<entry key="GroupDBFormat">
<value>
<List>
<String>name</String>
<String>password</String>
<String>groupid</String>
<String>memberlist</String>
</List>
</value>
</entry>
<entry key="NoOutput" value="none"/>
<entry key="PasswdBasicErrors">
<value>
<Map>
<entry key="passwd: Only root can specify a user name."
value="passwd: Only root can specify a user name."/>
<entry key="paswd: Command not found." value="paswd:
Command not found."/>
</Map>
</value>
</entry>
<entry key="PasswdErrors">
<value>
<Map>
<entry key="BAD PASSWORD: is too similar to the old one"
value="BAD PASSWORD: Password is too similar to the old one."/>
<entry key="BAD PASSWORD: it is based on a dictionary word"
value="BAD PASSWORD: Password is based on a dictionary word."/>
<entry key="Error changing password" value="Error changing
password."/>
<entry key="Sorry, passwords do not match."
value="Passwords do not match."/>
<entry key="Sorry, try again." value="Invalid sudo user
password."/>
<entry key="is not in the sudoers file. This incident will
be reported." value="sudo user not configured."/>
<entry key="passwd: Authentication token manipulation
error" value="Invalid current user password."/>
</Map>
</value>
</entry>
<entry key="PasswdPrompts">
 <value>
<Map>
<entry key="0">
<value>
<Map>
<entry key="(current) UNIX password:"
value="CurrentPassword"/>
</Map>
</value>
</entry>
<entry key="1">
<value>
<Map>
<entry key="Current password:"
value="CurrentPassword"/>
</Map>
</value>
</entry>
<entry key="2">
<value>
<Map>
<entry key="Old Password:" value="CurrentPassword"/>
</Map>
</value>
</entry>
<entry key="3">
<value>
<Map>
<entry key="New password:" value="NewPassword"/>
</Map>
</value>
</entry>
<entry key="4">
<value>
<Map>
<entry key="New Password:" value="NewPassword"/>
</Map>
</value>
</entry>
<entry key="5">
<value>
<Map>
<entry key="Retype new password:"
value="NewPassword"/>
</Map>
</value>
</entry>
<entry key="6">
<value>
<Map>
<entry key="Reenter New Password:"
value="NewPassword"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="PasswdSuccess">
 <value>
<List>
<String>passwd: all authentication tokens updated
successfully.</String>
</List>
</value>
</entry>
<entry key="Prompt" value="SAILPOINT>"/>
<entry key="PwdDBFormat">
<value>
<List>
<String>username</String>
<String>password</String>
<String>uid</String>
<String>primgrp</String>
<String>comment</String>
<String>home</String>
<String>shell</String>
</List>
</value>
</entry>
<entry key="SSHLoginTimeout" value="1000"/>
<entry key="SetPrompt" value="PS1=&apos;SAILPOINT>&apos;"/>
<entry key="ShadowDBFormat">
<value>
<List>
<String>username</String>
<String>password</String>
<String>pwdlastchg</String>
<String>pwdmin</String>
<String>pwdmax</String>
<String>pwdwarn</String>
<String>inactive</String>
<String>expiration</String>
<String>keyword1</String>
</List>
</value>
</entry>
<entry key="SudoBasicError" value="sudo: Command not found."/>
<entry key="SudoBasicErrorCode" value="127"/>
<entry key="SudoError" value="Sorry, try again."/>
<entry key="SudoErrorCode" value="1"/>
<entry key="aggregation.account" value="cat /etc/passwd | grep -v
&apos;^+&apos; | grep -v &apos;^-&apos;"/>
<entry key="aggregation.group" value="cat /etc/group | grep -v
&apos;^+&apos; | grep -v &apos;^-&apos;"/>
<entry key="aggregation.lockstatus" value="pam_tally2 | awk
&apos;{print $1} {print $2}&apos;"/>
<entry key="aggregation.passwd" value="cat /etc/shadow | grep -v
&apos;^+&apos; | grep -v &apos;^-&apos;"/>
<entry key="change.password" value="passwd"/>
<entry key="change.password.noninteractive" value="printf &quot;
%s\n&quot;"/>
<entry key="changepassword.resetmode" value="chage -d 0"/>
<entry key="chmod g-">
<value>
<Map>
<entry key="flags">
<value>
 <Map>
<entry key="execute" value="x"/>
<entry key="read" value="r"/>
<entry key="write" value="w"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="chmod u-">
<value>
<Map>
<entry key="flags">
<value>
<Map>
<entry key="execute" value="x"/>
<entry key="read" value="r"/>
<entry key="write" value="w"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="connect" value="ssh"/>
<entry key="connectorClass"
value="openconnector.connector.unix.LinuxConnector"/>
<entry key="create.account" value="useradd"/>
<entry key="create.group" value="groupadd"/>
<entry key="delete.account" value="userdel"/>
<entry key="delete.group" value="groupdel"/>
<entry key="disable.account" value="passwd -l"/>
<entry key="echo &apos;TestConnection&apos;">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="Success" value="TestConnection"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="enable.account" value="passwd -u"/>
<entry key="encrypted"
value="SudoUserPassword,PassphraseForPrivateKey"/>
<entry key="formPath" value="UnixAttributesForm.xhtml"/>
<entry key="get.group" value="getent group"/>
<entry key="get.loginsyslimit" value="cat /etc/pam.d/system-
auth"/>
<entry key="get.oldaccountval" value="groups"/>
<entry key="get.userfailedlogin" value="pam_tally2"/>
<entry key="get.userpwdrow" value="cat /etc/passwd | grep"/>
<entry key="get.usershadowrow" value="cat /etc/shadow | grep"/>
<entry key="groupadd">
<value>
 <Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="The /etc/group file cannot be
updated."/>
<entry key="2" value="Invalid command syntax. A usage
message for the groupadd command is displayed."/>
<entry key="3" value="An invalid argument was
provided to an option."/>
<entry key="4" value="The gid is not unique (when -o
option is not used)."/>
<entry key="9" value="The group is not unique."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="dupgid" value="-o"/>
<entry key="groupid" value="-g"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="groupdel">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="Cannot update the /etc/group
file."/>
<entry key="2" value="Invalid command syntax. A usage
message for the groupdel command is displayed."/>
<entry key="6" value="group does not exist."/>
</Map>
</value>
</entry>
<entry key="flags"/>
</Map>
</value>
</entry>
<entry key="groupmod">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="Cannot update the /etc/group
file."/>
<entry key="2" value="Invalid command syntax. A usage
message for the groupmod command is displayed."/>
<entry key="3" value="An invalid argument was
provided to an option."/>
<entry key="4" value="gid is not unique (when the -o
option is not used)."/>
 <entry key="6" value="group does not exist."/>
<entry key="9" value="name already exists as a group
name."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="dupgid" value="-o"/>
<entry key="groupid" value="-g"/>
<entry key="newgroupname" value="-n"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="modify.account" value="usermod"/>
<entry key="modify.group" value="groupmod"/>
<entry key="passwd">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="1" value="Permission denied."/>
<entry key="10" value=" Account expired."/>
<entry key="11" value="Password information
unchanged."/>
<entry key="2" value="Invalid combination of
options."/>
<entry key="3" value="Unexpected failure. Password
file unchanged."/>
<entry key="4" value="Unexpected failure. Password
file(s) missing."/>
<entry key="5" value="Password file(s) busy. Try
again later."/>
<entry key="6" value="Invalid argument to option."/>
<entry key="7" value="Aging option is disabled."/>
<entry key="8" value="No memory."/>
<entry key="9" value="System error."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="forcepwdchg" value="-e"/>
<entry key="inactive" value="-i"/>
<entry key="pwdmax" value="-x"/>
<entry key="pwdmin" value="-n"/>
<entry key="pwdwarn" value="-w"/>
<entry key="unlock" value="-u"/>
</Map>
</value>
</entry>
</Map>
</value>
 </entry>
<entry key="remove.account.permission" value="chmod u-"/>
<entry key="remove.group.permission" value="chmod g-"/>
<entry key="remove.remotefile" value="\rm -f"/>
<entry key="retryableErrors">
<value>
<List>
<String>Login failed</String>
</List>
</value>
</entry>
<entry key="setDelay" value="1"/>
<entry key="sshTimeOut" value="120000"/>
<entry key="sshWaitTime" value="500"/>
<entry key="testconnection" value="echo
&apos;TestConnection&apos;"/>
<entry key="unlock.account" value="pam_tally2 -u"/>
<entry key="useradd">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="1" value="No permission for attempted
operation"/>
<entry key="10" value="Cannot update the passwd,
shadow, or user_attr file."/>
<entry key="11" value="Insufficient space to move the
home directory (-m option)."/>
<entry key="12" value="Unable to create, remove, or
move the new home directory."/>
<entry key="13" value="Requested login is already in
use."/>
<entry key="14" value="Unexpected failure."/>
<entry key="16" value="Unable to update the group
database."/>
<entry key="17" value="Unable to update the project
database."/>
<entry key="18" value="Insufficient authorization."/>
<entry key="19" value="Does not have role."/>
<entry key="2" value="The command syntax was invalid.
A usage message for the usermod command is displayed."/>
<entry key="20" value="Does not have profile."/>
<entry key="21" value="Does not have privilege."/>
<entry key="22" value="Does not have label."/>
<entry key="23" value="Does not have group."/>
<entry key="24" value="System not running Trusted
Extensions."/>
<entry key="25" value="Does not have project."/>
<entry key="26" value="Unable to update auto_home."/>
<entry key="3" value="An invalid argument was
provided to an option."/>
<entry key="4" value="The gid or uid given with the -
u option is already in use."/>
<entry key="5" value="The password and shadow files
are not consistent with each other. pwconv(1M) might be of use to correct possible
errors. See passwd(4) and shadow(4)."/>
<entry key="6" value="The login to be modified does
not exist, the gid or the uid does not exist."/>
 <entry key="7" value="The group, passwd, or shadow
file is missing."/>
<entry key="9" value="A group or user name is already
in use"/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="comment" value="-c"/>
<entry key="crthomedir" value="-m"/>
<entry key="dupuid" value="-o"/>
<entry key="expiration" value="-e"/>
<entry key="groups" value="-G"/>
<entry key="home" value="-d"/>
<entry key="lastlog" value="-l"/>
<entry key="primgrp" value="-g"/>
<entry key="shell" value="-s"/>
<entry key="uid" value="-u"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="userdel">
<value>
<Map>
<entry key="exitsts">
<value>
<Map>
<entry key="10" value="Cannot update the /etc/group
or /etc/user_attr file but the login is removed from the /etc/passwd file."/>
<entry key="12" value="Cannot remove or otherwise
modify the home directory."/>
<entry key="2" value="Invalid command syntax. A usage
message for the userdel command is displayed."/>
<entry key="6" value="The account to be removed does
not exist."/>
<entry key="8" value="The account to be removed is in
use."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="removeHome" value="-r"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="usermod">
<value>
<Map>
<entry key="exitsts">
 <value>
<Map>
<entry key="10" value="Cannot update the /etc/group
or /etc/user_attr file. Other update requests will be implemented."/>
<entry key="11" value="Insufficient space to move the
home directory (-m option). Other update requests will be implemented."/>
<entry key="12" value="Unable to complete the move of
the home directory to the new home directory."/>
<entry key="2" value="The command syntax was invalid.
A usage message for the usermod command is displayed."/>
<entry key="3" value="An invalid argument was
provided to an option."/>
<entry key="4" value="The uid given with the -u
option is already in use."/>
<entry key="5" value="The password files contain an
error. pwconv(1M) can be used to correct possible errors. See passwd(4)"/>
<entry key="6" value="The login to be modified does
not exist, the group does not exist, or the login shell does not exist."/>
<entry key="8" value="The login to be modified is in
use."/>
<entry key="9" value="The new_logname is already in
use."/>
</Map>
</value>
</entry>
<entry key="flags">
<value>
<Map>
<entry key="comment" value="-c"/>
<entry key="crthomedir" value="-m"/>
<entry key="dupuid" value="-o"/>
<entry key="expiration" value="-e"/>
<entry key="groups" value="-G"/>
<entry key="home" value="-d"/>
<entry key="lastlog" value="-l"/>
<entry key="primgrp" value="-g"/>
<entry key="shell" value="-s"/>
<entry key="uid" value="-u"/>
<entry key="unlock" value="-U"/>
</Map>
</value>
</entry>
</Map>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_form_linux_direct_username"
helpKey="help_con_linux_direct_username" name="username" required="true" section=""
type="string"/>
<Field displayName="con_form_linux_direct_homedir"
helpKey="help_con_linux_direct_homedir" name="home" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_linux_direct_shell"
helpKey="help_con_linux_direct_shell" name="shell" reviewRequired="true" section=""
type="string"/>
<Field displayName="con_form_linux_direct_userid"
helpKey="help_con_linux_direct_userid" name="uid" reviewRequired="true" section=""
type="string"/>
<Field displayName="con_form_linux_direct_password"
helpKey="help_con_linux_direct_password" name="password" reviewRequired="true"
type="secret"/>
<Field displayName="con_form_linux_direct_mindays"
helpKey="help_con_linux_direct_mindays" name="pwdmin" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_linux_direct_maxdays"
helpKey="help_con_linux_direct_maxdays" name="pwdmax" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_linux_direct_warntime"
helpKey="help_con_linux_direct_warntime" name="pwdwarn" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_linux_direct_grpname"
helpKey="help_con_linux_direct_grpname" name="primgrp" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_linux_direct_comment"
helpKey="help_con_linux_direct_comment" name="comment" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_linux_direct_accdur"
helpKey="help_con_linux_direct_accdur" name="expiration" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_linux_direct_acctime"
helpKey="help_con_linux_direct_acctime" name="inactive" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_form_linux_direct_home"
helpKey="help_con_linux_direct_home" name="crthomedir" reviewRequired="true"
section="" type="boolean"/>
<Field displayName="con_form_linux_direct_login"
helpKey="help_con_linux_direct_login" name="lastlog" reviewRequired="true"
section="" type="boolean"/>
<Field displayName="con_form_linux_direct_dupid"
helpKey="help_con_linux_direct_dupid" name="dupuid" reviewRequired="true"
section="" type="boolean"/>
<Field displayName="con_form_linux_direct_pswdlogin"
helpKey="help_con_linux_direct_pswdlogin" name="forcepwdchg" reviewRequired="true"
type="boolean" value="false"/>
</Form>
<Form name="create group" objectType="group" type="Create">
<Field displayName="con_form_linux_direct_group"
helpKey="help_con_linux_direct_group" name="name" required="true" section=""
type="string"/>
<Field displayName="con_form_linux_direct_gid"
helpKey="help_con_linux_direct_gid" name="groupid" reviewRequired="true" section=""
type="string"/>
<Field displayName="con_form_linux_direct_dupgrp"
helpKey="help_con_linux_direct_dupgrp" name="dupgid" postBack="true"
type="boolean"/>
</Form>
<Form name="update group" objectType="group" type="Update">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
<value>
<DynamicValue value=""/>
</value>
</entry>
</Map>
 </Attributes>
<Field displayName="con_form_linux_direct_gid"
helpKey="help_con_linux_direct_gid" name="groupid" reviewRequired="true" section=""
type="string"/>
<Field displayName="con_form_linux_direct_dupgrp"
helpKey="help_con_linux_direct_dupgrp" name="dupgid" reviewRequired="true"
type="boolean"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="username" identityAttribute="username"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="username"
remediationModificationType="None" required="true" type="string">
<Description>Name of User</Description>
</AttributeDefinition>
<AttributeDefinition name="uid"
remediationModificationType="None" type="string">
<Description>The numerical value of the user's ID</Description>
</AttributeDefinition>
<AttributeDefinition name="home"
remediationModificationType="None" type="string">
<Description>Home Directory of User</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdlastchg"
remediationModificationType="None" type="string">
<Description>The number of days since January 1st, 1970 when
the password was last changed</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdmin"
remediationModificationType="None" type="string">
<Description>Minimum number of days between password
change</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdmax"
remediationModificationType="None" type="string">
<Description>The maximum number of days during which a password
is valid</Description>
</AttributeDefinition>
<AttributeDefinition name="pwdwarn"
remediationModificationType="None" type="string">
<Description>Number of days of warning before password
expires</Description>
</AttributeDefinition>
<AttributeDefinition name="primgrp"
remediationModificationType="None" type="string">
<Description>Primary Group of User</Description>
</AttributeDefinition>
<AttributeDefinition name="comment"
remediationModificationType="None" type="string">
<Description>User's password file comment field</Description>
</AttributeDefinition>
<AttributeDefinition name="expiration"
remediationModificationType="None" type="string">
<Description>Set the date or number of days since January 1,
1970 on which the user's account will no longer be accessible</Description>
</AttributeDefinition>
<AttributeDefinition name="inactive"
remediationModificationType="None" type="string">
 <Description>Set the number of days of inactivity after a
password has expired before the account is locked</Description>
</AttributeDefinition>
<AttributeDefinition name="lastLogin"
remediationModificationType="None" type="string">
<Description>Last login time of User</Description>
</AttributeDefinition>
<AttributeDefinition name="shell"
remediationModificationType="None" type="string">
<Description>The name of the user's login shell</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups which the user is a member
of</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="name" featuresString="PROVISIONING"
identityAttribute="name" nativeObjectType="group" objectType="group">
<AttributeDefinition name="name"
remediationModificationType="None" required="true" type="string">
<Description>Name of Group</Description>
</AttributeDefinition>
<AttributeDefinition name="groupid"
remediationModificationType="None" required="true" type="string">
<Description>The numerical value of the group's
ID</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="DISCOVER_SCHEMA, PROVISIONING, SYNC_PROVISIONING, ENABLE, PASSWORD"
icon="internetIcon" name="SCIM 2.0" type="SCIM 2.0">
<Attributes>
<Map>
<entry key="authType" value="oauth2"/>
<entry key="connectorClass"
value="openconnector.connector.scim2.SCIM2Connector"/>
<entry key="encrypted"
value="client_secret,oauthBearerToken,oauthTokenInfo,refresh_token"/>
<entry key="explicitAttributesRequest"/>
<entry key="formPath" value="scim2AttributesForm.xhtml"/>
<entry key="grant_type" value="REFRESH_TOKEN"/>
<entry key="pageSize"/>
<entry key="skipGrpUpdate" value="true"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="userName" identityAttribute="id"
nativeObjectType="User" objectType="account"/>
<Schema aggregationType="group" displayAttribute="displayName"
identityAttribute="id" nativeObjectType="Entitlement" objectType="entitlements"/>
<Schema aggregationType="group" displayAttribute="displayName"
identityAttribute="id" nativeObjectType="Role" objectType="roles"/>
<Schema displayAttribute="displayName" identityAttribute="id"
nativeObjectType="Group" objectType="group"/>
</Schemas>
</Application>
 <Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="SEARCH, PROVISIONING" icon="internetIcon" name="Workday"
type="Workday">
<Attributes>
<Map>
<entry key="Configure_Response_Group">
<value>
<Map>
<entry key="Exclude_Business_Unit_Hierarchies"
value="true"/>
<entry key="Exclude_Business_Units" value="true"/>
<entry key="Exclude_Companies" value="false"/>
<entry key="Exclude_Company_Hierarchies" value="true"/>
<entry key="Exclude_Contingent_Workers" value="false"/>
<entry key="Exclude_Cost_Center_Hierarchies"
value="false"/>
<entry key="Exclude_Cost_Centers" value="false"/>
<entry key="Exclude_Custom_Organizations" value="false"/>
<entry key="Exclude_Employees" value="false"/>
<entry key="Exclude_Fund_Hierarchies" value="true"/>
<entry key="Exclude_Funds" value="true"/>
<entry key="Exclude_Gift_Hierarchies" value="true"/>
<entry key="Exclude_Gifts" value="true"/>
<entry key="Exclude_Grant_Hierarchies" value="true"/>
<entry key="Exclude_Grants" value="true"/>
<entry key="Exclude_Location_Hierarchies" value="true"/>
<entry key="Exclude_Matrix_Organizations" value="true"/>
<entry key="Exclude_Organization_Support_Role_Data"
value="true"/>
<entry key="Exclude_Pay_Groups" value="true"/>
<entry key="Exclude_Program_Hierarchies" value="true"/>
<entry key="Exclude_Programs" value="true"/>
<entry key="Exclude_Region_Hierarchies" value="true"/>
<entry key="Exclude_Regions" value="true"/>
<entry key="Exclude_Supervisory_Organizations"
value="true"/>
<entry key="Exclude_Teams" value="true"/>
<entry key="Include_Account_Provisioning" value="false"/>
<entry key="Include_Additional_Jobs" value="false"/>
<entry key="Include_Background_Check_Data" value="false"/>
<entry key="Include_Benefit_Eligibility" value="false"/>
<entry key="Include_Benefit_Enrollments" value="false"/>
<entry key="Include_Career" value="false"/>
<entry key="Include_Collective_Agreement_Data"
value="false"/>
<entry key="Include_Compensation" value="false"/>
<entry
key="Include_Contingent_Worker_Tax_Authority_Form_Information" value="false"/>
<entry key="Include_Contracts_for_Terminated_Workers"
value="false"/>
<entry key="Include_Development_Items" value="false"/>
<entry key="Include_Employee_Contract_Data" value="false"/>
<entry key="Include_Employee_Review" value="false"/>
<entry key="Include_Employment_Information" value="true"/>
<entry key="Include_Extended_Employee_Contract_Details"
value="false"/>
<entry key="Include_Feedback_Received" value="false"/>
<entry key="Include_Goals" value="false"/>
<entry key="Include_Management_Chain_Data" value="true"/>
 <entry
key="Include_Multiple_Managers_in_Management_Chain_Data" value="false"/>
<entry key="Include_Organizations" value="true"/>
<entry key="Include_Personal_Information" value="true"/>
<entry key="Include_Probation_Period_Data" value="false"/>
<entry key="Include_Qualifications" value="false"/>
<entry key="Include_Reference" value="true"/>
<entry key="Include_Related_Persons" value="false"/>
<entry key="Include_Roles" value="false"/>
<entry key="Include_Skills" value="false"/>
<entry key="Include_Subevents_for_Corrected_Transaction"
value="false"/>
<entry key="Include_Subevents_for_Rescinded_Transaction"
value="false"/>
<entry key="Include_Succession_Profile" value="false"/>
<entry key="Include_Talent_Assessment" value="false"/>
<entry key="Include_User_Account" value="false"/>
<entry key="Include_Worker_Documents" value="false"/>
</Map>
</value>
</entry>
<entry key="Delta_Aggregation_Events">
<value>
<List>
<String>Change Personal Information</String>
<String>Contact Information Event</String>
<String>Change Job</String>
<String>Change Legal Name</String>
<String>Change Business Title</String>
<String>Add Retiree Status</String>
<String>Assign Organization Roles</String>
<String>Change Owner</String>
<String>Assign Superior</String>
<String>EMERGENCY_CONTACT_EVENT</String>
<String>Change Organization Assignments for Worker</String>
<String>Change Primary Address</String>
<String>Contract Contingent Worker</String>
<String>Create Change Order from Contingent Worker
Contract</String>
<String>Create Primary Address</String>
<String>Edit Worker Additional Data</String>
<String>Maintain Employee Contracts</String>
<String>End Additional Job</String>
<String>Change Marital Status</String>
<String>Move to New Manager</String>
<String>Assign Worker</String>
<String>Move Workers Staffing</String>
<String>Assign Workers</String>
<String>New Hire Provisioning</String>
<String>Change Preferred Name</String>
<String>Request Worker</String>
<String>Submit Resignation</String>
<String>Transfer Contingent Worker</String>
<String>Transfer Employee</String>
</List>
</value>
</entry>
<entry key="FetchWorkersByOrganization">
<value>
 <Boolean>true</Boolean>
</value>
</entry>
<entry key="Future_Hire_Events">
<value>
<List>
<String>Hire Employee</String>
<String>Onboarding</String>
</List>
</value>
</entry>
<entry key="Future_Termination_Events">
<value>
<List>
<String>Terminate Employee</String>
<String>End Contingent Worker Contract</String>
</List>
</value>
</entry>
<entry key="Past_Termination_Offset" value="60"/>
<entry key="Termination_Attributes">
<value>
<List>
<String>TERMINATION_DATE</String>
<String>LAST_DAY_OF_WORK</String>
<String>CONTRACT_END_DATE</String>
<String>PRIMARY_TERMINATION_REASON_REFERENCE</String>
</List>
</value>
</entry>
<entry key="Termination_Events">
<value>
<List>
<String>End Contingent Worker Contract</String>
<String>Terminate Employee</String>
</List>
</value>
</entry>
<entry key="XpathAttributesMap">
<value>
<Map>
<entry key="ADDITIONAL_EMAIL_ADDRESS_HOME"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Contact_Data/ns1:Email_Address_Data[ns
1:Usage_Data[@ns1:Public=&apos;true&apos;]/
ns1:Type_Data[@ns1:Primary=&apos;false&apos;]/ns1:Type_Reference/
ns1:ID[@ns1:type=&apos;Communication_Usage_Type_ID&apos;]
=&apos;HOME&apos;]/ns1:Email_Address"/>
<entry key="ADDITIONAL_EMAIL_ADDRESS_WORK"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Contact_Data/ns1:Email_Address_Data[ns
1:Usage_Data[@ns1:Public=&apos;true&apos;]/
ns1:Type_Data[@ns1:Primary=&apos;false&apos;]/ns1:Type_Reference/
ns1:ID[@ns1:type=&apos;Communication_Usage_Type_ID&apos;]
=&apos;WORK&apos;]/ns1:Email_Address"/>
<entry key="ADDRESS_HOME"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Contact_Data/ns1:Address_Data[ns1:Usag
e_Data/ns1:Type_Data[@ns1:Primary=&apos;true&apos;]/ns1:Type_Reference/
ns1:ID[@ns1:type=&apos;Communication_Usage_Type_ID&apos;]
=&apos;HOME&apos;]/@ns1:Formatted_Address"/>
<entry key="ADDRESS_LINE_1"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Business_Site_Summary_Data/ns1:Address_Data/ns1:Address_Line_Data[@ns1:Type =
&apos;ADDRESS_LINE_1&apos;] |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Business_Site_Summary_Dat
a/ns1:Address_Data/ns1:Address_Line_Data[@ns1:Type = &apos;ADDRESS_LINE_1&apos;]"/>
<entry key="ADDRESS_WORK"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Contact_Data/ns1:Address_Data[ns1:Usag
e_Data/ns1:Type_Data[@ns1:Primary=&apos;true&apos;]/ns1:Type_Reference/
ns1:ID[@ns1:type=&apos;Communication_Usage_Type_ID&apos;]
=&apos;WORK&apos;]/@ns1:Formatted_Address"/>
<entry key="CHECK_LATEST_WORKER_RECORD"
value="ns1:Worker_Data/ns1:Integration_Field_Override_Data[ns1:Field_Reference[ns1:
ID[@ns1:type=&apos;Integration_Document_Field_Name&apos;]=&apos;LATEST_WORKER_RECOR
D&apos;]]"/>
<entry key="CITY"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Contact_Data/ns1:Address_Data[ns1:Usag
e_Data[@ns1:Public=&apos;true&apos;]/ns1:Type_Data[@ns1:Primary=&apos;true&apos;]/
ns1:Type_Reference/ns1:ID[@ns1:type=&apos;Communication_Usage_Type_ID&apos;]
=&apos;WORK&apos;]/ns1:Municipality"/>
<entry key="CLASS"
value="concat(ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/
ns1:Position_Data/ns1:Position_Title,ns1:Worker_Data/ns1:Employment_Data/
ns1:Worker_Job_Data/ns1:Position_Data/ns1:Position_Time_Type_Reference/
ns1:ID[@ns1:type=&apos;Position_Time_Type_ID&apos;],ns1:Worker_Data/
ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Worker_Type_Reference/ns1:ID[@ns1:type=&apos;Employee_Type_ID&apos;] |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Position_Title,ns1:Worker
_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Position_Time_Type_Reference/
ns1:ID[@ns1:type=&apos;Position_Time_Type_ID&apos;],ns1:Worker_Data/
ns1:Employment_Data/ns1:Position_Data/ns1:Worker_Type_Reference/
ns1:ID[@ns1:type=&apos;Employee_Type_ID&apos;])"/>
<entry key="COMPANY_NAME"
value="ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference/ns1:ID
[@ns1:type=&apos;Organization_Type_ID&apos;]=&apos;COMPANY&apos;]/
ns1:Organization_Name"/>
<entry key="CONTRACT_END_DATE"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Contract_Data/
ns1:Contract_End_Date"/>
<entry key="COST_CENTER"
value="ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference[ns1:ID[@ns1:type=&apos;Organi
zation_Type_ID&apos;]=&apos;COST_CENTER&apos;]]/ns1:Organization_Name |
ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference[ns1:ID[@ns1:type=&apos;Organi
zation_Type_ID&apos;]=&apos;Cost_Center&apos;]]/ns1:Organization_Name"/>
<entry key="COST_CENTER_HIERARCHY"
value="ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference[ns1:ID[@ns1:type=&apos;Organi
zation_Type_ID&apos;]=&apos;COST_CENTER_HIERARCHY&apos;]]/ns1:Organization_Name"/>
<entry key="COST_CENTER_REFERENCE_ID"
value="ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference[ns1:ID[@ns1:type=&apos;Organi
zation_Type_ID&apos;]=&apos;COST_CENTER&apos;]]/ns1:Organization_Reference_ID |
ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference[ns1:ID[@ns1:type=&apos;Organi
zation_Type_ID&apos;]=&apos;Cost_Center&apos;]]/ns1:Organization_Reference_ID"/>
<entry key="COUNTRY"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Contact_Data/ns1:Address_Data[ns1:Usag
e_Data/ns1:Type_Data/ns1:Type_Reference/
ns1:ID[@ns1:type=&apos;Communication_Usage_Type_ID&apos;]
=&apos;WORK&apos;]/ns1:Country_Reference/ns1:ID[@ns1:type=&apos;ISO_3166-1_Alpha-
3_Code&apos;]"/>
<entry key="DEPARTMENT"
value="concat(ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference/
ns1:ID[@ns1:type=&apos;Organization_Type_ID&apos;]
=&apos;COST_CENTER&apos;]/ns1:Organization_Code |
ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference/
ns1:ID[@ns1:type=&apos;Organization_Type_ID&apos;]
=&apos;Cost_Center&apos;]/ns1:Organization_Code,&apos;
&apos;,ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference/
ns1:ID[@ns1:type=&apos;Organization_Type_ID&apos;]
=&apos;COST_CENTER&apos;]/ns1:Organization_Name |
ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference/
ns1:ID[@ns1:type=&apos;Organization_Type_ID&apos;]
=&apos;Cost_Center&apos;]/ns1:Organization_Name)"/>
<entry key="DIVISION"
value="ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference[@ns1:Descriptor=&apos;Sales
Channel&apos;]]/ns1:Organization_Name"/>
<entry key="EMAIL_ADDRESS_HOME"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Contact_Data/ns1:Email_Address_Data[ns
1:Usage_Data[@ns1:Public=&apos;true&apos;]/
ns1:Type_Data[@ns1:Primary=&apos;true&apos;]/ns1:Type_Reference/
ns1:ID[@ns1:type=&apos;Communication_Usage_Type_ID&apos;]
=&apos;HOME&apos;]/ns1:Email_Address"/>
<entry key="EMAIL_ADDRESS_WORK"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Contact_Data/ns1:Email_Address_Data[ns
1:Usage_Data[@ns1:Public=&apos;true&apos;]/
ns1:Type_Data[@ns1:Primary=&apos;true&apos;]/ns1:Type_Reference/
ns1:ID[@ns1:type=&apos;Communication_Usage_Type_ID&apos;]
=&apos;WORK&apos;]/ns1:Email_Address"/>
<entry key="EMPLOYEE_TYPE"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Worker_Type_Reference/ns1:ID[@ns1:type=&apos;Employee_Type_ID&apos;] |
ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Worker_Type_Reference/ns1:ID[@ns1:type=&apos;Contingent_Worker_Type_ID&apos;] |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Worker_Type_Reference/
ns1:ID[@ns1:type=&apos;Employee_Type_ID&apos;] |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Worker_Type_Reference/
ns1:ID[@ns1:type=&apos;Contingent_Worker_Type_ID&apos;]"/>
<entry key="FILENUMBER"
value="ns1:Worker_Data/ns1:Worker_ID"/>
<entry key="FIRST_NAME"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Name_Data/ns1:Legal_Name_Data/
ns1:Name_Detail_Data/ns1:First_Name"/>
<entry key="FULLPARTTIME"
value="concat(ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/
ns1:Position_Data/ns1:Position_Title,&apos;
&apos;,ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Position_Time_Type_Reference/
ns1:ID[@ns1:type=&apos;Position_Time_Type_ID&apos;] |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Position_Title,&apos;
&apos;,ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Position_Time_Type
_Reference/ns1:ID[@ns1:type=&apos;Position_Time_Type_ID&apos;])"/>
<entry key="FUTURE_ACTION"
value="ns1:Worker_Data/ns1:Transaction_Log_Entry_Data/ns1:Transaction_Log_Entry/
ns1:Transaction_Log_Data/
ns1:Transaction_Log_Type_Reference[ns1:ID[@ns1:type=&apos;Business_Process_Type&apo
s;]=&apos;Hire Employee&apos;]/ns1:ID[@ns1:type=&apos;Business_Process_Type&apos;]
| ns1:Worker_Data/ns1:Transaction_Log_Entry_Data/ns1:Transaction_Log_Entry/
ns1:Transaction_Log_Data/
ns1:Transaction_Log_Type_Reference[ns1:ID[@ns1:type=&apos;Business_Process_Type&apo
s;]=&apos;Terminate
Employee&apos;]/ns1:ID[@ns1:type=&apos;Business_Process_Type&apos;] |
ns1:Worker_Data/ns1:Transaction_Log_Entry_Data/ns1:Transaction_Log_Entry/
ns1:Transaction_Log_Data/
ns1:Transaction_Log_Type_Reference[ns1:ID[@ns1:type=&apos;Business_Process_Type&apo
s;]=&apos;Onboarding&apos;]/ns1:ID[@ns1:type=&apos;Business_Process_Type&apos;] |
ns1:Worker_Data/ns1:Transaction_Log_Entry_Data/ns1:Transaction_Log_Entry/
ns1:Transaction_Log_Data/
ns1:Transaction_Log_Type_Reference[ns1:ID[@ns1:type=&apos;Business_Process_Type&apo
s;]=&apos;End Contingent Worker
Contract&apos;]/ns1:ID[@ns1:type=&apos;Business_Process_Type&apos;]"/>
<entry key="FUTURE_DATE"
value="ns1:Worker_Data/ns1:Transaction_Log_Entry_Data/ns1:Transaction_Log_Entry/
ns1:Transaction_Log_Data[ns1:Transaction_Log_Type_Reference[ns1:ID[@ns1:type=&apos;
Business_Process_Type&apos;]=&apos;Hire
Employee&apos;]]/ns1:Transaction_Effective_Moment
|ns1:Worker_Data/ns1:Transaction_Log_Entry_Data/ns1:Transaction_Log_Entry/
ns1:Transaction_Log_Data[ns1:Transaction_Log_Type_Reference[ns1:ID[@ns1:type=&apos;
Business_Process_Type&apos;]=&apos;Terminate
Employee&apos;]]/ns1:Transaction_Effective_Moment
|ns1:Worker_Data/ns1:Transaction_Log_Entry_Data/ns1:Transaction_Log_Entry/
ns1:Transaction_Log_Data[ns1:Transaction_Log_Type_Reference[ns1:ID[@ns1:type=&apos;
Business_Process_Type&apos;]=&apos;Onboarding&apos;]]/
ns1:Transaction_Effective_Moment
|ns1:Worker_Data/ns1:Transaction_Log_Entry_Data/ns1:Transaction_Log_Entry/
ns1:Transaction_Log_Data[ns1:Transaction_Log_Type_Reference[ns1:ID[@ns1:type=&apos;
Business_Process_Type&apos;]=&apos;End Contingent Worker
Contract&apos;]]/ns1:Transaction_Effective_Moment"/>
<entry key="HIREDATE"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Status_Data/ns1:Hire_Date"/>
<entry key="JOBCODE"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Job_Profile_Summary_Data/ns1:Job_Profile_Reference/
ns1:ID[@ns1:type=&apos;Job_Profile_ID&apos;] |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Job_Profile_Summary_Data/
ns1:Job_Profile_Reference/ns1:ID[@ns1:type=&apos;Job_Profile_ID&apos;]"/>
<entry key="JOBTITLE"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Business_Title |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Business_Title"/>
<entry key="LAST_DAY_OF_WORK"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Status_Data/
ns1:Termination_Last_Day_of_Work"/>
<entry key="LAST_NAME"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Name_Data/ns1:Legal_Name_Data/
ns1:Name_Detail_Data/ns1:Last_Name"/>
<entry key="LEGAL_MIDDLE_NAME"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Name_Data/ns1:Legal_Name_Data/
ns1:Name_Detail_Data/ns1:Middle_Name"/>
<entry key="LOCATION"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Business_Site_Summary_Data/ns1:Name |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Business_Site_Summary_Dat
a/ns1:Name"/>
<entry key="MANAGER_ID"
value="ns1:Worker_Data/ns1:Management_Chain_Data/ns1:Worker_Supervisory_Management_
Chain_Data/ns1:Management_Chain_Data[last()]/ns1:Manager_Reference/
ns1:ID[@ns1:type=&apos;Employee_ID&apos;] |
ns1:Worker_Data/ns1:Management_Chain_Data/ns1:Worker_Supervisory_Management_Chain_D
ata/ns1:Management_Chain_Data[last()]/ns1:Manager_Reference/
ns1:ID[@ns1:type=&apos;Contingent_Worker_ID&apos;]"/>
<entry key="MIDDLE_NAME"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Name_Data/ns1:Legal_Name_Data/
ns1:Name_Detail_Data/ns1:Middle_Name"/>
<entry key="ON_LEAVE"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Status_Data/
ns1:Leave_Status_Data/ns1:On_Leave |
ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Status_Data/ns1:Leave_Status_Date[1]
/@ns1:On_Leave"/>
<entry key="ORGANIZATION_NAME"
value="ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference[@ns1:Descriptor
=&apos;Business Unit&apos;]]/ns1:Organization_Name"/>
<entry key="POSITION"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Position_Title |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Position_Title"/>
<entry key="POSTAL_CODE"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Contact_Data/ns1:Address_Data[ns1:Usag
e_Data/ns1:Type_Data/ns1:Type_Reference/
ns1:ID[@ns1:type=&apos;Communication_Usage_Type_ID&apos;]
=&apos;WORK&apos;]/ns1:Postal_Code"/>
<entry key="STATE"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Job_Data/ns1:Position_Data/
ns1:Business_Site_Summary_Data/ns1:Address_Data/ns1:Country_Region_Reference/
ns1:ID[@ns1:type=&apos;Country_Region_ID&apos;] |
ns1:Worker_Data/ns1:Employment_Data/ns1:Position_Data/ns1:Business_Site_Summary_Dat
a/ns1:Address_Data/ns1:Country_Region_Reference/
ns1:ID[@ns1:type=&apos;Country_Region_ID&apos;]"/>
<entry key="TEAM"
value="ns1:Worker_Data/ns1:Organization_Data/ns1:Worker_Organization_Data/
ns1:Organization_Data[ns1:Organization_Type_Reference[@ns1:Descriptor=&apos;TEAM&ap
os;]]/ns1:Organization_Name"/>
<entry key="TERMINATION_DATE"
value="ns1:Worker_Data/ns1:Employment_Data/ns1:Worker_Status_Data/
ns1:Termination_Date"/>
<entry key="USERID" value="ns1:Worker_Data/ns1:User_ID"/>
<entry key="WORKER_DESCRIPTOR" value="ns1:Worker_Descriptor
| ns1:Worker_Reference/@ns1:Descriptor"/>
<entry key="WORKER_NAME"
value="ns1:Worker_Data/ns1:Personal_Data/ns1:Name_Data/ns1:Preferred_Name_Data/
ns1:Name_Detail_Data/@ns1:Formatted_Name"/>
</Map>
</value>
</entry>
<entry key="aggregationThreadSize" value="4"/>
<entry key="connectorClass"
value="openconnector.connector.WorkDay"/>
<entry key="disableMultipleWorkerRecords" value="true"/>
 <entry key="encrypted"
value="refreshToken,clientSecret,provisioningPassword"/>
<entry key="formPath" value="WorkdayForm.xhtml"/>
<entry key="primary_Home_Phone_Type" value="telephone"/>
<entry key="primary_Work_Phone_Type" value="telephone"/>
<entry key="useChangeContactInfoAPI">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="version" value="32.1"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="WORKER_NAME"
identityAttribute="FILENUMBER" nativeObjectType="account" objectType="account">
<AttributeDefinition name="USERID"
remediationModificationType="None" required="true" type="string">
<Description>Worker ID</Description>
</AttributeDefinition>
<AttributeDefinition name="FILENUMBER"
remediationModificationType="None" required="true" type="string">
<Description>Employee ID</Description>
</AttributeDefinition>
<AttributeDefinition name="MANAGER_ID"
remediationModificationType="None" required="true" type="string">
<Description>Manager ID</Description>
</AttributeDefinition>
<AttributeDefinition name="EMAIL_ADDRESS_HOME"
remediationModificationType="None" required="true" type="string">
<Description>Home email address of the worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDITIONAL_EMAIL_ADDRESS_HOME"
remediationModificationType="None" required="true" type="string">
<Description>Additional home email address of the
worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="EMAIL_ADDRESS_WORK"
remediationModificationType="None" required="true" type="string">
<Description>Work email address of the worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDITIONAL_EMAIL_ADDRESS_WORK"
remediationModificationType="None" required="true" type="string">
<Description>Additional work email address of the
worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDRESS_HOME"
remediationModificationType="None" required="true" type="string">
<Description>Home address of the worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDRESS_WORK"
remediationModificationType="None" required="true" type="string">
<Description>Work address of the worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="FIRST_NAME"
remediationModificationType="None" required="true" type="string">
<Description>First name</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_NAME"
remediationModificationType="None" required="true" type="string">
<Description>Last name</Description>
</AttributeDefinition>
<AttributeDefinition name="CLASS"
remediationModificationType="None" required="true" type="string">
<Description>Combination of Position, Time Type and Employment
Type</Description>
</AttributeDefinition>
<AttributeDefinition name="DEPARTMENT"
remediationModificationType="None" required="true" type="string">
<Description>Cost center</Description>
</AttributeDefinition>
<AttributeDefinition name="JOBCODE"
remediationModificationType="None" required="true" type="string">
<Description>Job profile</Description>
</AttributeDefinition>
<AttributeDefinition name="JOBTITLE"
remediationModificationType="None" required="true" type="string">
<Description>Business title</Description>
</AttributeDefinition>
<AttributeDefinition name="LOCATION"
remediationModificationType="None" required="true" type="string">
<Description>Work Location of the worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="COST_CENTER_HIERARCHY"
remediationModificationType="None" required="true" type="string">
<Description>Cost center hierarchy of the worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="HIREDATE"
remediationModificationType="None" required="true" type="string">
<Description>Hire date</Description>
</AttributeDefinition>
<AttributeDefinition name="FULLPARTTIME"
remediationModificationType="None" required="true" type="string">
<Description>Type of employment full time or part
time.</Description>
</AttributeDefinition>
<AttributeDefinition name="TERMINATION_DATE"
remediationModificationType="None" required="true" type="string">
<Description>Termination date</Description>
</AttributeDefinition>
<AttributeDefinition name="TEAM"
remediationModificationType="None" required="true" type="string">
<Description>Team in the organization data of the
worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="DIVISION"
remediationModificationType="None" required="true" type="string">
<Description>Sales channel in the organization data of
worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="POSTAL_CODE"
remediationModificationType="None" required="true" type="string">
<Description>Postal Code</Description>
</AttributeDefinition>
<AttributeDefinition name="COUNTRY"
remediationModificationType="None" required="true" type="string">
<Description>Business site's country of a worker.</Description>
</AttributeDefinition>
 <AttributeDefinition name="CITY"
remediationModificationType="None" required="true" type="string">
<Description>Business site's city of a worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="ON_LEAVE"
remediationModificationType="None" required="true" type="string">
<Description>Leave status of the worker whether on
leave</Description>
</AttributeDefinition>
<AttributeDefinition name="LEGAL_MIDDLE_NAME"
remediationModificationType="None" required="true" type="string">
<Description>Legal Middle Name</Description>
</AttributeDefinition>
<AttributeDefinition name="MIDDLE_NAME"
remediationModificationType="None" required="true" type="string">
<Description>Middle Name</Description>
</AttributeDefinition>
<AttributeDefinition name="WORKER_NAME"
remediationModificationType="None" required="true" type="string">
<Description>Worker Name</Description>
</AttributeDefinition>
<AttributeDefinition name="POSITION"
remediationModificationType="None" required="true" type="string">
<Description>Position of the Worker</Description>
</AttributeDefinition>
<AttributeDefinition name="EMPLOYEE_TYPE"
remediationModificationType="None" required="true" type="string">
<Description>Employee Type</Description>
</AttributeDefinition>
<AttributeDefinition name="CONTRACT_END_DATE"
remediationModificationType="None" required="true" type="string">
<Description>Contract end date of worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="ORGANIZATION_NAME"
remediationModificationType="None" required="true" type="string">
<Description>Business Unit Name.</Description>
</AttributeDefinition>
<AttributeDefinition name="COMPANY_NAME"
remediationModificationType="None" required="true" type="string">
<Description>The company under which worker
belongs.</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_DAY_OF_WORK"
remediationModificationType="None" required="true" type="string">
<Description>Last working day of a worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="COST_CENTER_REFERENCE_ID"
remediationModificationType="None" required="true" type="string">
<Description>Reference ID of organization type COST
CENTER.</Description>
</AttributeDefinition>
<AttributeDefinition name="ADDRESS_LINE_1"
remediationModificationType="None" required="true" type="string">
<Description>Business site's Address_line_1 of
worker.</Description>
</AttributeDefinition>
<AttributeDefinition name="STATE"
remediationModificationType="None" required="true" type="string">
<Description>Business site's state.</Description>
 </AttributeDefinition>
<AttributeDefinition name="COST_CENTER"
remediationModificationType="None" required="true" type="string">
<Description>Represent the organization name whose type is
COST_CENTER</Description>
</AttributeDefinition>
<AttributeDefinition name="FUTURE_DATE"
remediationModificationType="None" required="true" type="string">
<Description>Represent date of hiring/termination/onboarding
incase its in future </Description>
</AttributeDefinition>
<AttributeDefinition name="FUTURE_ACTION"
remediationModificationType="None" required="true" type="string">
<Description>Represent action for worker who will be getting
hire/terminate/onboard in future. e.g Hire Employee</Description>
</AttributeDefinition>
<AttributeDefinition name="HOME_TELEPHONE"
remediationModificationType="None" required="true" type="string">
<Description>Represent home phone of the worker with device
type telephone</Description>
</AttributeDefinition>
<AttributeDefinition name="HOME_MOBILE"
remediationModificationType="None" required="true" type="string">
<Description>Represent home phone of the worker with device
type mobile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORK_MOBILE"
remediationModificationType="None" required="true" type="string">
<Description>Represent work phone of the worker with device
type mobile</Description>
</AttributeDefinition>
<AttributeDefinition name="WORK_TELEPHONE"
remediationModificationType="None" required="true" type="string">
<Description>Represent work phone of the worker with device
type telephone</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.sm.SMConnector"
featuresString="PROVISIONING, SYNC_PROVISIONING, SEARCH, UNSTRUCTURED_TARGETS,
UNLOCK, ENABLE, PASSWORD" icon="mainframeIcon" name="TopSecret Full Template"
type="TopSecret - Full">
<Attributes>
<Map>
<entry key="IBMcharacterSet" value="IBM1047"/>
<entry key="MscsType" value="TSS"/>
<entry key="fieldDelimiter" value="#"/>
<entry key="formPath"
value="SMWithoutContainerAttributesForm.xhtml"/>
<entry key="listDelimiter" value=";"/>
<entry key="splAccountAttributes">
<value>
<Map>
<entry key="RU_LOCKED" value="false"/>
<entry key="RU_SUSPENDED" value="false"/>
</Map>
</value>
</entry>
 <entry key="splAceAttributes">
<value>
<Map>
<entry key="ACCESS" value="true"/>
<entry key="ACTION" value="true"/>
<entry key="APPLDATA" value="false"/>
<entry key="DAYS" value="true"/>
<entry key="EXPIRES" value="false"/>
<entry key="FACILITY" value="true"/>
<entry key="LIBRARY" value="false"/>
<entry key="PRIVPGM" value="true"/>
<entry key="SCRIPTNAME" value="false"/>
<entry key="SCRIPTPARM" value="false"/>
<entry key="TIMES" value="false"/>
</Map>
</value>
</entry>
<entry key="splResourceAttributes">
<value>
<Map>
<entry key="RES_HAS_OWNER" value="false"/>
<entry key="RES_OWNER" value="false"/>
</Map>
</value>
</entry>
<entry key="splTargetPermissionsInterestingKwds">
<value>
<Map>
<entry key="ACCESS" value="true"/>
<entry key="ACTION" value="true"/>
<entry key="APPLDATA" value="false"/>
<entry key="DAYS" value="true"/>
<entry key="EXPIRES" value="false"/>
<entry key="FACILITY" value="true"/>
<entry key="LIBRARY" value="false"/>
<entry key="PRIVPGM" value="true"/>
<entry key="SCRIPTNAME" value="false"/>
<entry key="SCRIPTPARM" value="false"/>
<entry key="TIMES" value="false"/>
</Map>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningConfig>
<PlanInitializerScript>
<Source>
import java.util.*;
import
sailpoint.object.ProvisioningPlan.ObjectOperation;
import sailpoint.object.ProvisioningPlan.ObjectRequest;
import
sailpoint.object.ProvisioningPlan.AttributeRequest;
import
sailpoint.object.ProvisioningPlan.AccountRequest;
import
sailpoint.object.ProvisioningPlan.GenericRequest;
import sailpoint.api.*;
import sailpoint.object.*;
 import sailpoint.tools.*;

List accountRequests = plan.getAccountRequests();

if (accountRequests != null) {
for (AccountRequest acctReq : accountRequests){
AccountRequest.Operation op =
acctReq.getOperation();
if (op == AccountRequest.Operation.Create){
String userId = acctReq.getNativeIdentity();
if (userId != null){

acctReq.setNativeIdentity(userId.toUpperCase());
}
AttributeRequest USER_OE_PR =
acctReq.getAttributeRequest("USER_OE_PR");
if (USER_OE_PR != null){
String strUSER_OE_PR =
USER_OE_PR.getValue();

USER_OE_PR.setValue(strUSER_OE_PR.toUpperCase());
}
}
if(context != null)
{
IdentityService identityService = new
IdentityService(context);
application =
context.getObject(Application.class, acctReq.getApplicationName());
if(application != null)
{
String shouldUseMSAdminDefined = (String)
application.getAttributeValue("useMSAdminDefined");
String msAdmin=null;

if(Util.isNotNullOrEmpty(shouldUseMSAdminDefined))
{
if(shouldUseMSAdminDefined.equals("Y"))
{
List idnList = plan.getRequesters();
if(idnList!=null)
{
if(!idnList.isEmpty())
{
Identity idn=(Identity)
idnList.get(0);
List lnkList =
identityService.getLinks(idn, application);
if(lnkList!=null)
{
if(!lnkList.isEmpty())
{
Link lnk = (Link) lnkList.get(0);
//System.out.println("Adding
msAdmin in provisioning plan.");
acctReq.addArgument("msAdmin",
lnk.getDisplayableName());
}
}
else
 System.out.println("Requester does
not have a link from application " + application.getName());
}
}
else
System.out.println("No requester
found.");
}
}
//else

//System.out.println("shouldUseMSAdminDefined is not set to Y");

}
}
}
}
List groups = plan.getObjectRequests();
if (groups != null) {
for (ObjectRequest req : groups){
ObjectOperation op = req.getOp();
if (op == ObjectOperation.Create){
String groupId = req.getNativeIdentity();
if (groupId != null){

req.setNativeIdentity(groupId.toUpperCase());
}
}
if(context != null) {
application =
context.getObject(Application.class, req.getApplicationName());
}
List attrRequests = req.getAttributeRequests();
if(attrRequests != null) {
if(application != null) {
Schema grpSchema =
application.getSchema("group");
if(grpSchema != null) {
if(grpSchema.getAttributeNames() !=
null) {
for (AttributeRequest attrreq :
attrRequests) {

if(grpSchema.getAttributeNames().contains(attrreq.getName())) {
if(attrreq.getValue()
instanceof java.lang.String) {

attrreq.setValue(attrreq.getValue().toUpperCase());
}
}
}
}
}
}
}
if(context != null)
{
IdentityService identityService = new
IdentityService(context);
if(application != null)
 {
String shouldUseMSAdminDefined = (String)
application.getAttributeValue("useMSAdminDefined");
String msAdmin=null;

if(Util.isNotNullOrEmpty(shouldUseMSAdminDefined))
{
if(shouldUseMSAdminDefined.equals("Y"))
{
List idnList = plan.getRequesters();
if(idnList!=null)
{
if(!idnList.isEmpty())
{
Identity idn=(Identity)
idnList.get(0);
List lnkList =
identityService.getLinks(idn, application);
if(lnkList!=null)
{
if(!lnkList.isEmpty())
{
Link lnk = (Link)
lnkList.get(0);
//System.out.println("Adding
msAdmin in provisioning plan.");
req.addArgument("msAdmin",
lnk.getDisplayableName());
}
}
else
System.out.println("Requester
does not have a link from application " + application.getName());
}
}
else
System.out.println("No requester
found.");
}
}
//else

//System.out.println("shouldUseMSAdminDefined is not set to Y");

}
}
}
}
</Source>
</PlanInitializerScript>
</ProvisioningConfig>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="User ID" name="USER_ID" required="true"
type="string"/>
<Field displayName="Password" name="password" required="true"
type="secret"/>
<Field displayName="Container" name="USER_OE_PR" required="true"
type="string"/>
<Field displayName="User Type" name="USER_TYPE" required="true"
type="string">
<AllowedValues>
<String>USER</String>
<String>DCA</String>
<String>LSCA</String>
<String>MSCA</String>
<String>SCA</String>
<String>VCA</String>
<String>ZSA</String>
</AllowedValues>
</Field>
</Form>
<Form name="CreateGroup" objectType="group" type="Create">
<Field displayName="GROUP_ID" name="GROUP_ID" required="true"
section="" type="string"/>
<Field displayName="GROUP_OE_PR" name="GROUP_OE_PR"
required="true" section="" type="string"/>
<Field displayName="NAME" name="NAME" required="true" section=""
type="string"/>
<Field displayName="UG_TYPE" name="UG_TYPE" required="true"
section="" type="string">
<AllowedValues>
<String>PROFILE</String>
<String>GROUP</String>
</AllowedValues>
</Field>
</Form>
<Form name="updategroup" objectType="group" type="Update">
<Field name="INSTDATA" section="" type="string"/>
<Field displayName="GROUP_ID" name="GROUP_ID" required="true"
section="" type="string"/>
<Field name="GROUP_OE_PR" required="true" section=""
type="string"/>
<Field displayName="NAME" name="NAME" required="true" section=""
type="string"/>
<Field displayName="UG_TYPE" name="UG_TYPE" readOnly="true"
section="" type="string">
<AllowedValues>
<String>PROFILE</String>
<String>GROUP</String>
</AllowedValues>
</Field>
<Field displayName="NOADSP" name="NOADSP" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NOATS" name="NOATS" reviewRequired="true"
section="" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NODSNCHK" name="NODSNCHK"
reviewRequired="true" section="" type="string">
<AllowedValues>
 <String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NOLCFCHK" name="NOLCFCHK" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NOPWCHG" name="NOPWCHG" reviewRequired="true"
section="" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NORESCHK" name="NORESCHK"
reviewRequired="true" section="" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NOSUBCHK" name="NOSUBCHK" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NOVMDCHK" name="NOVMDCHK" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NOVOLCHK" name="NOVOLCHK" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NOLANGUAGE" name="NOLANGUAGE" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="LANGUAGE" name="LANGUAGE"
reviewRequired="true" section="" type="string"/>
<Field displayName="NOCICS" name="NOCICS" section=""
type="string">
<AllowedValues>
<String>Y</String>
 <String>N</String>
</AllowedValues>
</Field>
<Field displayName="OPPRTY" name="OPPRTY" section=""
type="string">
<AllowedValues>
<String>0</String>
<String>1</String>
<String>2</String>
</AllowedValues>
</Field>
<Field displayName="GAP" name="GAP" reviewRequired="true"
section="" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="AUDIT" name="AUDIT" section="" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="NOSUSPEND" name="NOSUSPEND" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="DUFUPD" name="DUFUPD" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="DUFXTR" name="DUFXTR" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="TRACE" name="TRACE" section="" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="OIDCARD" name="OIDCARD" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="INFO.CREATED_DATE" name="INFO.CREATED_DATE"
readOnly="true" section="" type="string"/>
<Field displayName="INFO.LAST_MOD" name="INFO.LAST_MOD"
readOnly="true" section="" type="string"/>
<Field displayName="INSTDATA" name="INSTDATA" section=""
type="string"/>
<Field displayName="NOOMVS" name="NOOMVS" section=""
type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="GID" name="GID" section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="USER_ID" identityAttribute="USER_ID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="USER_ID" required="true"
type="string">
<Description>Unique ID of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="USER_OE_PR" required="true"
type="string">
<Description>Parent container of ACID</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>List of groups or profile this user belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="SCTYKEY" required="true"
type="string">
<Description>CICS security keys an ACID may use.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPCLASS" required="true"
type="string">
<Description>CICS operator classes</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_USED_COUNT" required="true"
type="string">
<Description>Number of times the ACID has been used (logon
times since user was defined)</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_USED_CPU" required="true"
type="string">
<Description>CPU ID where last logon was done</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_USED_DATE" required="true"
type="string">
<Description>Date when last logon was done by
user.</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_USED_FAC" required="true"
type="string">
<Description>Facility name used for last logon</Description>
</AttributeDefinition>
<AttributeDefinition name="LAST_USED_TIME" required="true"
type="string">
 <Description>Time when last logon was done by
user</Description>
</AttributeDefinition>
<AttributeDefinition name="USER_TYPE" required="true"
type="string">
<Description>ACID type
(MSCA,LSCA,SCA,ZCA,VCA,MCA,USER)</Description>
</AttributeDefinition>
<AttributeDefinition name="NAME" required="true" type="string">
<Description>Name of ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="EXPIRES" required="true"
type="string">
<Description>Expiration date of ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="RESUMES" required="true"
type="string">
<Description>Date when suspension ends</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.SUSPEND_TYPE" required="true"
type="string">
<Description>Suspend type (ASUSPEND, PSUSPEND, VSUSPEND,
XSUSPEND)</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.ACID_SIZE" required="true"
type="string">
<Description>ACID size</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.CREATED_DATE" required="true"
type="string">
<Description>Date ACID was created</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.LAST_MOD" required="true"
type="string">
<Description>Last date and time when ACID was
updated</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.PHRASE_EXP_DATE" required="true"
type="string">
<Description>Expiration date of password phrase</Description>
</AttributeDefinition>
<AttributeDefinition name="PHRASE_INTERVAL" required="true"
type="string">
<Description>Number of days during which password phrase
remains valid</Description>
</AttributeDefinition>
<AttributeDefinition name="MASTFAC" required="true"
type="string">
<Description>Multi-user facility name</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="FACILITY_51"
required="true" type="string">
<Description>Facilities of ACID</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="USER" required="true"
type="string">
<Description>User defined classes and resources</Description>
</AttributeDefinition>
<AttributeDefinition name="INTERVAL" required="true"
type="string">
<Description>Number of days during which password remains
valid</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.PASSWORD_EXP_DATE"
required="true" type="string">
<Description>Expiration date of password</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="DEFNODES" required="true"
type="string">
<Description>list of default routing nodes for an individual
ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="INSTDATA" required="true"
type="string">
<Description>Installation data of ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="CONSOLE" required="true"
type="string">
<Description>Ability to modify control options by
ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="NOSUSPEND" required="true"
type="string">
<Description>ACID is allowed to bypass suspension due to
violations (VTHRESH and PTHRESH)</Description>
</AttributeDefinition>
<AttributeDefinition name="NOADSP" required="true" type="string">
<Description>Prevent data sets, created by an ACID, from being
automatically secured</Description>
</AttributeDefinition>
<AttributeDefinition name="NOATS" required="true" type="string">
<Description>Automatic Terminal Signons which are made for this
ACID will fail.</Description>
</AttributeDefinition>
<AttributeDefinition name="NODSNCHK" required="true"
type="string">
<Description>CA Top Secret bypasses all data set access
security checks for this ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="NOLCFCHK" required="true"
type="string">
<Description>Allow ACID to execute any command or transaction
for all facilities, regardless of LCF (Limited Command Facility)
restrictions</Description>
</AttributeDefinition>
<AttributeDefinition name="NOPWCHG" required="true"
type="string">
<Description>Prevent ACID from changing passwords at signon or
initiation</Description>
</AttributeDefinition>
<AttributeDefinition name="NORESCHK" required="true"
type="string">
<Description>Allow ACID to bypass security checking for all
owned resources except data sets and volumes</Description>
</AttributeDefinition>
<AttributeDefinition name="NOSUBCHK" required="true"
type="string">
<Description>Allow ACID to bypass alternate ACID usage as well
as all job submission security checking</Description>
</AttributeDefinition>
<AttributeDefinition name="NOVOLCHK" required="true"
type="string">
<Description>Allow ACID to bypass volume level security
checking</Description>
</AttributeDefinition>
<AttributeDefinition name="DUFUPD" required="true" type="string">
<Description>Enables ACID to use the CA Top Secret Application
Interface to update the installation data (INSTDATA) or field data from a Security
Record. DUFUPD is a component of the CA Top Secret Dynamic Update Facility
(DUF)</Description>
</AttributeDefinition>
<AttributeDefinition name="DUFXTR" required="true" type="string">
<Description>Enables ACID to use a RACROUTE REQUEST=AUTH
(RACHECK) macro or the CA Top Secret Application Interface to extract installation
data (INSTDATA) or field data from a Security File. DUFXTR is a component of the CA
Top Secret Dynamic Update Facility (DUF)</Description>
</AttributeDefinition>
<AttributeDefinition name="MULTIPW" required="true"
type="string">
<Description>ACID has multiple password attributes, which means
ACID needs a different password to access each facility</Description>
</AttributeDefinition>
<AttributeDefinition name="TRACE" required="true" type="string">
<Description>Diagnostic trace is set on all ACID activity
(initiations, resource access, violations, security mode).</Description>
</AttributeDefinition>
<AttributeDefinition name="OIDCARD" required="true"
type="string">
<Description>Prompt ACID to insert identification cards into a
batch reader whenever signing on to TSO</Description>
</AttributeDefinition>
<AttributeDefinition name="PHYSKEY" required="true"
type="string">
<Description>Physical security key to support external
authentication devices.</Description>
</AttributeDefinition>
<AttributeDefinition name="TZONE" required="true" type="string">
<Description>Physical time zone in relation to CPU time
zone</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="SOURCE" required="true"
type="string">
<Description>Source reader or terminal prefixes through which
the associated ACID may enter the system.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="LTIME" required="true"
type="string">
<Description>How long (in minutes) until terminal of ACID locks
if CA Top Secret does not detect activity at that terminal</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="COMMAND" required="true"
type="string">
<Description>Using a specific command or subset of commands
available within a facility</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="XCOMMAND" required="true"
type="string">
 <Description>Prevent ACIDs from using a specified command or
subset of commands available within that facility</Description>
</AttributeDefinition>
<AttributeDefinition name="OPIDENT" required="true"
type="string">
<Description>CICS operator identification value equal to the
ACID OPIDENT entry in the CICS SNT (Signon Table)</Description>
</AttributeDefinition>
<AttributeDefinition name="OPPRTY" required="true" type="string">
<Description>CICS operator priority of associated
ACID</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="SITRAN" required="true"
type="string">
<Description>CICS transaction CA Top Secret automatically
executes after an ACID successfully signs on to a facility</Description>
</AttributeDefinition>
<AttributeDefinition name="SMSAPPL" required="true"
type="string">
<Description>Default SMS application identifier -
DFP</Description>
</AttributeDefinition>
<AttributeDefinition name="SMSDATA" required="true"
type="string">
<Description>Default SMS data class - DFP</Description>
</AttributeDefinition>
<AttributeDefinition name="SMSMGMT" required="true"
type="string">
<Description>default SMS management class - DFP</Description>
</AttributeDefinition>
<AttributeDefinition name="SMSSTOR" required="true"
type="string">
<Description>Default SMS storage class</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOCOMMAND" required="true"
type="string">
<Description>Default command issued at TSO logon</Description>
</AttributeDefinition>
<AttributeDefinition name="TSODEFPRFG" required="true"
type="string">
<Description>Default TSO performance group</Description>
</AttributeDefinition>
<AttributeDefinition name="TSODEST" required="true"
type="string">
<Description>Default destination identifier for TSO generated
JCL for TSO users.</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOHCLASS" required="true"
type="string">
<Description>Default hold class for TSO-generated JCL for TSO
users</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOJCLASS" required="true"
type="string">
<Description>Job class for TSO generated job cards from TSO
users.</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOLACCT" required="true"
type="string">
 <Description>TSO Default account number</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOLPROC" required="true"
type="string">
<Description>Default procedure used for TSO logon</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOLSIZE" required="true"
type="string">
<Description>Default region size (in kilobytes) for
TSO</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOMCLASS" required="true"
type="string">
<Description>Default message class for TSO generated JCL for
TSO users</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOMPW" required="true" type="string">
<Description>Support multiple TSO UADS passwords, on a user-by-
user basis</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOMSIZE" required="true"
type="string">
<Description>Maximum region size (in kilobytes) that a TSO user
may specify at logon</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="TSOOPT" required="true"
type="string">
<Description>default options that a TSO user may specify at
logon</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOSCLASS" required="true"
type="string">
<Description>Default SYSOUT class for TSO generated JCL for TSO
users</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOUDATA" required="true"
type="string">
<Description>Site-defined data field to a TSO
user</Description>
</AttributeDefinition>
<AttributeDefinition name="TSOUNIT" required="true"
type="string">
<Description>Default unit name for dynamic allocations under
TSO</Description>
</AttributeDefinition>
<AttributeDefinition name="UID" required="true" type="string">
<Description>Numeric UID value for security within
USS</Description>
</AttributeDefinition>
<AttributeDefinition name="DFLTGRP" required="true"
type="string">
<Description>Default group to an ACID operating under
OpenEdition MVS</Description>
</AttributeDefinition>
<AttributeDefinition name="HOME" required="true" type="string">
<Description>Subdirectory of ACID under OMVS</Description>
</AttributeDefinition>
<AttributeDefinition name="OMVSPGM" required="true"
type="string">
 <Description>OMVS program of ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="MCSALTG" required="true"
type="string">
<Description>Alternate group used in recovery</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="MCSAUTH" required="true"
type="string">
<Description>Authorize the operator commands that can be
entered from the console</Description>
</AttributeDefinition>
<AttributeDefinition name="MCSCMDS" required="true"
type="string">
<Description>System to which commands issued from this console
are sent</Description>
</AttributeDefinition>
<AttributeDefinition name="MCSDOM" required="true" type="string">
<Description>Delete operator messages (DOM) this console is to
receive</Description>
</AttributeDefinition>
<AttributeDefinition name=" MCSKEY" required="true"
type="string">
<Description>KEY keyword of this console</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="MCSLEVL" required="true"
type="string">
<Description>Messages received by this console</Description>
</AttributeDefinition>
<AttributeDefinition name="MCSLOGC" required="true"
type="string">
<Description>Whether command responses are logged in the hard
copy log</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="MCSMFRM" required="true"
type="string">
<Description>Display format of console messages</Description>
</AttributeDefinition>
<AttributeDefinition name="MCSMGID" required="true"
type="string">
<Description>Whether a one-byte migration ID is assigned to
this console</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="MCSMON" required="true"
type="string">
<Description>How selected system events are
monitored</Description>
</AttributeDefinition>
<AttributeDefinition name="MCSROUT" required="true"
type="string">
<Description>Routing codes assigned to the
consoleDescription</Description>
</AttributeDefinition>
<AttributeDefinition name="MCSSTOR" required="true"
type="string">
<Description>Amount of storage, in megabytes, used for message
queuing</Description>
</AttributeDefinition>
<AttributeDefinition name="MCSUD" required="true" type="string">
<Description>Whether this console is to receive undelivered
action messages and WTOR messages</Description>
</AttributeDefinition>
<AttributeDefinition name="WAACCNT" required="true"
type="string">
<Description>Account number for zOS APPC
processing</Description>
</AttributeDefinition>
<AttributeDefinition name="WABLDG" required="true" type="string">
<Description>Building SYSOUT information is delivered
to</Description>
</AttributeDefinition>
<AttributeDefinition name="WADEPT" required="true" type="string">
<Description>Department SYSOUT information is delivered
to</Description>
</AttributeDefinition>
<AttributeDefinition name="WAADDR1" required="true"
type="string">
<Description>Additional lines of SYSOUT delivery
information</Description>
</AttributeDefinition>
<AttributeDefinition name="WAADDR2" required="true"
type="string">
<Description>Additional lines of SYSOUT delivery
information</Description>
</AttributeDefinition>
<AttributeDefinition name="WAADDR3" required="true"
type="string">
<Description>Additional lines of SYSOUT delivery
information</Description>
</AttributeDefinition>
<AttributeDefinition name="WAADDR4" required="true"
type="string">
<Description>Additional lines of SYSOUT delivery
information</Description>
</AttributeDefinition>
<AttributeDefinition name="WANAME" required="true" type="string">
<Description>Who SYSOUT information is delivered
to</Description>
</AttributeDefinition>
<AttributeDefinition name=" WAROOM" required="true"
type="string">
<Description>Room SYSOUT information is delivered
to</Description>
</AttributeDefinition>
<AttributeDefinition name="LANGUAGE" required="true"
type="string">
<Description>Language preference code which is passed to the
message processing Installation Exit</Description>
</AttributeDefinition>
<AttributeDefinition name="IMSMSC" required="true" type="string">
<Description>Level of security in effect for inbound
transactions in an IMS Multiple Systems Coupling (MSC) environment.</Description>
</AttributeDefinition>
<AttributeDefinition name="DCEFLAGS" required="true"
type="string">
<Description>DCE flags set for this ACID in the DCE registry
such as AUTOLOGIN</Description>
</AttributeDefinition>
<AttributeDefinition name="DCENAME" required="true"
type="string">
<Description>DCE principal name defined for this ACID in the
DCE registry</Description>
</AttributeDefinition>
<AttributeDefinition name="HOMECELL" required="true"
type="string">
<Description>Home cell for this DCE ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="HOMEUUID" required="true"
type="string">
<Description>DCE Home cell universal unique identifier of
ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="UUID" required="true" type="string">
<Description>DCE principal universal unique identifier of
ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="DCEKEY" required="true" type="string">
<Description>DCE password key of ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVCONS" required="true"
type="string">
<Description>NETVIEW console name</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVCTL" required="true"
type="string">
<Description>Whether a security check is performed for this
NetView operator when trying to use a span or trying to do a cross-domain logon
(GENERAL, GLOBAL, SPECIFIC)</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="NETVDMNS" required="true"
type="string">
<Description>Identifiers of NetView programs in another NetView
domain where this operator can start a cross-domain session </Description>
</AttributeDefinition>
<AttributeDefinition name="NETVIC" required="true" type="string">
<Description>Command or command list to be processed by NetView
for this operator when this operator logs on to NetView</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVMSGR" required="true"
type="string">
<Description>Whether this operator is to receive unsolicited
messages that are not routed to a specific NetView operator</Description>
</AttributeDefinition>
<AttributeDefinition name="NETVNGMF" required="true"
type="string">
<Description>Whether a NetView operator has administrator
authority to the NetView Graphic Monitor Facility (NGMF)</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="NETVOPCL" required="true"
type="string">
<Description>NetView scope classes for which the operator has
authority</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.ACID"
required="true" type="string">
<Description>Authority levels at which ACID can manage ACIDs
within scope</Description>
</AttributeDefinition>
 <AttributeDefinition multi="true" name="ADMIN.DATA"
required="true" type="string">
<Description>Authority to list Security File
information</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.MISC1"
required="true" type="string">
<Description>Authority to perform one or more administrative
functions (LCF, INSTDATA, USER, LTIME, SUSPEND, NOATS, RDT, TSSSIM,
ALL)</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.MISC2"
required="true" type="string">
<Description>Authority to perform one or more administrative
functions (ALL, SMS, TSO, NDT, DLF, APPCLU, WORKATTR, TARGET)</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.MISC3"
required="true" type="string">
<Description>Authority to perform one or more administrative
functions (ALL, SDT, PTOK)</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.MISC8"
required="true" type="string">
<Description>Authority to list the contents of the RDT, FDT or
STC or to use the ASUSPEND administrative function (LISTRDT, LISTSTC, LISTAPLU,
LISTSDT, MCS, NOMVSDF, PWMAINT, REMASUSP, ALL)</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.MISC9"
required="true" type="string">
<Description>Authority to perform one or more high-level
administrative functions (BYPASS, TRACE, CONSOLE, MASTFAC, MODE, STC, GLOBAL,
GENERIC, ALL)</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.RESOURCE"
required="true" type="string">
<Description>Authority to issue ADDTO, LIST, REMOVE, PERMIT,
REVOKE, and WHOHAS commands for a specific resource class defined in the RDT
applied to any ACID owned within its administrative scope</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.RESCLASS"
required="true" type="string">
<Description>A resource-class-name</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.FACILITY"
required="true" type="string">
<Description>Which facility or facilities an ACID may
access</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ADMIN.SCOPE"
required="true" type="string">
<Description>Limit the SCOPE of ACID authority based on these
values</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CONN_CHK" required="true"
type="string">
<Description>List of groups or profile this user belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition name="LINUXNAM" required="true"
type="string">
<Description>Linux user name of ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="LINUXNODE" required="true"
type="string">
<Description>Linux nodes in NDT node list of ACID
record</Description>
</AttributeDefinition>
<AttributeDefinition name="ZONE_NAME" required="true"
type="string">
<Description>Zone name</Description>
</AttributeDefinition>
<AttributeDefinition name="ZONE_ACID" required="true"
type="string">
<Description>Zone ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="DIV_NAME" required="true"
type="string">
<Description>Division name</Description>
</AttributeDefinition>
<AttributeDefinition name="DIV_ACID" required="true"
type="string">
<Description>Division ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="DEPT_NAME" required="true"
type="string">
<Description>Department name</Description>
</AttributeDefinition>
<AttributeDefinition name="DEPT_ACID" required="true"
type="string">
<Description>Department ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="ParentContainerName" required="true"
type="string">
<Description>Parent Container Name</Description>
</AttributeDefinition>
<AttributeDefinition name="ParentContainerType" required="true"
type="string">
<Description>Parent Container Type</Description>
</AttributeDefinition>
<AttributeDefinition name="ParentContainerACID" required="true"
type="string">
<Description>Parent Container ACID</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="GROUP_ID" featuresString="PROVISIONING"
identityAttribute="GROUP_ID" nativeObjectType="group" objectType="group">
<AttributeDefinition name="GROUP_ID" required="true"
type="string">
<Description>Unique ID of the group</Description>
</AttributeDefinition>
<AttributeDefinition name="GROUP_OE_PR" required="true"
type="string">
<Description>Parent container of ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="NAME" required="true" type="string">
<Description>ACID name</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.CREATED_DATE" required="true"
type="string">
<Description>Date ACID was created</Description>
</AttributeDefinition>
<AttributeDefinition name="INFO.LAST_MOD" required="true"
type="string">
<Description>Last date and time when ACID was
updated</Description>
</AttributeDefinition>
<AttributeDefinition name="UG_TYPE" required="true"
type="string">
<Description>ACID type
(MSCA,LSCA,SCA,ZCA,VCA,MCA,USER)</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="FACILITY_51"
required="true" type="string">
<Description>Facilities of ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="GAP" required="true" type="string">
<Description>Globally administered profile</Description>
</AttributeDefinition>
<AttributeDefinition name="AUDIT" required="true" type="string">
<Description>Allow an audit of ACID activity</Description>
</AttributeDefinition>
<AttributeDefinition name="NOSUSPEND" required="true"
type="string">
<Description>ACID is allowed to bypass suspension due to
violations (VTHRESH and PTHRESH)</Description>
</AttributeDefinition>
<AttributeDefinition name="NOADSP" required="true" type="string">
<Description>Prevent data sets, created by an ACID, from being
automatically secured</Description>
</AttributeDefinition>
<AttributeDefinition name="NOATS" required="true" type="string">
<Description>Automatic Terminal Signons which are made for this
ACID will fail</Description>
</AttributeDefinition>
<AttributeDefinition name="NODSNCHK" required="true"
type="string">
<Description>CA Top Secret bypasses all data set access
security checks for this ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="NOLCFCHK" required="true"
type="string">
<Description>Allow ACID to execute any command or transaction
for all facilities, regardless of LCF (Limited Command Facility)
restrictions</Description>
</AttributeDefinition>
<AttributeDefinition name="NOPWCHG" required="true"
type="string">
<Description>Prevent ACID from changing passwords at signon or
initiation</Description>
</AttributeDefinition>
<AttributeDefinition name="NORESCHK" required="true"
type="string">
<Description>Allow ACID to bypass security checking for all
owned resources except data sets and volumes</Description>
</AttributeDefinition>
<AttributeDefinition name="NOSUBCHK" required="true"
type="string">
 <Description>Allow ACID to bypass alternate ACID usage as well
as all job submission security checking</Description>
</AttributeDefinition>
<AttributeDefinition name="NOVOLCHK" required="true"
type="string">
<Description>Allow ACID to bypass volume level security
checking</Description>
</AttributeDefinition>
<AttributeDefinition name="DUFUPD" required="true" type="string">
<Description>Enables ACID to use the CA Top Secret Application
Interface to update the installation data (INSTDATA) or field data from a Security
Record. DUFUPD is a component of the CA Top Secret Dynamic Update Facility
(DUF)</Description>
</AttributeDefinition>
<AttributeDefinition name="DUFXTR" required="true" type="string">
<Description>Enables ACID to use a RACROUTE REQUEST=AUTH
(RACHECK) macro or the CA Top Secret Application Interface to extract installation
data (INSTDATA) or field data from a Security File. DUFXTR is a component of the CA
Top Secret Dynamic Update Facility (DUF)</Description>
</AttributeDefinition>
<AttributeDefinition name="TRACE" required="true" type="string">
<Description>Diagnostic trace is set on all ACID activity
(initiations, resource access, violations, security mode)</Description>
</AttributeDefinition>
<AttributeDefinition name="OIDCARD" required="true"
type="string">
<Description>Prompt ACID to insert identification cards into a
batch reader whenever signing on to TSO</Description>
</AttributeDefinition>
<AttributeDefinition name="TZONE" required="true" type="string">
<Description>Physical time zone in relation to CPU time
zone</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="LTIME" required="true"
type="string">
<Description>How long (in minutes) until terminal of ACID locks
if CA Top Secret does not detect activity at that terminal</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="COMMAND" required="true"
type="string">
<Description>Using a specific command or subset of commands
available within a facility</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="XCOMMAND" required="true"
type="string">
<Description>Prevent ACIDs from using a specified command or
subset of commands available within that facility</Description>
</AttributeDefinition>
<AttributeDefinition name="OPIDENT" required="true"
type="string">
<Description>CICS operator identification value equal to the
ACID OPIDENT entry in the CICS SNT (Signon Table)</Description>
</AttributeDefinition>
<AttributeDefinition name="OPPRTY" required="true" type="string">
<Description>CICS operator priority of associated
ACID</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="SITRAN" required="true"
type="string">
 <Description>CICS transaction CA Top Secret automatically
executes after an ACID successfully signs on to a facility</Description>
</AttributeDefinition>
<AttributeDefinition name="GID" required="true" type="string">
<Description>Group identification for OMVS</Description>
</AttributeDefinition>
<AttributeDefinition name="LANGUAGE" required="true"
type="string">
<Description>Language preference code which is passed to the
message processing Installation Exit</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="SCTYKEY" required="true"
type="string">
<Description>CICS security keys an ACID may use</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="OPCLASS" required="true"
type="string">
<Description>CICS operator classes</Description>
</AttributeDefinition>
<AttributeDefinition name="INSTDATA" required="true"
type="string">
<Description>Installation data of ACID</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="SOURCE" required="true"
type="string">
<Description>Source reader or terminal prefixes through which
the associated ACID may enter the system</Description>
</AttributeDefinition>
<AttributeDefinition name="ZONE_NAME" required="true"
type="string">
<Description>Zone name</Description>
</AttributeDefinition>
<AttributeDefinition name="ZONE_ACID" required="true"
type="string">
<Description>Zone ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="DIV_NAME" required="true"
type="string">
<Description>Division name</Description>
</AttributeDefinition>
<AttributeDefinition name="DIV_ACID" required="true"
type="string">
<Description>Division ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="DEPT_NAME" required="true"
type="string">
<Description>Department name</Description>
</AttributeDefinition>
<AttributeDefinition name="DEPT_ACID" required="true"
type="string">
<Description>Department ACID</Description>
</AttributeDefinition>
<AttributeDefinition name="ParentContainerName" required="true"
type="string">
<Description>Parent Container Name</Description>
</AttributeDefinition>
<AttributeDefinition name="ParentContainerType" required="true"
type="string">
<Description>Parent Container Type</Description>
 </AttributeDefinition>
<AttributeDefinition name="ParentContainerACID" required="true"
type="string">
<Description>Parent Container ACID</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, MANAGER_LOOKUP, ENABLE, SEARCH, PASSWORD,
DIRECT_PERMISSIONS, CURRENT_PASSWORD" icon="enterpriseIcon" name="IBM i Template"
type="IBM i">
<Attributes>
<Map>
<entry key="AttributeFunction">
<value>
<Map>
<entry key="ACGCDE" value="getAccountingCode"/>
<entry key="ASTLVL" value="getAssistanceLevel"/>
<entry key="ATNPGM"
value="getAttentionKeyHandlingProgram"/>
<entry key="AUDLVL" value="getUserActionAuditLevel"/>
<entry key="CCSID" value="getCCSID"/>
<entry key="CHRIDCTL" value="getCHRIDControl"/>
<entry key="CNTRYID" value="getCountryID"/>
<entry key="CURLIB" value="getCurrentLibraryName"/>
<entry key="DLVRY" value="getMessageQueueDeliveryMethod"/>
<entry key="DSPSGNINF"
value="getDisplaySignOnInformation"/>
<entry key="GID" value="getGroupID"/>
<entry key="GRPAUT" value="getGroupAuthority"/>
<entry key="GRPAUTTYP" value="getGroupAuthorityType"/>
<entry key="GRPPRF" value="getGroupProfileName"/>
<entry key="HOMEDIR" value="getHomeDirectory"/>
<entry key="INLMNU" value="getInitialMenu"/>
<entry key="INLPGM" value="getInitialProgram"/>
<entry key="INVSIGNON"
value="getSignedOnAttemptsNotValid"/>
<entry key="JOBD" value="getJobDescription"/>
<entry key="KBDBUF" value="getKeyboardBuffering"/>
<entry key="LANGID" value="getLanguageID"/>
<entry key="LCLPWDMGT" value="isLocalPasswordManagement"/>
<entry key="LMTCPB" value="getLimitCapabilities"/>
<entry key="LMTDEVSSN" value="getLimitDeviceSessions"/>
<entry key="LOCALE" value="getLocalePathName"/>
<entry key="MAXSTG" value="getMaximumStorageAllowed"/>
<entry key="MSGQ" value="getMessageQueue"/>
<entry key="OBJAUD" value="getObjectAuditingValue"/>
<entry key="OUTQ" value="getOutputQueue"/>
<entry key="OWNER" value="getOwner"/>
<entry key="PREVSIGNON" value="getPreviousSignedOnDate"/>
<entry key="PRTDEV" value="getPrintDevice"/>
<entry key="PTYLMT" value="getHighestSchedulingPriority"/>
<entry key="PWDEXP" value="isPasswordSetExpire"/>
<entry key="PWDEXPDATE" value="getPasswordExpireDate"/>
<entry key="PWDEXPITV"
value="getPasswordExpirationInterval"/>
<entry key="PWDLASTCHG"
value="getPasswordLastChangedDate"/>
 <entry key="SETJOBATTR" value="getLocaleJobAttributes"/>
<entry key="SEV" value="getMessageQueueSeverity"/>
<entry key="SPCAUT" value="getSpecialAuthority"/>
<entry key="SPCENV" value="getSpecialEnvironment"/>
<entry key="SRTSEQ" value="getSortSequenceTable"/>
<entry key="STATUS" value="getStatus"/>
<entry key="SUPGRPPRF" value="getSupplementalGroups"/>
<entry key="TEXT" value="getDescription"/>
<entry key="UID" value="getUserID"/>
<entry key="USRCLS" value="getUserClassName"/>
<entry key="USREXPACT" value="getUserExpirationAction"/>
<entry key="USREXPDATE" value="getUserExpirationDate"/>
<entry key="USREXPITV" value="getUserExpirationInterval"/>
<entry key="USROPT" value="getUserOptions"/>
<entry key="USRPRF" value="getUserProfileName"/>
</Map>
</value>
</entry>
<entry key="change.password" value="CHGUSRPRF"/>
<entry key="connectorClass"
value="openconnector.connector.IBMiConnector"/>
<entry key="create" value="CRTUSRPRF"/>
<entry key="delete" value="DLTUSRPRF"/>
<entry key="directPermissionObjectType">
<value>
<List>
<String>*LIB</String>
<String>*MSGQ</String>
<String>*FILE</String>
<String>*PGM</String>
<String>*CMD</String>
<String>*MENU</String>
<String>*AUTL</String>
<String>*JOBQ</String>
</List>
</value>
</entry>
<entry key="disable" value="CHGUSRPRF"/>
<entry key="enable" value="CHGUSRPRF"/>
<entry key="formPath" value="IBMiAttributesForm.xhtml"/>
<entry key="groupInfo" value="NONE"/>
<entry key="includeUserInfo" value="USER"/>
<entry key="modify" value="CHGUSRPRF"/>
<entry key="objectLibrary" value="*ALL"/>
<entry key="objectName" value="*ALL"/>
<entry key="retryableErrors">
<value>
<List>
<String>Connect Failed</String>
</List>
</value>
</entry>
<entry key="revoke.permission" value="RVKOBJAUT"/>
<entry key="setDelay" value="1"/>
<entry key="specialAttr" value="AUDLVL,OBJAUD"/>
<entry key="specialCommands">
<value>
<Map>
<entry key="CHGUSRAUD">
 <value>
<List>
<String>AUDLVL</String>
<String>OBJAUD</String>
</List>
</value>
</entry>
</Map>
</value>
</entry>
<entry key="unlock" value="CHGUSRPRF"/>
<entry key="userProfile" value="ALL"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ibmi_user_profile"
helpKey="help_con_prov_policy_ibmi_user_profile" name="USRPRF" required="true"
section="" type="string"/>
<Field displayName="con_prov_policy_ibmi_group_profile"
helpKey="help_con_prov_policy_ibmi_group_profile" name="GRPPRF" required="true"
section="" type="string"/>
<Field displayName="con_prov_policy_ibmi_user_id"
helpKey="help_con_prov_policy_ibmi_user_id" name="UID" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_prov_policy_ibmi_user_class"
helpKey="help_con_prov_policy_ibmi_user_class" name="USRCLS" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_prov_policy_ibmi_password"
helpKey="help_con_prov_policy_ibmi_password" name="password" reviewRequired="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_ibmi_set_password"
helpKey="help_con_prov_policy_ibmi_set_password" name="PWDEXP"
reviewRequired="true" section="" type="string"/>
</Form>
<Form name="create group" objectType="group" type="Create">
<Field displayName="con_prov_policy_ibmi_user_profile"
helpKey="help_con_prov_policy_ibmi_user_profile" name="USRPRF" required="true"
section="" type="string"/>
<Field displayName="con_prov_policy_ibmi_group_id"
helpKey="help_con_prov_policy_ibmi_group_id" name="GID" required="true" section=""
type="string"/>
<Field displayName="con_prov_policy_ibmi_set_password"
helpKey="help_con_prov_policy_ibmi_set_password" name="PWDEXP"
reviewRequired="true" section="" type="string"/>
<Field displayName="con_prov_policy_ibmi_user_class"
helpKey="help_con_prov_policy_ibmi_user_class" name="USRCLS" reviewRequired="true"
section="" type="string"/>
</Form>
<Form name="update group" objectType="group" type="Update">
<Field displayName="con_prov_policy_ibmi_group_id"
helpKey="help_con_prov_policy_ibmi_group_id" name="GID" reviewRequired="true"
section="" type="string"/>
<Field displayName="con_prov_policy_ibmi_user_class"
helpKey="help_con_prov_policy_ibmi_user_class" name="USRCLS" reviewRequired="true"
section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
 <Schema displayAttribute="USRPRF" identityAttribute="USRPRF"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="USRPRF"
remediationModificationType="None" required="true" type="string"/>
<AttributeDefinition name="PWDEXP"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="STATUS"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USRCLS"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="ASTLVL"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CURLIB"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="INLPGM"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="INLMNU"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LMTCPB"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="TEXT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SPCAUT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SPCENV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="DSPSGNINF"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PWDEXPITV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LCLPWDMGT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LMTDEVSSN"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="KBDBUF"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="MAXSTG"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PTYLMT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="JOBD"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="GRPPRF"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="OWNER"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="GRPAUT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="GRPAUTTYP"
remediationModificationType="None" type="string"/>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="SUPGRPPRF" remediationModificationType="None"
schemaObjectType="group" type="string"/>
<AttributeDefinition name="ACGCDE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="MSGQ"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="DLVRY"
remediationModificationType="None" type="string"/>
 <AttributeDefinition name="SEV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PRTDEV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="OUTQ"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="ATNPGM"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SRTSEQ"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LANGID"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CNTRYID"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CCSID"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CHRIDCTL"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SETJOBATTR"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LOCALE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USROPT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="UID"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="HOMEDIR"
remediationModificationType="None" type="string"/>
<AttributeDefinition multi="true" name="AUDLVL"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="OBJAUD"
remediationModificationType="None" type="string"/>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="AUTL" remediationModificationType="None" type="string"/>
<AttributeDefinition name="PWDLASTCHG"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PREVSIGNON"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PWDEXPDATE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="INVSIGNON"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USREXPACT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USREXPDATE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USREXPITV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LSTUSEDATE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CHGDATE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CTRBYUSER"
remediationModificationType="None" type="string"/>
</Schema>
<Schema displayAttribute="USRPRF" featuresString="PROVISIONING"
identityAttribute="USRPRF" nativeObjectType="group" objectType="group">
<AttributeDefinition name="USRPRF"
remediationModificationType="None" required="true" type="string"/>
 <AttributeDefinition name="PWDEXP"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="STATUS"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USRCLS"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="ASTLVL"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CURLIB"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="INLPGM"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="INLMNU"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LMTCPB"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="TEXT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SPCAUT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SPCENV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="DSPSGNINF"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PWDEXPITV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LCLPWDMGT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LMTDEVSSN"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="KBDBUF"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="MAXSTG"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PTYLMT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="JOBD"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="GRPPRF"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="OWNER"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="GRPAUT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="GRPAUTTYP"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SUPGRPPRF"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="ACGCDE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="MSGQ"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="DLVRY"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SEV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PRTDEV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="OUTQ"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="ATNPGM"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SRTSEQ"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LANGID"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CNTRYID"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CCSID"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CHRIDCTL"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="SETJOBATTR"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LOCALE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USROPT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="GID"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="HOMEDIR"
remediationModificationType="None" type="string"/>
<AttributeDefinition multi="true" name="AUDLVL"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="OBJAUD"
remediationModificationType="None" type="string"/>
<AttributeDefinition entitlement="true" multi="true" name="AUTL"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PWDLASTCHG"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PREVSIGNON"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="PWDEXPDATE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="INVSIGNON"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USREXPACT"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USREXPDATE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="USREXPITV"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="LSTUSEDATE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CHGDATE"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="CTRBYUSER"
remediationModificationType="None" type="string"/>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="SYNC_PROVISIONING, PROVISIONING, ENABLE" icon="internetIcon"
name="SAP S/4HANA Cloud" type="SAP S/4HANA Cloud">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.saps4hanacloud.SAPS4HANACloudConnector"/>
 <entry key="formPath" value="SAPS4HANAAttributesForm.xhtml"/>
</Map>
</Attributes>
<Schemas>
<Schema displayAttribute="User Name" identityAttribute="Person ID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="First Name"
remediationModificationType="None" type="string">
<Description>First Name of Business User</Description>
</AttributeDefinition>
<AttributeDefinition name="Last Name"
remediationModificationType="None" type="string">
<Description>Last Name of Business User</Description>
</AttributeDefinition>
<AttributeDefinition name="Person External ID"
remediationModificationType="None" type="string">
<Description>Person External ID of Business User</Description>
</AttributeDefinition>
<AttributeDefinition name="Business Partner Role"
remediationModificationType="None" type="string">
<Description>Business Partner Role of Business
User</Description>
</AttributeDefinition>
<AttributeDefinition name="Person ID"
remediationModificationType="None" type="string">
<Description>Person ID of Business User</Description>
</AttributeDefinition>
<AttributeDefinition name="Email"
remediationModificationType="None" type="string">
<Description>Email Address of Business User</Description>
</AttributeDefinition>
<AttributeDefinition name="User Name"
remediationModificationType="None" type="string">
<Description>User Name of Business User</Description>
</AttributeDefinition>
<AttributeDefinition name="User ID"
remediationModificationType="None" type="string">
<Description>User ID of Business User</Description>
</AttributeDefinition>
<AttributeDefinition name="Employee Date Valid From"
remediationModificationType="None" type="string">
<Description>Employment start date of the Business
User</Description>
</AttributeDefinition>
<AttributeDefinition name="Employee Date Valid To"
remediationModificationType="None" type="string">
<Description>Employment end date of the Business
User</Description>
</AttributeDefinition>
<AttributeDefinition name="Is Locked"
remediationModificationType="None" type="boolean">
<Description>Is Business User Locked</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Business Roles" remediationModificationType="None"
schemaObjectType="group" type="string">
<Description>Business Roles assigned to Business
User</Description>
</AttributeDefinition>
 </Schema>
<Schema displayAttribute="Business Role ID"
identityAttribute="Business Role UUID" nativeObjectType="Role" objectType="group">
<AttributeDefinition name="Business Role UUID"
remediationModificationType="None" type="string">
<Description>Business Role Universally Unique
Identifier</Description>
</AttributeDefinition>
<AttributeDefinition name="Business Role ID"
remediationModificationType="None" type="string">
<Description>Business Role ID</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.DB2WindowsServerConnector"
featuresString="DIRECT_PERMISSIONS, DISCOVER_SCHEMA, PROVISIONING,
SYNC_PROVISIONING, SEARCH" icon="databaseIcon" name="IBM DB2 Template" type="IBM
DB2">
<Attributes>
<Map>
<entry key="formPath" value="DB2AttributesForm.xhtml"/>
<entry key="retryableErrors">
<value>
<List>
<String>Server is not operational</String>
</List>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create User" objectType="account" type="Create">
<Field displayName="con_prov_policy_user_create_usernamedb"
helpKey="help_con_prov_policy_user_create_usernamedb" name="GRANTEE"
required="true" type="string"/>
<Field defaultValue="Y"
displayName="con_prov_policy_user_create_conntodb"
helpKey="help_con_prov_policy_user_create_conntodb" name="CONNECTAUTH"
reviewRequired="true" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="N"
displayName="con_prov_policy_user_create_crepkg"
helpKey="help_con_prov_policy_user_create_crepkg" name="BINDADDAUTH"
reviewRequired="true" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="N"
displayName="con_prov_policy_user_create_cretab"
helpKey="help_con_prov_policy_user_create_cretab" name="CREATETABAUTH"
reviewRequired="true" type="string">
<AllowedValues>
 <String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="N"
displayName="con_prov_policy_user_create_regroutine"
helpKey="help_con_prov_policy_user_create_regroutine" name="NOFENCEAUTH"
reviewRequired="true" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="N"
displayName="con_prov_policy_user_create_dbadmauth"
helpKey="help_con_prov_policy_user_create_dbadmauth" name="DBADMAUTH"
reviewRequired="true" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="N"
displayName="con_prov_policy_user_create_creschema"
helpKey="help_con_prov_policy_user_create_creschema" name="IMPLSCHEMAAUTH"
reviewRequired="true" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="N"
displayName="con_prov_policy_user_create_acctoload"
helpKey="help_con_prov_policy_user_create_acctoload" name="LOADAUTH"
reviewRequired="true" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="N"
displayName="con_prov_policy_user_create_creextroutine"
helpKey="help_con_prov_policy_user_create_creextroutine" name="EXTERNALROUTINEAUTH"
reviewRequired="true" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="N"
displayName="con_prov_policy_user_create_conntoquiesdb"
helpKey="help_con_prov_policy_user_create_conntoquiesdb" name="QUIESCECONNECTAUTH"
reviewRequired="true" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="N"
displayName="con_prov_policy_user_create_secadm"
helpKey="help_con_prov_policy_user_create_secadm" name="SECURITYADMAUTH"
reviewRequired="true" type="string">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="GRANTEE" identityAttribute="GRANTEE"
includePermissions="true" nativeObjectType="syscat.dbauth" objectType="account">
<AttributeDefinition name="GRANTEE" type="string">
<Description>Grantee name</Description>
</AttributeDefinition>
<AttributeDefinition name="GRANTEETYPE" type="string">
<Description>Grantee type</Description>
</AttributeDefinition>
<AttributeDefinition name="GRANTOR" type="string">
<Description>Grantor name</Description>
</AttributeDefinition>
<AttributeDefinition name="GRANTORTYPE" type="string">
<Description>Grantor type</Description>
</AttributeDefinition>
<AttributeDefinition name="BINDADDAUTH" type="string">
<Description>Authority to create packages</Description>
</AttributeDefinition>
<AttributeDefinition name="CREATETABAUTH" type="string">
<Description>Authority to create tables</Description>
</AttributeDefinition>
<AttributeDefinition name="CONNECTAUTH" type="string">
<Description>Authority to connect to the database</Description>
</AttributeDefinition>
<AttributeDefinition name="DBADMAUTH" type="string">
<Description>DBADM authority</Description>
</AttributeDefinition>
<AttributeDefinition name="EXTERNALROUTINEAUTH" type="string">
<Description>Authority to create external
routines</Description>
</AttributeDefinition>
<AttributeDefinition name="IMPLSCHEMAAUTH" type="string">
<Description>Authority to implicitly create
schemas</Description>
</AttributeDefinition>
<AttributeDefinition name="LOADAUTH" type="string">
<Description>Authority to use the DB2(R) load
utility</Description>
</AttributeDefinition>
<AttributeDefinition name="NOFENCEAUTH" type="string">
<Description>Authority to create non-fenced user-defined
functions</Description>
</AttributeDefinition>
<AttributeDefinition name="QUIESCECONNECTAUTH" type="string">
<Description>Authority to access the database when it is
quiesced</Description>
</AttributeDefinition>
<AttributeDefinition name="SECURITYADMAUTH" type="string">
<Description>Security Administrator authority</Description>
 </AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" schemaObjectType="group" type="string">
<Description>Entitlement attribute</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="ROLENAME" featuresString="PROVISIONING"
identityAttribute="ROLENAME" includePermissions="true"
nativeObjectType="syscat.roles" objectType="group">
<AttributeDefinition name="ROLENAME" type="string">
<Description>Name of the role</Description>
</AttributeDefinition>
<AttributeDefinition name="ROLEID" type="string">
<Description>Identifier for the role</Description>
</AttributeDefinition>
<AttributeDefinition name="CREATE_TIME" type="string">
<Description>Time when the role was created</Description>
</AttributeDefinition>
<AttributeDefinition name="AUDITPOLICYID" type="string">
<Description>Identifier for the audit policy</Description>
</AttributeDefinition>
<AttributeDefinition name="AUDITPOLICYNAME" type="string">
<Description>Identifier for the audit policy</Description>
</AttributeDefinition>
<AttributeDefinition name="REMARKS" type="string">
<Description>User-provided comments</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="HierarchicalRoles" type="string">
<Description>Child roles</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.TopSecretConnector"
featuresString="DIRECT_PERMISSIONS, NO_RANDOM_ACCESS, DISCOVER_SCHEMA"
icon="mainframeIcon" name="TopSecret Template" type="TopSecret">
<Schemas>
<Schema displayAttribute="ACID" identityAttribute="NAME"
nativeObjectType="USER" objectType="account">
<AttributeDefinition name="XAUTH" type="string"/>
<AttributeDefinition name="VMMDISK" type="string"/>
<AttributeDefinition name="ACTION" type="string"/>
<AttributeDefinition name="LOCK TIME(MINUTES)" type="string"/>
<AttributeDefinition name="LOCK TIME FACILITY" type="string"/>
<AttributeDefinition name="LANGUAGE PREFERENCE CODE"
type="string"/>
<AttributeDefinition name="VOLSER(OWNED)" type="string"/>
<AttributeDefinition name="ATTRIBUTES" type="string"/>
<AttributeDefinition name="VOLSER(OWNED)2" type="string"/>
<AttributeDefinition name="ATTRIBUTES2" type="string"/>
<AttributeDefinition name="NAME" type="string"/>
<AttributeDefinition name="SITRAN" type="string"/>
<AttributeDefinition name="HOME" type="string"/>
<AttributeDefinition name="MULTIPW" type="boolean"/>
<AttributeDefinition name="NOADSP" type="boolean"/>
<AttributeDefinition name="AUDIT" type="boolean"/>
<AttributeDefinition name="NOPWCHG" type="boolean"/>
<AttributeDefinition name="OIDCARD" type="boolean"/>
 <AttributeDefinition name="TRACE" type="boolean"/>
<AttributeDefinition name="SUSPEND" type="boolean"/>
<AttributeDefinition name="MRO" type="boolean"/>
<AttributeDefinition name="CONSOLE" type="boolean"/>
<AttributeDefinition name="GAP" type="boolean"/>
<AttributeDefinition name="DUFXTR" type="boolean"/>
<AttributeDefinition name="DUFUPD" type="boolean"/>
<AttributeDefinition name="TSOMPW" type="boolean"/>
<AttributeDefinition name="NOATS" type="boolean"/>
<AttributeDefinition name="ACEDEFAU" type="boolean"/>
<AttributeDefinition name="ASUSPEND" type="boolean"/>
<AttributeDefinition name="WHO HAS RESOURCE" type="string"/>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="PROFILE ACID" schemaObjectType="group" type="string"/>
<AttributeDefinition name="PASSWORD" type="string"/>
<AttributeDefinition name="PASSWORD EXPIRES DATE" type="string"/>
<AttributeDefinition name="PASSWORD INTERVAL" type="string"/>
<AttributeDefinition name="PASSWORD FACILITY" type="string"/>
<AttributeDefinition name="OPIDENT" type="string"/>
<AttributeDefinition name="OPPRTY" type="string"/>
<AttributeDefinition multi="true" name="PROGRAM" type="string"/>
<AttributeDefinition name="WHOHAS ADMIN" type="string"/>
<AttributeDefinition name="ACIDS2" type="string"/>
<AttributeDefinition name="SOURCES" type="string"/>
<AttributeDefinition name="TSOLPROC" type="string"/>
<AttributeDefinition name="DIV ACID" type="string"/>
<AttributeDefinition name="DIV NAME" type="string"/>
<AttributeDefinition name="SUSPENDED" type="string"/>
<AttributeDefinition name="WHOHAS XAUTH" type="string"/>
<AttributeDefinition name="TSOUNIT" type="string"/>
<AttributeDefinition name="PHYSKEY" type="string"/>
<AttributeDefinition name="ACID WITHIN DEPT/DIV/ZONE"
type="string"/>
<AttributeDefinition name="DATE CREATED" type="string"/>
<AttributeDefinition name="DATE LAST MODIFIED" type="string"/>
<AttributeDefinition name="TIME LAST MODIFIED" type="string"/>
<AttributeDefinition name="ROOM NUMBER" type="string"/>
<AttributeDefinition name="MISC2" type="string"/>
<AttributeDefinition name="ACCESSLEVELS" type="string"/>
<AttributeDefinition name="MISC8" type="string"/>
<AttributeDefinition name="SCOPE" type="string"/>
<AttributeDefinition name="DIGITAL CERT NAME" type="string"/>
<AttributeDefinition name="DEPARTMENT" type="string"/>
<AttributeDefinition name="DLFTGRP" type="string"/>
<AttributeDefinition name="WHO OWNS RESOURCE" type="string"/>
<AttributeDefinition name="TSOOPT" type="string"/>
<AttributeDefinition name="WANAME" type="string"/>
<AttributeDefinition multi="true" name="SYSID" type="string"/>
<AttributeDefinition name="BUILDING" type="string"/>
<AttributeDefinition name="TSOCOMMAND" type="string"/>
<AttributeDefinition name="DIGITAL CERT STARTS" type="string"/>
<AttributeDefinition name="XAUTH LIBRARY" type="string"/>
<AttributeDefinition name="WHO HAS FACILITY" type="string"/>
<AttributeDefinition name="RESOURCE CLASS NAME" type="string"/>
<AttributeDefinition name="FCT/PREFIX(OWNED)" type="string"/>
<AttributeDefinition name="FACILITIES" type="string"/>
<AttributeDefinition name="TSOHCLASS" type="string"/>
<AttributeDefinition name="DIGITAL CERT EXPIRES" type="string"/>
<AttributeDefinition name="ZONE ACID" type="string"/>
 <AttributeDefinition name="ZONE NAME" type="string"/>
<AttributeDefinition name="ADDRESS1" type="string"/>
<AttributeDefinition name="XAUTHDAYS" type="string"/>
<AttributeDefinition name="ACID TYPE" type="string"/>
<AttributeDefinition name="ACID SIZE" type="string"/>
<AttributeDefinition name="RESTRICT" type="string"/>
<AttributeDefinition name="ADDRESS4" type="string"/>
<AttributeDefinition name="NODSNCHK" type="boolean"/>
<AttributeDefinition name="NOVOLCHECK" type="boolean"/>
<AttributeDefinition name="NOLCFCHK" type="boolean"/>
<AttributeDefinition name="NOSUBCHK" type="boolean"/>
<AttributeDefinition name="NORESCHK" type="boolean"/>
<AttributeDefinition name="NOVMDCHK" type="boolean"/>
<AttributeDefinition name="NOSUSPEN" type="boolean"/>
<AttributeDefinition name="TSODEST" type="string"/>
<AttributeDefinition name="TSODEFPRFG" type="string"/>
<AttributeDefinition name="RESOURCE CLASS NAME2" type="string"/>
<AttributeDefinition name="MISC1" type="string"/>
<AttributeDefinition name="GID" type="string"/>
<AttributeDefinition name="TSOUDATA" type="string"/>
<AttributeDefinition name="ACCESSLEVELS2" type="string"/>
<AttributeDefinition name="DSN/PREFIX(OWNED)" type="string"/>
<AttributeDefinition name="TSOMSIZE" type="string"/>
<AttributeDefinition name="EXPIRES" type="string"/>
<AttributeDefinition name="TSOSCLASS" type="string"/>
<AttributeDefinition name="XAUTH FAC" type="string"/>
<AttributeDefinition name="DEPT ACID" type="string"/>
<AttributeDefinition name="DEPT NAME" type="string"/>
<AttributeDefinition name="DATE LAST USED" type="string"/>
<AttributeDefinition name="TIME LAST USED" type="string"/>
<AttributeDefinition name="CPU" type="string"/>
<AttributeDefinition name="FAC" type="string"/>
<AttributeDefinition name="COUNT" type="string"/>
<AttributeDefinition multi="true" name="SEGMENT" type="string"/>
<AttributeDefinition name="RESOURCES" type="string"/>
<AttributeDefinition name="TSOJCLASS" type="string"/>
<AttributeDefinition name="ADMIN BY" type="string"/>
<AttributeDefinition name="XAUTH MODE" type="string"/>
<AttributeDefinition name="TSOLACCT" type="string"/>
<AttributeDefinition name="TSOLSIZE" type="string"/>
<AttributeDefinition name="LISTDATA" type="string"/>
<AttributeDefinition name="OMVSPGM" type="string"/>
<AttributeDefinition name="SMSSTOR" type="string"/>
<AttributeDefinition name="UID" type="string"/>
<AttributeDefinition name="ADDRESS3" type="string"/>
<AttributeDefinition name="XAUTH PRIVPGM" type="string"/>
<AttributeDefinition name="TIME ZONE" type="string"/>
<AttributeDefinition name="MASTER FACILITY" type="string"/>
<AttributeDefinition name="LCF FACILITY" type="string"/>
<AttributeDefinition multi="true" name="FACILITY NAME"
type="string"/>
<AttributeDefinition name="FACILITY UNTIL DATE" type="string"/>
<AttributeDefinition name="INSTDATA" type="string"/>
<AttributeDefinition name="ADDRESS2" type="string"/>
<AttributeDefinition name="WAACCOUNT" type="string"/>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="GROUP ACID" type="string"/>
<AttributeDefinition name="TSOMCLASS" type="string"/>
<AttributeDefinition name="MISC9" type="string"/>
 <AttributeDefinition name="ACID" type="string"/>
</Schema>
<Schema displayAttribute="NAME" identityAttribute="ACID"
nativeObjectType="PROFILE" objectType="group">
<AttributeDefinition name="XAUTH" type="string"/>
<AttributeDefinition name="VMMDISK" type="string"/>
<AttributeDefinition name="ACTION" type="string"/>
<AttributeDefinition name="LOCK TIME(MINUTES)" type="string"/>
<AttributeDefinition name="LOCK TIME FACILITY" type="string"/>
<AttributeDefinition name="LANGUAGE PREFERENCE CODE"
type="string"/>
<AttributeDefinition name="VOLSER(OWNED)" type="string"/>
<AttributeDefinition name="ATTRIBUTES" type="string"/>
<AttributeDefinition name="VOLSER(OWNED)2" type="string"/>
<AttributeDefinition name="ATTRIBUTES2" type="string"/>
<AttributeDefinition name="NAME" type="string"/>
<AttributeDefinition name="SITRAN" type="string"/>
<AttributeDefinition name="HOME" type="string"/>
<AttributeDefinition name="MULTIPW" type="boolean"/>
<AttributeDefinition name="NOADSP" type="boolean"/>
<AttributeDefinition name="AUDIT" type="boolean"/>
<AttributeDefinition name="NOPWCHG" type="boolean"/>
<AttributeDefinition name="OIDCARD" type="boolean"/>
<AttributeDefinition name="TRACE" type="boolean"/>
<AttributeDefinition name="SUSPEND" type="boolean"/>
<AttributeDefinition name="MRO" type="boolean"/>
<AttributeDefinition name="CONSOLE" type="boolean"/>
<AttributeDefinition name="GAP" type="boolean"/>
<AttributeDefinition name="DUFXTR" type="boolean"/>
<AttributeDefinition name="DUFUPD" type="boolean"/>
<AttributeDefinition name="TSOMPW" type="boolean"/>
<AttributeDefinition name="NOATS" type="boolean"/>
<AttributeDefinition name="ACEDEFAU" type="boolean"/>
<AttributeDefinition name="ASUSPEND" type="boolean"/>
<AttributeDefinition name="WHO HAS RESOURCE" type="string"/>
<AttributeDefinition multi="true" name="PROFILE ACID"
type="string"/>
<AttributeDefinition name="PASSWORD" type="string"/>
<AttributeDefinition name="PASSWORD EXPIRES DATE" type="string"/>
<AttributeDefinition name="PASSWORD INTERVAL" type="string"/>
<AttributeDefinition name="PASSWORD FACILITY" type="string"/>
<AttributeDefinition name="OPIDENT" type="string"/>
<AttributeDefinition name="OPPRTY" type="string"/>
<AttributeDefinition multi="true" name="PROGRAM" type="string"/>
<AttributeDefinition name="WHOHAS ADMIN" type="string"/>
<AttributeDefinition name="ACIDS2" type="string"/>
<AttributeDefinition name="SOURCES" type="string"/>
<AttributeDefinition name="TSOLPROC" type="string"/>
<AttributeDefinition name="DIV ACID" type="string"/>
<AttributeDefinition name="DIV NAME" type="string"/>
<AttributeDefinition name="SUSPENDED" type="string"/>
<AttributeDefinition name="WHOHAS XAUTH" type="string"/>
<AttributeDefinition name="TSOUNIT" type="string"/>
<AttributeDefinition name="PHYSKEY" type="string"/>
<AttributeDefinition name="ACID WITHIN DEPT/DIV/ZONE"
type="string"/>
<AttributeDefinition name="DATE CREATED" type="string"/>
<AttributeDefinition name="DATE LAST MODIFIED" type="string"/>
<AttributeDefinition name="TIME LAST MODIFIED" type="string"/>
<AttributeDefinition name="ROOM NUMBER" type="string"/>
<AttributeDefinition name="MISC2" type="string"/>
<AttributeDefinition name="ACCESSLEVELS" type="string"/>
<AttributeDefinition name="MISC8" type="string"/>
<AttributeDefinition name="SCOPE" type="string"/>
<AttributeDefinition name="DIGITAL CERT NAME" type="string"/>
<AttributeDefinition name="DEPARTMENT" type="string"/>
<AttributeDefinition name="DLFTGRP" type="string"/>
<AttributeDefinition name="WHO OWNS RESOURCE" type="string"/>
<AttributeDefinition name="TSOOPT" type="string"/>
<AttributeDefinition name="WANAME" type="string"/>
<AttributeDefinition multi="true" name="SYSID" type="string"/>
<AttributeDefinition name="BUILDING" type="string"/>
<AttributeDefinition name="TSOCOMMAND" type="string"/>
<AttributeDefinition name="DIGITAL CERT STARTS" type="string"/>
<AttributeDefinition name="XAUTH LIBRARY" type="string"/>
<AttributeDefinition name="WHO HAS FACILITY" type="string"/>
<AttributeDefinition name="RESOURCE CLASS NAME" type="string"/>
<AttributeDefinition name="FCT/PREFIX(OWNED)" type="string"/>
<AttributeDefinition name="FACILITIES" type="string"/>
<AttributeDefinition name="TSOHCLASS" type="string"/>
<AttributeDefinition name="DIGITAL CERT EXPIRES" type="string"/>
<AttributeDefinition name="ZONE ACID" type="string"/>
<AttributeDefinition name="ZONE NAME" type="string"/>
<AttributeDefinition name="ADDRESS1" type="string"/>
<AttributeDefinition name="XAUTHDAYS" type="string"/>
<AttributeDefinition name="ACID TYPE" type="string"/>
<AttributeDefinition name="ACID SIZE" type="string"/>
<AttributeDefinition name="RESTRICT" type="string"/>
<AttributeDefinition name="ADDRESS4" type="string"/>
<AttributeDefinition name="NODSNCHK" type="boolean"/>
<AttributeDefinition name="NOVOLCHECK" type="boolean"/>
<AttributeDefinition name="NOLCFCHK" type="boolean"/>
<AttributeDefinition name="NOSUBCHK" type="boolean"/>
<AttributeDefinition name="NORESCHK" type="boolean"/>
<AttributeDefinition name="NOVMDCHK" type="boolean"/>
<AttributeDefinition name="NOSUSPEN" type="boolean"/>
<AttributeDefinition name="TSODEST" type="string"/>
<AttributeDefinition name="TSODEFPRFG" type="string"/>
<AttributeDefinition name="RESOURCE CLASS NAME2" type="string"/>
<AttributeDefinition name="MISC1" type="string"/>
<AttributeDefinition name="GID" type="string"/>
<AttributeDefinition name="TSOUDATA" type="string"/>
<AttributeDefinition name="ACCESSLEVELS2" type="string"/>
<AttributeDefinition name="DSN/PREFIX(OWNED)" type="string"/>
<AttributeDefinition name="TSOMSIZE" type="string"/>
<AttributeDefinition name="EXPIRES" type="string"/>
<AttributeDefinition name="TSOSCLASS" type="string"/>
<AttributeDefinition name="XAUTH FAC" type="string"/>
<AttributeDefinition name="DEPT ACID" type="string"/>
<AttributeDefinition name="DEPT NAME" type="string"/>
<AttributeDefinition name="DATE LAST USED" type="string"/>
<AttributeDefinition name="TIME LAST USED" type="string"/>
<AttributeDefinition name="CPU" type="string"/>
<AttributeDefinition name="FAC" type="string"/>
<AttributeDefinition name="COUNT" type="string"/>
<AttributeDefinition multi="true" name="SEGMENT" type="string"/>
<AttributeDefinition name="RESOURCES" type="string"/>
<AttributeDefinition name="TSOJCLASS" type="string"/>
 <AttributeDefinition name="ADMIN BY" type="string"/>
<AttributeDefinition name="XAUTH MODE" type="string"/>
<AttributeDefinition name="TSOLACCT" type="string"/>
<AttributeDefinition name="TSOLSIZE" type="string"/>
<AttributeDefinition name="LISTDATA" type="string"/>
<AttributeDefinition name="OMVSPGM" type="string"/>
<AttributeDefinition name="SMSSTOR" type="string"/>
<AttributeDefinition name="UID" type="string"/>
<AttributeDefinition name="ADDRESS3" type="string"/>
<AttributeDefinition name="XAUTH PRIVPGM" type="string"/>
<AttributeDefinition name="TIME ZONE" type="string"/>
<AttributeDefinition name="MASTER FACILITY" type="string"/>
<AttributeDefinition name="LCF FACILITY" type="string"/>
<AttributeDefinition multi="true" name="FACILITY NAME"
type="string"/>
<AttributeDefinition name="FACILITY UNTIL DATE" type="string"/>
<AttributeDefinition name="INSTDATA" type="string"/>
<AttributeDefinition name="ADDRESS2" type="string"/>
<AttributeDefinition name="WAACCOUNT" type="string"/>
<AttributeDefinition multi="true" name="GROUP ACID"
type="string"/>
<AttributeDefinition name="TSOMCLASS" type="string"/>
<AttributeDefinition name="MISC9" type="string"/>
<AttributeDefinition name="ACID" type="string"/>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.SecurityIQConnector"
name="SecurityIQ template" type="SecurityIQ">
<Attributes>
<Map>
<entry key="formPath" value="SIQAttributesForm.xhtml"/>
</Map>
</Attributes>
<Schemas>
<Schema identityAttribute="_id" nativeObjectType="event"
objectType="alert">
<AttributeDefinition name="_index" type="string"/>
<AttributeDefinition name="_type" type="string"/>
<AttributeDefinition name="_id" type="string"/>
<AttributeDefinition internalName="_source.&apos;user full
name&apos;" name="userFullName" type="string"/>
<AttributeDefinition internalName="_source.&apos;alert rule
names&apos;" multi="true" name="alertRuleNames" type="string"/>
<AttributeDefinition internalName="_source.&apos;action
type&apos;" name="actionType" type="string"/>
<AttributeDefinition internalName="_source.path" name="path"
type="string"/>
<AttributeDefinition internalName="_source.&apos;application
type&apos;" name="applicationType" type="string"/>
<AttributeDefinition internalName="_source.timestamp"
name="timestamp" type="string"/>
<AttributeDefinition internalName="_source.&apos;bam name&apos;"
name="bamName" type="string"/>
<AttributeDefinition internalName="_source.&apos;wpc data&apos;"
name="wpc data" type="string"/>
<AttributeDefinition internalName="_source.creation_timestamp"
name="creation_timestamp" type="string"/>
<AttributeDefinition internalName="_source.&apos;object
name&apos;" name="object name" type="string"/>
<Attributes>
<Map>
<entry key="baseURL"/>
<entry key="deltaListEndpoint">
<value>
<Map>
<entry key="baseURL"/>
<entry key="body">
<value>
<Map>
<entry key="query" value="{&quot;bool&quot;:
{ &quot;must&quot;: [ {&quot;exists&quot;: {&quot;field&quot;: &quot;alert rule
names&quot; }},{&quot;range&quot; : { &quot;creation_timestamp&quot; :
{&quot;gt&quot; : &quot;$(deltaAggregation)&quot;}}}],&quot;must_not&quot;:
[{&quot;term&quot; : { &quot;alert rule names&quot;:&quot;&quot; }}] } }"/>
<entry key="sort"
value="[{&quot;creation_timestamp&quot; : {&quot;order&quot; :
&quot;asc&quot;}}]"/>
</Map>
</value>
</entry>
<entry key="contextURL" value="_search"/>
<entry key="header"/>
<entry key="httpMethodType" value="POST"/>
<entry key="scrollKeepAlive" value="5m"/>
<entry key="size" value="50"/>
</Map>
</value>
</entry>
<entry key="getEndpoint">
<value>
<Map>
<entry key="baseURL"/>
<entry key="body">
<value>
<Map>
<entry key="query" value="{&quot;ids&quot; :
{ &quot;type&quot; : &quot;event&quot;, &quot;values&quot; : [&quot;$
(identity)&quot;] }}"/>
</Map>
</value>
</entry>
<entry key="contextURL" value="_search"/>
<entry key="header"/>
<entry key="httpMethodType" value="POST"/>
</Map>
</value>
</entry>
<entry key="listEndpoint">
<value>
<Map>
<entry key="baseURL"/>
<entry key="body">
<value>
<Map>
<entry key="query" value="{&quot;bool&quot;:
{ &quot;must&quot;: [ {&quot;exists&quot;: {&quot;field&quot;: &quot;alert rule
names&quot; }}],&quot;must_not&quot;: [{&quot;term&quot; : { &quot;alert rule
names&quot;:&quot;&quot; }}] } }"/>
<entry key="sort"
value="[{&quot;creation_timestamp&quot; : {&quot;order&quot; :
&quot;asc&quot;}}]"/>
</Map>
</value>
</entry>
<entry key="contextURL" value="_search"/>
<entry key="header"/>
<entry key="httpMethodType" value="POST"/>
<entry key="scrollKeepAlive" value="5m"/>
<entry key="size" value="50"/>
</Map>
</value>
</entry>
<entry key="password"/>
<entry key="username"/>
</Map>
</Attributes>
</Schema>
<Schema associationSchemaName="associations"
displayAttribute="br_name" identityAttribute="br_id" objectType="unstructured">
<AttributeDefinition name="br_id" type="long"/>
<AttributeDefinition name="full_path" objectMapping="fullPath"
type="string"/>
<AttributeDefinition name="br_name" objectMapping="displayName"
type="string"/>
<AttributeDefinition name="size" objectMapping="targetSize"
type="long"/>
<AttributeDefinition name="bam_name" objectMapping="targetHost"
type="string"/>
<Attributes>
<Map>
<entry key="aggregateInherited">
<value>
<Boolean></Boolean>
</value>
</entry>
<entry key="associationAttribute" value="associations"/>
<entry key="driverClass"
value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>
<entry key="password" value="SecurityIQ_Password"/>
<entry key="referencedApplications"/>
<entry key="schemaName" value="whiteops"/>
<entry key="targetHosts"/>
<entry key="url"
value="jdbc:sqlserver://&lt;siqServer>:&lt;port>;databaseName=&lt;dbName>"/>
<entry key="user" value="SecurityIQ_User"/>
</Map>
</Attributes>
</Schema>
<Schema aggregationType="TargetAssociation"
featuresString="NO_AGGREGATION" objectType="associations">
<AttributeDefinition name="is_inherited"
objectMapping="inherited" type="boolean"/>
<AttributeDefinition name="is_allow"
objectMapping="allowPermission" type="boolean"/>
<AttributeDefinition name="is_effective"
objectMapping="effective" type="int"/>
 <AttributeDefinition name="description" type="string"/>
<AttributeDefinition name="permission_type_name"
objectMapping="rights" type="string"/>
<AttributeDefinition name="row_type" type="string"/>
<AttributeDefinition name="user_uid" type="string"/>
<AttributeDefinition name="user_id" type="string"/>
<AttributeDefinition name="user_full_name" type="string"/>
<AttributeDefinition name="role_uid" type="string"/>
<AttributeDefinition name="role_id" type="string"/>
<AttributeDefinition name="role_name" type="string"/>
<AttributeDefinition name="role_entity_type_name" type="string"/>
<AttributeDefinition name="role_domain" type="string"/>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="DISCOVER_SCHEMA" icon="databaseIcon" name="XML" type="XML">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.XMLConnector"/>
<entry key="encrypted" value="transportUserPassword"/>
<entry key="formPath" value="XMLAttributesForm.xhtml"/>
<entry key="xmlValidation" value="true"/>
</Map>
</Attributes>
</Application>
<Application connector="sailpoint.connector.SAPConnector"
featuresString="UNLOCK, SEARCH, PROVISIONING, SYNC_PROVISIONING, ENABLE, PASSWORD,
AUTHENTICATE" icon="enterpriseIcon" name="SAP Template" type="SAP - Direct">
<Attributes>
<Map>
<entry key="formPath" value="SAPAttributesForm.xhtml"/>
<entry key="retryableErrors">
<value>
<List>
<String>Server is not operational</String>
<String>Connect to SAP gateway failed</String>
</List>
</value>
</entry>
<entry key="skipInactiveRoles" value="true"/>
<entry key="unlockOnChangePassword">
<value>
<Boolean>true</Boolean>
</value>
</entry>
<entry key="useClientLanguageForLicense" value="true"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create User" objectType="account" type="Create">
<Field displayName="con_prov_policy_user_create_username"
helpKey="help_con_prov_policy_user_create_username" name="User Name"
required="true" type="string"/>
<Field displayName="con_prov_policy_user_create_userpassword"
helpKey="help_con_prov_policy_user_create_userpassword" name="password"
reviewRequired="true" type="secret"/>
<Field displayName="con_prov_policy_user_create_userlastnm"
helpKey="help_con_prov_policy_user_create_userlastnm" name="Last name"
required="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="User Name" identityAttribute="User Name"
nativeObjectType="User" objectType="account">
<AttributeDefinition name="Academic Title" type="string">
<Description>Academic title of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Academic Title 2" type="string">
<Description>2nd Academic title of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Addr Number" type="string">
<Description>Address number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Alias" type="string">
<Description>Alias name</Description>
</AttributeDefinition>
<AttributeDefinition name="Birth Name" type="string">
<Description>Birth name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Building" type="string">
<Description>Name of the building</Description>
</AttributeDefinition>
<AttributeDefinition name="Building 2" type="string">
<Description>2nd Name of the building</Description>
</AttributeDefinition>
<AttributeDefinition name="Building Long" type="string">
<Description>Long name of the building</Description>
</AttributeDefinition>
<AttributeDefinition name="Care of" type="string">
<Description>Care of name</Description>
</AttributeDefinition>
<AttributeDefinition name="Check Status" type="string">
<Description>Check status for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="City" type="string">
<Description>Name of the city</Description>
</AttributeDefinition>
<AttributeDefinition name="City Number" type="string">
<Description>Number of the city</Description>
</AttributeDefinition>
<AttributeDefinition name="Code" type="string">
<Description>Signature initials</Description>
</AttributeDefinition>
<AttributeDefinition name="Communication Language" type="string">
<Description>Communication language of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Communication type" type="string">
<Description>Communication method for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Company" type="string">
<Description>Name of the company</Description>
</AttributeDefinition>
<AttributeDefinition name="Company Address" type="string">
<Description>Address of the company</Description>
</AttributeDefinition>
<AttributeDefinition name="Company Address2" type="string">
 <Description>Address 2 of the company</Description>
</AttributeDefinition>
<AttributeDefinition name="Company Address3" type="string">
<Description>Address 3 of the company</Description>
</AttributeDefinition>
<AttributeDefinition name="Company Address4" type="string">
<Description>Address 4 of the company</Description>
</AttributeDefinition>
<AttributeDefinition name="Country" type="string">
<Description>Name of the country</Description>
</AttributeDefinition>
<AttributeDefinition name="Country ISO" type="string">
<Description>ISO name of the country</Description>
</AttributeDefinition>
<AttributeDefinition name="Delivery District" type="string">
<Description>Delivery district name</Description>
</AttributeDefinition>
<AttributeDefinition name="Department" type="string">
<Description>Department name</Description>
</AttributeDefinition>
<AttributeDefinition name="District" type="string">
<Description>District name</Description>
</AttributeDefinition>
<AttributeDefinition name="District Number" type="string">
<Description>District number for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="E-Mail" type="string">
<Description>E-mail address</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="E-Mail List"
type="string">
<Description>E-mail address list</Description>
</AttributeDefinition>
<AttributeDefinition name="Employee Number" type="string">
<Description>Employee number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Fax" type="string">
<Description>Fax number</Description>
</AttributeDefinition>
<AttributeDefinition name="Fax Extension" type="string">
<Description>Fax extension number</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Fax List" type="string">
<Description>Fax number list</Description>
</AttributeDefinition>
<AttributeDefinition name="First name" type="string">
<Description>First name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Floor" type="string">
<Description>Floor number</Description>
</AttributeDefinition>
<AttributeDefinition name="Floor 2" type="string">
<Description>Floor 2 number</Description>
</AttributeDefinition>
<AttributeDefinition name="Format" type="string">
<Description>Format name</Description>
</AttributeDefinition>
<AttributeDefinition name="FullName" type="string">
<Description>Full name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="FullName2" type="string">
<Description>Full name 2 of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Function" type="string">
<Description>Function of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="House Number 2" type="string">
<Description>House number 2 of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="House Number" type="string">
<Description>House number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="HouseNumber 3" type="string">
<Description>House number 3 of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Inhouse ML" type="string">
<Description>Inhouse mail of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Initials" type="string">
<Description>Initials of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Language CR P" type="string">
<Description>CR P language of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Language ISO" type="string">
<Description>ISO language of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Language UCP ISO" type="string">
<Description>CP ISO language of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Language UP ISO" type="string">
<Description>P ISO language of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Last name" type="string">
<Description>Last name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Location" type="string">
<Description>Location name</Description>
</AttributeDefinition>
<AttributeDefinition name="Logon Language" type="string">
<Description>Logon language for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Middle Name" type="string">
<Description>Middle name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Name Country" type="string">
<Description>Name of the country</Description>
</AttributeDefinition>
<AttributeDefinition name="Nickname" type="string">
<Description>Nickname of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Notes" type="string">
<Description>Notes for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Other City" type="string">
<Description>Name of the other city</Description>
</AttributeDefinition>
<AttributeDefinition name="Other City Number" type="string">
 <Description>Number of the other city</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Pager SMS List"
type="string">
<Description>Pager or SMS number list in the format
pager_type#pager_number</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Parameters"
type="string">
<Description>Parameter list in the format
prameter_ID=parameter_value</Description>
</AttributeDefinition>
<AttributeDefinition name="PCODE 1 Ext" type="string">
<Description>Postal code 1 extension</Description>
</AttributeDefinition>
<AttributeDefinition name="PCODE 2 Ext" type="string">
<Description>Postal code 2 extension</Description>
</AttributeDefinition>
<AttributeDefinition name="PCODE 3 Ext" type="string">
<Description>Postal code 3 extension</Description>
</AttributeDefinition>
<AttributeDefinition name="PO Box" type="string">
<Description>PO box number</Description>
</AttributeDefinition>
<AttributeDefinition name="PO Box City" type="string">
<Description>PO box number of the city</Description>
</AttributeDefinition>
<AttributeDefinition name="PO Box City ISO" type="string">
<Description>PO box number of the ISO city</Description>
</AttributeDefinition>
<AttributeDefinition name="PO Box Country" type="string">
<Description>PO box number of the country</Description>
</AttributeDefinition>
<AttributeDefinition name="PO Box Region" type="string">
<Description>PO box number of the region</Description>
</AttributeDefinition>
<AttributeDefinition name="PO Box Without Number" type="string">
<Description>PO box without number</Description>
</AttributeDefinition>
<AttributeDefinition name="Pboxcity Number" type="string">
<Description>Pbox number of the city</Description>
</AttributeDefinition>
<AttributeDefinition name="Postal Code" type="string">
<Description>Postal code of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Postal Code2" type="string">
<Description>2nd postal code of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Postal Code3" type="string">
<Description>3rd postal code of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Prefix 1" type="string">
<Description>1st prefix</Description>
</AttributeDefinition>
<AttributeDefinition name="Prefix 2" type="string">
<Description>2nd prefix</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Printer List"
type="string">
 <Description>Print destination list</Description>
</AttributeDefinition>
<AttributeDefinition name="Region" type="string">
<Description>Name of the region</Description>
</AttributeDefinition>
<AttributeDefinition name="Region Group" type="string">
<Description>Group name of the region</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Remote Communication
List" type="string">
<Description>Communication notes list</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Remote Function Call
List" type="string">
<Description>Remote function call destination
list</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Remote Mail List"
type="string">
<Description>Remote mail list of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Room Number" type="string">
<Description>Room number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Room Number 2" type="string">
<Description>2nd room number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Searc Term2 P" type="string">
<Description>2nd search term P for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Search Term P" type="string">
<Description>Search term P for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Search Term1" type="string">
<Description>1st search term for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Search Term2" type="string">
<Description>2nd search term for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Second Name" type="string">
<Description>Second name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Street Abbreviation" type="string">
<Description>Street abbreviation for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Street Address" type="string">
<Description>Street address of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Street Address2" type="string">
<Description>Street address 2 of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Street Address3" type="string">
<Description>Street address 3 of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Street Address4" type="string">
<Description>Street address 4 of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Street Number" type="string">
<Description>Street number of the user</Description>
 </AttributeDefinition>
<AttributeDefinition name="Tax Jurisdiction Code" type="string">
<Description>Tax jurisdiction code of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Telephone" type="string">
<Description>Telephone number</Description>
</AttributeDefinition>
<AttributeDefinition name="Telephone Extension" type="string">
<Description>Telephone extension number</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Telephone List"
type="string">
<Description>Telephone number list</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Teletex List"
type="string">
<Description>Teletex number list</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Telex List"
type="string">
<Description>Telex number list</Description>
</AttributeDefinition>
<AttributeDefinition name="TimeZone" type="string">
<Description>System time zone</Description>
</AttributeDefinition>
<AttributeDefinition name="TZone" type="string">
<Description>Personal time zone</Description>
</AttributeDefinition>
<AttributeDefinition name="Title" type="string">
<Description>Title of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Title SPPL" type="string">
<Description>Title SPPL of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Transportation Zone" type="string">
<Description>Transportation zone of the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="URL Homepage List"
type="string">
<Description>URL (Homepage) address list in the format
URI_type#URI_name</Description>
</AttributeDefinition>
<AttributeDefinition name="User Last Logon Time" type="string">
<Description>User last log in time</Description>
</AttributeDefinition>
<AttributeDefinition name="User Last Logon Date" type="string">
<Description>User last log in date</Description>
</AttributeDefinition>
<AttributeDefinition name="Logon Data Time Zone" type="string">
<Description>User last log time zone</Description>
</AttributeDefinition>
<AttributeDefinition name="Productive Password" type="boolean">
<Description>User password set in permanent mode</Description>
</AttributeDefinition>
<AttributeDefinition name="Password Deactivated" type="boolean">
<Description>Password Deactivated Flag</Description>
</AttributeDefinition>
<AttributeDefinition name="GUI Flag" type="boolean">
<Description>Unsecured communication permitted</Description>
 </AttributeDefinition>
<AttributeDefinition name="SNC Name" type="string">
<Description>SNC name</Description>
</AttributeDefinition>
<AttributeDefinition name="User Name" type="string">
<Description>User Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Reference User" type="string">
<Description>Reference user name</Description>
</AttributeDefinition>
<AttributeDefinition name="User Title" type="string">
<Description>Title of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="User Type" type="string">
<Description>Type of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="User Valid From" type="string">
<Description>Valid from date for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="User Valid To" type="string">
<Description>Valid to date for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Role Details" type="string">
<Description>Role Details of the User</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Systems" type="string">
<Description>Systems list </Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="X.400 List"
type="string">
<Description>Organization name list</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Roles" schemaObjectType="role" type="string">
<Description>Roles for user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Profiles" schemaObjectType="profile" type="string">
<Description>Profiles for user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="User Groups" type="string">
<Description>User group of the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Contractual User Type ID"
type="string">
<Description>Contractual user types associated with
user</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" descriptionAttribute="Description"
displayAttribute="Name" identityAttribute="Name" nativeObjectType="Role"
objectType="role">
<AttributeDefinition name="Name" type="string">
<Description>Role Name</Description>
</AttributeDefinition>
<AttributeDefinition name="Type" type="string">
<Description>Role Type</Description>
</AttributeDefinition>
 <AttributeDefinition name="Description" type="string">
<Description>Role Description</Description>
</AttributeDefinition>
<AttributeDefinition name="Subsystem" type="string">
<Description>System Name for CUA System
Aggregation</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true" name="Child
Roles" schemaObjectType="role" type="string">
<Description>Sub Role List</Description>
</AttributeDefinition>
<AttributeDefinition name="Long Description" type="string">
<Description>Role Long Description</Description>
</AttributeDefinition>
<AttributeDefinition name="Generated Profile" type="string">
<Description>System Generated Profile associated to Role which
in turn has Authorizations.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true"
name="TCodes" type="string">
<Description>Transaction Code List</Description>
</AttributeDefinition>
<AttributeDefinition name="Authorization Objects" type="string">
<Description>Authorization objects associated with
role.</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" descriptionAttribute="Description"
displayAttribute="Name" identityAttribute="ID" nativeObjectType="Profile"
objectType="profile">
<AttributeDefinition name="ID" type="string">
<Description>Profile Name along with its
Description</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Profile name</Description>
</AttributeDefinition>
<AttributeDefinition name="Type" type="string">
<Description>Profile Type</Description>
</AttributeDefinition>
<AttributeDefinition name="Description" type="string">
<Description>Profile Description</Description>
</AttributeDefinition>
<AttributeDefinition name="Subsystem" type="string">
<Description>System Name for CUA System
Aggregation</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" multi="true" name="Child
Profiles" schemaObjectType="profile" type="string">
<Description>Sub Profile List</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.TSSLDAPConnector"
featuresString="CURRENT_PASSWORD, ENABLE, UNLOCK, PROVISIONING, SYNC_PROVISIONING,
PASSWORD, MANAGER_LOOKUP, SEARCH" icon="directory2Icon" name="Top Secret LDAP
Template" type="Top Secret LDAP">
<Attributes>
 <Map>
<entry key="LDAPApplicationVersion" value="2.0"/>
<entry key="authorizationType" value="simple"/>
<entry key="formPath" value="TopSecretldapAttributesForm.xhtml"/>
<entry key="lockAttr" value="PasswordSuspended"/>
<entry key="lockVal" value="Y"/>
<entry key="revokeAttr" value="User-Suspend"/>
<entry key="revokeVal" value="Y"/>
<entry key="revokedAttrs">
<value>
<List>
<String>AdminSuspend</String>
<String>ViolationSuspended</String>
</List>
</value>
</entry>
<entry key="unlockAction" value="replace"/>
<entry key="unlockAttr" value="PasswordSuspended"/>
<entry key="unlockVal" value="N"/>
<entry key="useSSL">
<value>
<Boolean>true</Boolean>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_ldap_user_DN"
helpKey="help_con_prov_policy_tss_ldap_user_DN" name="dn" required="true"
section="" type="string"/>
<Field displayName="con_prov_policy_ldap_password"
helpKey="help_con_prov_policy_ldap_password" name="password" required="true"
section="" type="secret"/>
<Field displayName="con_prov_policy_ldap_full_name"
helpKey="help_con_prov_policy_ldap_full_name" name="Name" required="true"
section="" type="string"/>
<Field displayName="con_prov_policy_tss_ldap_department"
helpKey="help_con_prov_policy_tss_ldap_department" name="Department"
required="true" section="" type="string"/>
<Field displayName="con_prov_policy_tss_ldap_facilities"
helpKey="help_con_prov_policy_tss_ldap_facilities" name="Facilities"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_tss_ldap_tsolproc"
helpKey="help_con_prov_policy_tss_ldap_tsolproc" name="TSO-Logon-Proc"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_tss_ldap_console"
helpKey="help_con_prov_policy_tss_ldap_console" name="Console-Auth"
reviewRequired="true" type="string">
<AllowedValuesDefinition>
<Value>
<List>
<String>Y</String>
<String>N</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
</Form>
 </ProvisioningForms>
<Schemas>
<Schema displayAttribute="tssacid" identityAttribute="dn"
nativeObjectType="tssacid" objectType="account">
<AttributeDefinition name="dn" type="string">
<Description>Distinguished name of Top Secret
User</Description>
</AttributeDefinition>
<AttributeDefinition internalName="tssacid" name="ACCESSORID"
type="string">
<Description>Top Secret User Id</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>Top Secret User Object Classes</Description>
</AttributeDefinition>
<AttributeDefinition internalName="AdminAcid" multi="true"
name="AACID" type="string">
<Description>Authority levels at which ACID can manage ACIDs
within scope</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="AdminListData"
type="string">
<Description>Authority to list Security File
information</Description>
</AttributeDefinition>
<AttributeDefinition internalName="AdminMisc1" multi="true"
name="Misc1" type="string">
<Description>Authority to perform one or more administrative
functions (LCF, INSTDATA, USER, LTIME, SUSPEND, NOATS, RDT, TSSSIM,
ALL)</Description>
</AttributeDefinition>
<AttributeDefinition internalName="AdminMisc2" multi="true"
name="Misc2" type="string">
<Description>Authority to perform one or more administrative
functions (ALL, SMS, TSO, NDT, DLF, APPCLU, WORKATTR, TARGET)</Description>
</AttributeDefinition>
<AttributeDefinition internalName="AdminMisc3" multi="true"
name="Misc3" type="string">
<Description>Authority to perform one or more administrative
functions (ALL, SDT, PTOK)</Description>
</AttributeDefinition>
<AttributeDefinition internalName="AdminMisc8" multi="true"
name="Misc8" type="string">
<Description>Authority to list the contents of the RDT, FDT or
STC or to use the ASUSPEND administrative function (LISTRDT, LISTSTC, LISTAPLU,
LISTSDT, MCS, NOMVSDF, PWMAINT, REMASUSP, ALL)</Description>
</AttributeDefinition>
<AttributeDefinition internalName="AdminMisc9" multi="true"
name="Misc9" type="string">
<Description>Authority to perform one or more high-level
administrative functions (BYPASS, TRACE, CONSOLE, MASTFAC, MODE, STC, GLOBAL,
GENERIC, ALL)</Description>
</AttributeDefinition>
<AttributeDefinition internalName="AdminSuspend" name="ASUSPEND"
type="string">
<Description>Account is suspended due to administrator
action</Description>
</AttributeDefinition>
 <AttributeDefinition internalName="Bypass-Dsn-Check"
name="NODSNCHK" type="string">
<Description>CA Top Secret bypasses all data set access
security checks for this ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="CICS-Auto-Transaction"
name="SITRAN" type="string">
<Description>CICS transaction CA Top Secret automatically
executes after an ACID successfully signs on to a facility</Description>
</AttributeDefinition>
<AttributeDefinition internalName="CICS-Oper-Class"
name="OPCLASS" required="true" type="string">
<Description>CICS operator classes</Description>
</AttributeDefinition>
<AttributeDefinition internalName="CICS-Oper-Identification"
name="OPIDENT" type="string">
<Description>CICS operator identification value equal to the
ACID OPIDENT entry in the CICS SNT (Signon Table)</Description>
</AttributeDefinition>
<AttributeDefinition internalName="CICS-Oper-Priority"
name="OPPRTY" type="string">
<Description>CICS operator priority of associated
ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="CICS-Security-Key"
multi="true" name="SCTYKEY" type="string">
<Description>CICS security keys an ACID may use.</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Console-Auth" name="CONSOLE"
type="string">
<Description>Ability to modify control options by
ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Created-Date" name="CREATED"
type="string">
<Description>Date ACID was created</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Department" name="DEPT"
type="string">
<Description>Department ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Division" name="DIVISION"
type="string">
<Description>Division ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Expires" name="EXPIRE"
type="string">
<Description>Expiration date of ACID</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true"
internalName="groupmemberOf" managed="true" multi="true" name="GROUPS"
schemaObjectType="TopSecretGroup" type="string">
<Description>List of Groups a Top Secret User is a
member</Description>
</AttributeDefinition>
<AttributeDefinition internalName="InstallationExitSuspended"
name="XSUSPEND" type="string">
<Description>Account is suspended due to CA-Top Secret
Installation exit</Description>
 </AttributeDefinition>
<AttributeDefinition internalName="Last-Access-Count" name="LAST-
COUNT" type="string">
<Description>Number of times the ACID has been used (logon
times since user was defined)</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Master-Facility"
name="MASTFAC" type="string">
<Description>Multi-user facility name</Description>
</AttributeDefinition>
<AttributeDefinition internalName="MCS-Authorized-Cmds"
name="MCSAUTH" type="string">
<Description>Authorize the operator commands that can be
entered from the console</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" internalName="memberOf"
managed="true" multi="true" name="PROFILES" schemaObjectType="TopSecretProfile"
type="string">
<Description>List of Profiles a Top Secret User is a
member</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Modified-Date" name="MODIFIED"
type="string">
<Description>Last date and time when ACID was
updated</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Name" name="NAME"
type="string">
<Description>Name of ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="No-Password-Chg"
name="NOPWCHG" type="string">
<Description>Prevent ACID from changing passwords at signon or
initiation</Description>
</AttributeDefinition>
<AttributeDefinition name="OIDCARD" type="string">
<Description>Prompt ACID to insert identification cards into a
batch reader whenever signing on to TSO</Description>
</AttributeDefinition>
<AttributeDefinition internalName="OMVS-Dflt-Group"
name="DFLTGRP" type="string">
<Description>Default group to an ACID operating under
OpenEdition MVS</Description>
</AttributeDefinition>
<AttributeDefinition internalName="OMVS-Home-Subdir" name="HOME"
type="string">
<Description>Subdirectory of ACID under OMVS</Description>
</AttributeDefinition>
<AttributeDefinition internalName="OMVS-User-ID" name="UID"
type="string">
<Description>Numeric UID value for security within
USS</Description>
</AttributeDefinition>
<AttributeDefinition internalName="PasswordSuspended"
name="PSUSPEND" type="string">
<Description>Account is suspended due to password
violation</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Physical-Security-Key"
multi="true" name="PHYSKEY" type="string">
<Description>Physical security key to support external
authentication devices.</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Hold-Class"
name="TSOHCLASS" type="string">
<Description>Default hold class for TSO-generated JCL for TSO
users</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Job-Class"
name="TSOJCLASS" type="string">
<Description>Job class for TSO generated job cards from TSO
users.</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Logon-Account"
name="TSOLACCT" type="string">
<Description>TSO Default account number</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Logon-Command"
name="TSOCOMMAND" type="string">
<Description>Default command issued at TSO logon</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Logon-Proc"
name="TSOLPROC" type="string">
<Description>Default procedure used for TSO logon</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Max-Region-Size"
name="TSOMSIZE" type="string">
<Description>Maximum region size (in kilobytes) that a TSO user
may specify at logon</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Message-Class"
name="TSOMCLASS" type="string">
<Description>Default message class for TSO generated JCL for
TSO users</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Multiple-Passwords"
name="TSOMPW" type="string">
<Description>Support multiple TSO UADS passwords, on a user-by-
user basis</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Options" name="TSOOPT"
type="string">
<Description>default options that a TSO user may specify at
logon</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Output-Destination"
name="TSODEST" type="string">
<Description>Default destination identifier for TSO generated
JCL for TSO users.</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Performance-Grp"
name="TSODEFPRFG" type="string">
<Description>Default TSO performance group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Region-Size"
name="TSOLSIZE" type="string">
<Description>Default region size (in kilobytes) for
TSO</Description>
 </AttributeDefinition>
<AttributeDefinition internalName="TSO-Sysout-Class"
name="TSOSCLASS" type="string">
<Description>Default SYSOUT class for TSO generated JCL for TSO
users</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-Unit" name="TSOUNIT"
type="string">
<Description>Default unit name for dynamic allocations under
TSO</Description>
</AttributeDefinition>
<AttributeDefinition internalName="TSO-User-Data" name="TSOUDATA"
type="string">
<Description>Site-defined data field to a TSO
user</Description>
</AttributeDefinition>
<AttributeDefinition internalName="User-Access" multi="true"
name="USER" type="string">
<Description>User defined classes and resources</Description>
</AttributeDefinition>
<AttributeDefinition internalName="userPassword-Expire"
name="PASSEXPD" type="string">
<Description>Expiration date of password</Description>
</AttributeDefinition>
<AttributeDefinition internalName="userPassword-Interval"
name="PASSINTV" type="string">
<Description>Number of days during which password remains
valid</Description>
</AttributeDefinition>
<AttributeDefinition internalName="User-Type" name="TYPE"
type="string">
<Description>ACID type
(MSCA,LSCA,SCA,ZCA,VCA,MCA,USER)</Description>
</AttributeDefinition>
<AttributeDefinition internalName="ViolationSuspended"
name="VSUSPEND" type="string">
<Description>Account is suspended due to access violation
</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Zone" name="ZONE"
type="string">
<Description>Zone ACID</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="tssprofile" identityAttribute="dn"
nativeObjectType="tssprofile" objectType="TopSecretProfile">
<AttributeDefinition name="dn" type="string">
<Description>Distinguished name of Top Secret
Profile</Description>
</AttributeDefinition>
<AttributeDefinition internalName="tssprofile" name="ACCESSORID"
type="string">
<Description>Top Secret Profile Id</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>Top Secret Profile Object Classes</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Audit-Attr" name="AUDIT"
type="string">
<Description>Allow an audit of ACID activity</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Created-Date" name="CREATED"
type="string">
<Description>Date ACID was created</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Department" name="DEPT"
type="string">
<Description>Department ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Division" name="DIVISION"
type="string">
<Description>Division ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Globally-Admin-Profile"
name="GAP" type="string">
<Description>Globally administered profile</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Modified-Date" name="MODIFIED"
type="string">
<Description>Last date and time when ACID was
updated</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Name" name="NAME"
type="string">
<Description>Name of ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="No-Password-Chg"
name="NOPWCHG" type="string">
<Description>Prevent ACID from changing passwords at signon or
initiation</Description>
</AttributeDefinition>
<AttributeDefinition name="OIDCARD" type="string">
<Description>Prompt ACID to insert identification cards into a
batch reader whenever signing on to TSO</Description>
</AttributeDefinition>
<AttributeDefinition internalName="OMVS-Group-ID" name="GID"
type="string">
<Description>Group identification for OMVS</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Source-Reader" multi="true"
name="SOURCE" type="string">
<Description>Source reader or terminal prefixes through which
the associated ACID may enter the system</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Terminal-Lock-Time"
multi="true" name="LTIME" type="string">
<Description>How long (in minutes) until terminal of ACID locks
if CA Top Secret does not detect activity at that terminal</Description>
</AttributeDefinition>
<AttributeDefinition internalName="User-Type" name="TYPE"
type="string">
<Description>ACID type</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Zone" name="ZONE"
type="string">
<Description>Zone ACID</Description>
</AttributeDefinition>
 </Schema>
<Schema displayAttribute="tssgroup" identityAttribute="dn"
nativeObjectType="tssgroup" objectType="TopSecretGroup">
<AttributeDefinition name="dn" type="string">
<Description>Distinguished name of Top Secret
Group</Description>
</AttributeDefinition>
<AttributeDefinition internalName="tssgroup" name="ACCESSORID"
type="string">
<Description>Top Secret Group Id</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="objectClass"
type="string">
<Description>Top Secret Group Object Classes</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Audit-Attr" name="AUDIT"
type="string">
<Description>Allow an audit of ACID activity</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Created-Date" name="CREATED"
type="string">
<Description>Date ACID was created</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Department" name="DEPT"
type="string">
<Description>Department ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Division" name="DIVISION"
type="string">
<Description>Division ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Globally-Admin-Profile"
name="GAP" type="string">
<Description>Globally administered profile</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Modified-Date" name="MODIFIED"
type="string">
<Description>Last date and time when ACID was
updated</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Name" name="NAME"
type="string">
<Description>Name of ACID</Description>
</AttributeDefinition>
<AttributeDefinition internalName="No-Password-Chg"
name="NOPWCHG" type="string">
<Description>Prevent ACID from changing passwords at signon or
initiation</Description>
</AttributeDefinition>
<AttributeDefinition name="OIDCARD" type="string">
<Description>Prompt ACID to insert identification cards into a
batch reader whenever signing on to TSO</Description>
</AttributeDefinition>
<AttributeDefinition internalName="OMVS-Group-ID" name="GID"
type="string">
<Description>Group identification for OMVS</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Source-Reader" multi="true"
name="SOURCE" type="string">
 <Description>Source reader or terminal prefixes through which
the associated ACID may enter the system</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Terminal-Lock-Time"
multi="true" name="LTIME" type="string">
<Description>How long (in minutes) until terminal of ACID locks
if CA Top Secret does not detect activity at that terminal</Description>
</AttributeDefinition>
<AttributeDefinition internalName="User-Type" name="TYPE"
type="string">
<Description>ACID type</Description>
</AttributeDefinition>
<AttributeDefinition internalName="Zone" name="ZONE"
type="string">
<Description>Zone ACID</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.JDBCConnector"
featuresString="DISCOVER_SCHEMA, PROVISIONING, SYNC_PROVISIONING,
DIRECT_PERMISSIONS, SEARCH, ENABLE, UNLOCK" icon="databaseIcon" name="JDBC
Template" type="JDBC">
<Attributes>
<Map>
<entry key="formPath" value="JDBCAttributesForm.xhtml"/>
<entry key="formPathRules" value="JDBCRulesForm.xhtml"/>
<entry key="jdbcExceptionBucketing">
<value>
<Boolean>true</Boolean>
</value>
</entry>
</Map>
</Attributes>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, PASSWORD, ENABLE, SEARCH, DIRECT_PERMISSIONS"
icon="internetIcon" name="Cerner" type="Cerner">
<Attributes>
<Map>
<entry key="CAConnector" value="true"/>
<entry key="connectorClass"
value="openconnector.connector.CernerConnector"/>
<entry key="encrypted" value="targetID"/>
<entry key="formPath" value="CernerAttributesForm.xhtml"/>
<entry key="isActive">
<value>
<Boolean>true</Boolean>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
<value>
<DynamicValue value=""/>
 </value>
</entry>
</Map>
</Attributes>
<Field displayName="con_prov_policy_Cerner_FirstName"
helpKey="help_con_prov_policy_Cerner_FirstName" name="firstName" required="true"
reviewRequired="true" section="Personnel Information" type="string"/>
<Field displayName="con_prov_policy_Cerner_LastName"
helpKey="help_con_prov_policy_Cerner_lastName" name="lastName" required="true"
reviewRequired="true" section="Personnel Information" type="string"/>
<Field displayName="con_prov_policy_Cerner_UserName"
helpKey="help_con_prov_policy_Cerner_UserName" name="username" required="true"
reviewRequired="true" section="Account Information" type="string">
<Script>
<Source>
return identity.getName();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_Cerner_Password"
helpKey="help_con_prov_policy_Cerner_Password" name="password" required="true"
reviewRequired="true" section="Account Information" type="secret"/>
<Field displayName="con_prov_policy_Cerner_confLevel"
name="formConfLevel" required="true" reviewRequired="true" type="string"
value="Yes">
<AllowedValuesDefinition>
<Value>
<List>
<String>Yes</String>
<String>No</String>
<String>No Access</String>
<String>NonClinical</String>
<String>Psychiatric</String>
<String>ZRoutClinical</String>
<String>ZSecurity</String>
<String>ZUnknown n</String>
<String>ZUnprotected</String>
<String>ZSensitive</String>
<String>Not Confidential</String>
<String>Confidential</String>
<String>Strictly Confidential</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
</Form>
<Form name="Update" objectType="account" type="Update">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
<value>
<DynamicValue value=""/>
</value>
</entry>
</Map>
</Attributes>
<Field displayName="con_prov_policy_Cerner_confLevel"
name="formConfLevel" required="true" reviewRequired="true" type="string"
value="Yes">
 <AllowedValuesDefinition>
<Value>
<List>
<String>Yes</String>
<String>No</String>
<String>No Access</String>
<String>NonClinical</String>
<String>Psychiatric</String>
<String>ZRoutClinical</String>
<String>ZSecurity</String>
<String>ZUnknown n</String>
<String>ZUnprotected</String>
<String>ZSensitive</String>
<String>Not Confidential</String>
<String>Confidential</String>
<String>Strictly Confidential</String>
</List>
</Value>
</AllowedValuesDefinition>
</Field>
</Form>
<Form name="Delete" objectType="account" type="Delete">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
<value>
<DynamicValue value=""/>
</value>
</entry>
</Map>
</Attributes>
</Form>
<Form name="Enable" objectType="account" type="Enable">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
<value>
<DynamicValue value=""/>
</value>
</entry>
</Map>
</Attributes>
</Form>
<Form name="Disable" objectType="account" type="Disable">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
<value>
<DynamicValue value=""/>
</value>
</entry>
</Map>
</Attributes>
</Form>
<Form name="Change Password" objectType="account"
type="ChangePassword">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
 <value>
<DynamicValue value=""/>
</value>
</entry>
</Map>
</Attributes>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="displayName" groupAttribute="position"
identityAttribute="ID" includePermissions="true" nativeObjectType="account"
objectType="account">
<AttributeDefinition name="ID" remediationModificationType="None"
type="string">
<Description>unique identifier of an account</Description>
</AttributeDefinition>
<AttributeDefinition name="firstName"
remediationModificationType="None" type="string">
<Description>first name for the personnel.</Description>
</AttributeDefinition>
<AttributeDefinition name="lastName"
remediationModificationType="None" type="string">
<Description>last name (surname) for the
personnel.</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName"
remediationModificationType="None" type="string">
<Description>display name for the personnel.</Description>
</AttributeDefinition>
<AttributeDefinition name="middleName"
remediationModificationType="None" type="string">
<Description>the middle name for the personnel.</Description>
</AttributeDefinition>
<AttributeDefinition name="suffix"
remediationModificationType="None" type="string">
<Description>the suffix (or list of suffixes) for the
personnel.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="privilege"
remediationModificationType="None" type="string">
<Description>the privileges assigned to the
personnel</Description>
</AttributeDefinition>
<AttributeDefinition name="birthdate"
remediationModificationType="None" type="string">
<Description>the date/time of birth for the
personnel.</Description>
</AttributeDefinition>
<AttributeDefinition name="gender"
remediationModificationType="None" type="string">
<Description>the gender of the personnel.</Description>
</AttributeDefinition>
<AttributeDefinition name="username"
remediationModificationType="None" type="string">
<Description>the user name associated with the account. The
value of the user name field must be unique within the system.</Description>
</AttributeDefinition>
<AttributeDefinition name="directoryIndicator"
remediationModificationType="None" type="string">
 <Description>It contains an indicator of whether or not the
user is an LDAP directory user.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="restriction"
remediationModificationType="None" type="string">
<Description>the restrictions given to an
account.</Description>
</AttributeDefinition>
<AttributeDefinition name="title"
remediationModificationType="None" type="string">
<Description>the title (or list of titles) for the personnel,
Dr. Mr. etc</Description>
</AttributeDefinition>
<AttributeDefinition name="physicianInd"
remediationModificationType="None" type="string">
<Description>an indicator of whether or not the personnel is a
physician</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
name="position" remediationModificationType="None" schemaObjectType="group"
type="string">
<Description>the position assigned to the
personnel.</Description>
</AttributeDefinition>
<AttributeDefinition name="beginEffectiveDateTime"
remediationModificationType="None" type="string">
<Description>the date/time at which the personnel
becomes/became effective</Description>
</AttributeDefinition>
<AttributeDefinition name="endEffectiveDateTime"
remediationModificationType="None" type="string">
<Description>the date/time at which the personnel ceases/ceased
to be effective.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="organizationGroup" remediationModificationType="None"
schemaObjectType="organizationGroup" type="string">
<Description>organization groups associated to the
personnel</Description>
</AttributeDefinition>
<AttributeDefinition name="confidentialityLevel"
remediationModificationType="None" type="string">
<Description>the confidentiality level that applies to the
relationship with organization</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="personnelAlias"
remediationModificationType="None" type="string">
<Description>It contains personnel alias
information</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="credential"
remediationModificationType="None" type="string">
<Description>It contains credential information</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="personnelGroup"
remediationModificationType="None" type="string">
<Description>It contains personnel group
information</Description>
</AttributeDefinition>
 </Schema>
<Schema displayAttribute="display" identityAttribute="ID"
nativeObjectType="group" objectType="group">
<AttributeDefinition name="ID" type="string">
<Description>unique identifier of a group</Description>
</AttributeDefinition>
<AttributeDefinition name="display" type="string">
<Description>display value of a group</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="Display"
identityAttribute="Id" nativeObjectType="organizationGroup"
objectType="organizationGroup">
<AttributeDefinition name="Id" type="string">
<Description>Unique identifier of organization
group</Description>
</AttributeDefinition>
<AttributeDefinition name="Display" type="string">
<Description>Display value of organization group</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, PASSWORD, ENABLE, SEARCH, UNLOCK" icon="internetIcon"
name="EPIC" type="EPIC">
<Attributes>
<Map>
<entry key="CAConnector" value="true"/>
<entry key="CoreStubUrl" value="/httplistener.ashx"/>
<entry key="EpicSOAP1.1EndPointsMap">
<value>
<Map>
<entry key="CommonUser2011"
value="wcf/Epic.Common.GeneratedServices/User.svc/basic"/>
<entry key="PersonnelManagement2012"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/basic"/>
<entry key="PersonnelManagement2014"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/basic_2014"/>
<entry key="PersonnelManagement2015"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/basic_2015"/>
<entry key="PersonnelManagement2016"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/basic_2016"/>
<entry key="PersonnelManagement2017"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/basic_2017"/>
</Map>
</value>
</entry>
<entry key="EpicSOAP1.2EndPointsMap">
<value>
<Map>
<entry key="CommonUser2011"
value="wcf/Epic.Common.GeneratedServices/User.svc"/>
<entry key="PersonnelManagement2012"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/"/>
<entry key="PersonnelManagement2014"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/2014"/>
<entry key="PersonnelManagement2015"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/2015"/>
 <entry key="PersonnelManagement2016"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/2016"/>
<entry key="PersonnelManagement2017"
value="wcf/Epic.Security.GeneratedServices/PersonnelManagement.svc/2017"/>
</Map>
</value>
</entry>
<entry key="connectorClass"
value="openconnector.connector.EPICConnector"/>
<entry key="encrypted"
value="authUserPassword,coreWSSecurityPassword,commonWSSecurityPassword,auditUserPa
ssword"/>
<entry key="formPath" value="EPICAttributesForm.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_Name"
helpKey="help_con_prov_policy_Name" name="Name" required="true"
reviewRequired="true" type="string">
<Script>
<Source>
return identity.getName();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_Password"
helpKey="help_con_prov_policy_Password" name="password" required="true"
reviewRequired="true" type="secret"/>
<Field displayName="con_prov_policy_DefaultloginDept"
helpKey="help_con_prov_policy_DefaultLoginDept" name="DefaultLoginDepartmentID"
reviewRequired="true" type="string"/>
<Field displayName="con_epic_prov_policy_DefaultLinkedTemplateID"
helpKey="help_epic_con_prov_policy_DefaultLinkedTemplateID"
name="DefaultLinkedTemplateID" reviewRequired="true" type="string"/>
<Field displayName="con_epic_prov_policy_UserID"
helpKey="help_con_prov_policy_UserID" name="UserInternalID" reviewRequired="true"
type="string"/>
<Field displayName="con_prov_policy_StartDate"
helpKey="help_con_prov_policy_StartDate" name="StartDate" reviewRequired="true"
type="date"/>
<Field displayName="con_prov_policy_EndDate"
helpKey="help_con_prov_policy_EndDate" name="EndDate" reviewRequired="true"
type="date"/>
<Field displayName="con_prov_policy_SystemLoginID"
helpKey="help_con_prov_policy_SystemLoginID" name="SystemLoginID" required="true"
reviewRequired="true" type="string">
<Script>
<Source>return identity.getName();</Source>
</Script>
</Field>
<Field displayName="con_epic_prov_policy_Notes"
helpKey="help_epic_prov_policy_Notes" name="Notes" reviewRequired="true"
type="string"/>
<Field displayName="con_epic_prov_policy_ContactComment"
helpKey="help_epic_prov_policy_ContactComment" name="ContactComment"
reviewRequired="true" type="string" value="Epic account created by SailPoint
Identity Management."/>
<Field displayName="con_epic_prov_policy_LDAPOverrideID"
helpKey="help_epic_prov_policy_LDAPOverrideID" name="LDAPOverrideID"
reviewRequired="true" type="string"/>
<Field displayName="con_epic_prov_policy_UserDictionaryPath"
helpKey="help_epic_prov_policy_UserDictionaryPath" name="UserDictionaryPath"
reviewRequired="true" type="string"/>
<Field
displayName="con_epic_prov_policy_AuthenticationConfigurationID"
helpKey="help_epic_prov_policy_AuthenticationConfigurationID"
name="AuthenticationConfigurationID" reviewRequired="true" type="string"/>
<Field
displayName="con_epic_prov_policy_CustomUserDictionary_index_0"
helpKey="help_epic_prov_policy_CustomUserDictionary_index"
name="CustomUserDictionary_index_0" reviewRequired="true" type="string"/>
<Field
displayName="con_epic_prov_policy_CustomUserDictionary_value_0"
helpKey="help_epic_prov_policy_CustomUserDictionary_value"
name="CustomUserDictionary_value_0" reviewRequired="true" type="string"/>
<Field
displayName="con_epic_prov_policy_CustomUserDictionary_index_1"
helpKey="help_epic_prov_policy_CustomUserDictionary_index"
name="CustomUserDictionary_index_1" reviewRequired="true" type="string"/>
<Field
displayName="con_epic_prov_policy_CustomUserDictionary_value_1"
helpKey="help_epic_prov_policy_CustomUserDictionary_value"
name="CustomUserDictionary_value_1" reviewRequired="true" type="string"/>
<Field displayName="con_epic_prov_policy_ExternalIdentifier_id_0"
helpKey="help_epic_prov_policy_ExternalIdentifier_id"
name="ExternalIdentifier_id_0" reviewRequired="true" type="string"/>
<Field
displayName="con_epic_prov_policy_ExternalIdentifier_type_0"
helpKey="help_epic_prov_policy_ExternalIdentifier_type"
name="ExternalIdentifier_type_0" reviewRequired="true" type="string"/>
<Field
displayName="con_epic_prov_policy_ExternalIdentifier_password_0"
helpKey="help_epic_prov_policy_ExternalIdentifier_password"
name="ExternalIdentifier_password_0" reviewRequired="true" type="secret"/>
<Field
displayName="con_epic_prov_policy_ExternalIdentifier_isActive_0"
helpKey="help_epic_prov_policy_ExternalIdentifier_isActive"
name="ExternalIdentifier_isActive_0" reviewRequired="true" type="boolean"/>
<Field displayName="con_epic_prov_policy_ExternalIdentifier_id_1"
helpKey="help_epic_prov_policy_ExternalIdentifier_id"
name="ExternalIdentifier_id_1" reviewRequired="true" type="string"/>
<Field
displayName="con_epic_prov_policy_ExternalIdentifier_type_1"
helpKey="help_epic_prov_policy_ExternalIdentifier_type"
name="ExternalIdentifier_type_1" reviewRequired="true" type="string"/>
<Field
displayName="con_epic_prov_policy_ExternalIdentifier_password_1"
helpKey="help_epic_prov_policy_ExternalIdentifier_password"
name="ExternalIdentifier_password_1" reviewRequired="true" type="secret"/>
<Field
displayName="con_epic_prov_policy_ExternalIdentifier_isActive_1"
helpKey="help_epic_prov_policy_ExternalIdentifier_isActive"
name="ExternalIdentifier_isActive_1" reviewRequired="true" type="boolean"/>
<Field
displayName="con_epic_prov_policy_EmployeeDemographics_Index_0"
helpKey="help_epic_prov_policy_EmployeeDemographics_Index"
name="EmployeeDemographics_Index_0" reviewRequired="true" type="String"/>
 <Field
displayName="con_epic_prov_policy_EmployeeDemographics_EmployeeDemographic1_0"
helpKey="help_epic_prov_policy_EmployeeDemographics_EmployeeDemographic1"
name="EmployeeDemographics_EmployeeDemographic1_0" reviewRequired="true"
type="String"/>
<Field
displayName="con_epic_prov_policy_EmployeeDemographics_EmployeeDemographic2_0"
helpKey="help_epic_prov_policy_EmployeeDemographics_EmployeeDemographic2"
name="EmployeeDemographics_EmployeeDemographic2_0" reviewRequired="true"
type="String"/>
<Field
displayName="con_epic_prov_policy_EmployeeDemographics_EmployeeDemographic3_0"
helpKey="help_epic_prov_policy_EmployeeDemographics_EmployeeDemographic3"
name="EmployeeDemographics_EmployeeDemographic3_0" reviewRequired="true"
type="String"/>
<Field
displayName="con_epic_prov_policy_EmployeeDemographics_Index_1"
helpKey="help_epic_prov_policy_EmployeeDemographics_Index"
name="EmployeeDemographics_Index_1" reviewRequired="true" type="String"/>
<Field
displayName="con_epic_prov_policy_EmployeeDemographics_EmployeeDemographic1_1"
helpKey="help_epic_prov_policy_EmployeeDemographics_EmployeeDemographic1"
name="EmployeeDemographics_EmployeeDemographic1_1" reviewRequired="true"
type="String"/>
<Field
displayName="con_epic_prov_policy_EmployeeDemographics_EmployeeDemographic2_1"
helpKey="help_epic_prov_policy_EmployeeDemographics_EmployeeDemographic2"
name="EmployeeDemographics_EmployeeDemographic2_1" reviewRequired="true"
type="String"/>
<Field
displayName="con_epic_prov_policy_EmployeeDemographics_EmployeeDemographic3_1"
helpKey="help_epic_prov_policy_EmployeeDemographics_EmployeeDemographic3"
name="EmployeeDemographics_EmployeeDemographic3_1" reviewRequired="true"
type="String"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="Name" identityAttribute="UserID"
nativeObjectType="account" objectType="account">
<AttributeDefinition name="Name"
remediationModificationType="None" type="string">
<Description>Full Name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="UserID"
remediationModificationType="None" type="string">
<Description>User Id of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="SystemLoginID"
remediationModificationType="None" type="string">
<Description>Login Id of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="UserAlias"
remediationModificationType="None" type="string">
<Description>User Alias</Description>
</AttributeDefinition>
<AttributeDefinition name="StartDate"
remediationModificationType="None" type="string">
<Description>Start date of the user account</Description>
</AttributeDefinition>
 <AttributeDefinition name="IsPasswordChangeRequired"
remediationModificationType="None" type="boolean">
<Description>Password Change Required Flag</Description>
</AttributeDefinition>
<AttributeDefinition name="EndDate"
remediationModificationType="None" type="string">
<Description>End date of the user account</Description>
</AttributeDefinition>
<AttributeDefinition name="IsActive"
remediationModificationType="None" type="boolean">
<Description>Indicates whether this User is allowed to log into
Epic</Description>
</AttributeDefinition>
<AttributeDefinition name="IsBlocked"
remediationModificationType="None" type="boolean">
<Description>Indicates whether this User is blocked from
logging into Epic</Description>
</AttributeDefinition>
<AttributeDefinition name="BlockReason"
remediationModificationType="None" type="string">
<Description>The reason why the User account is
blocked</Description>
</AttributeDefinition>
<AttributeDefinition name="BlockComment"
remediationModificationType="None" type="string">
<Description>A freetext comment about why the User is
blocked</Description>
</AttributeDefinition>
<AttributeDefinition name="DefaultLoginDepartmentID"
remediationModificationType="None" type="string">
<Description>Name of default login department</Description>
</AttributeDefinition>
<AttributeDefinition name="AuthenticationConfigurationID"
remediationModificationType="None" type="string">
<Description>Authentication Configuration </Description>
</AttributeDefinition>
<AttributeDefinition name="LinkedProviderID"
remediationModificationType="None" type="string">
<Description>Linked Provider Id of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="DefaultLinkedTemplateID"
remediationModificationType="None" type="string">
<Description>The default linkable template for this
user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="LinkedTemplateID" schemaObjectType="group" type="string">
<Description>Linked template Id of the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="LinkedTemplateConfig"
remediationModificationType="None" type="string">
<Description>List of LinkedTemplateConfig objects pointing to
the template setup for the user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="LinkedSubtemplateIDs" schemaObjectType="linkedSubTemplate"
type="string">
<Description>List of Linked Subtemplate Ids</Description>
</AttributeDefinition>
 <AttributeDefinition entitlement="true" managed="true"
multi="true" name="InBasketClassifications"
schemaObjectType="InBasketClassification" type="string">
<Description>List of InBasketClassification Id's</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="UserRoles" type="string">
<Description>User Roles</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="ExternalIdentifiers"
type="string">
<Description>External identifiers are specifically used to
allow a lightweight way to manage user identity in multiple systems</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CustomUserDictionaries"
type="string">
<Description>Custom dictionaries allow users to maintain their
own spellcheck corrections</Description>
</AttributeDefinition>
<AttributeDefinition name="Notes"
remediationModificationType="None" type="string">
<Description>Freetext notes about this User</Description>
</AttributeDefinition>
<AttributeDefinition name="ContactDate"
remediationModificationType="None" type="string">
<Description>The date the User was created. Defaults to the
current date if not provided</Description>
</AttributeDefinition>
<AttributeDefinition name="ContactComment"
remediationModificationType="None" type="string">
<Description>A comment associated with the most recent revision
of the User's record</Description>
</AttributeDefinition>
<AttributeDefinition name="UserDictionaryPath"
remediationModificationType="None" type="string">
<Description>The file path at which custom user dictionary
files can be found</Description>
</AttributeDefinition>
<AttributeDefinition name="LDAPOverrideID"
remediationModificationType="None" type="string">
<Description>A string that can be provided to identify the User
to the LDAP server in place of the SystemLogin</Description>
</AttributeDefinition>
<AttributeDefinition name="ReportGrouper1"
remediationModificationType="None" type="string">
<Description>Report groupers are used to segregate users for
highly specific reporting and statistics needs</Description>
</AttributeDefinition>
<AttributeDefinition name="ReportGrouper2"
remediationModificationType="None" type="string">
<Description>Report groupers are used to segregate users for
highly specific reporting and statistics needs</Description>
</AttributeDefinition>
<AttributeDefinition name="ReportGrouper3"
remediationModificationType="None" type="string">
<Description>Report groupers are used to segregate users for
highly specific reporting and statistics needs</Description>
</AttributeDefinition>
<AttributeDefinition name="UserPhotoPath"
remediationModificationType="None" type="string">
 <Description>A URL or file path to a picture of this
user</Description>
</AttributeDefinition>
<AttributeDefinition name="Sex"
remediationModificationType="None" type="string">
<Description>The User's legal sex, typically. Valid values
include the Male, Female, Unknown</Description>
</AttributeDefinition>
<AttributeDefinition name="ProviderAtLoginOption"
remediationModificationType="None" type="String">
<Description>How shall the User be prompted to choose an
associated provider upon login</Description>
</AttributeDefinition>
<AttributeDefinition name="ForceContactCreation"
remediationModificationType="None" type="boolean">
<Description>If true, the provided values will be filed to a
new "contact" for the User, meaning that previous values will be
retained</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="EmployeeDemographics"
remediationModificationType="None" type="string">
<Description>This parameter is used to provide certain specific
information about the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CategoryReportGrouper1"
remediationModificationType="None" type="string">
<Description>Report groupers are used to segregate users for
highly specific reporting and statistics needs</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CategoryReportGrouper2"
remediationModificationType="None" type="string">
<Description>Report groupers are used to segregate users for
highly specific reporting and statistics needs</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CategoryReportGrouper3"
remediationModificationType="None" type="string">
<Description>Report groupers are used to segregate users for
highly specific reporting and statistics needs</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CategoryReportGrouper4"
remediationModificationType="None" type="string">
<Description>Report groupers are used to segregate users for
highly specific reporting and statistics needs</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CategoryReportGrouper5"
remediationModificationType="None" type="string">
<Description>Report groupers are used to segregate users for
highly specific reporting and statistics needs</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="CategoryReportGrouper6"
remediationModificationType="None" type="string">
<Description>Report groupers are used to segregate users for
highly specific reporting and statistics needs</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_AcademicTitle"
remediationModificationType="None" type="string">
<Description>Academic title of the user. e.g. Phd, MD, Dr, DDS,
DD etc.</Description>
</AttributeDefinition>
 <AttributeDefinition name="UserComplexName_FatherName"
remediationModificationType="None" type="string">
<Description>The user's father's name, typically used for
constructing Arabic names</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_FirstName"
remediationModificationType="None" type="string">
<Description>The first or given name of the User</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_GivenNameInitials"
remediationModificationType="None" type="string">
<Description>Initials for the first name</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_GrandfatherName"
remediationModificationType="None" type="string">
<Description>The user's grandfather's name, typically used for
constructing Arabic names</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_LastName"
remediationModificationType="None" type="string">
<Description>The user's last or family name</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_LastNamePrefix"
remediationModificationType="None" type="string">
<Description>The user's last name prefix</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_PrimaryTitle"
remediationModificationType="None" type="string">
<Description>Primary title of the user. e.g Mr., Miss, Dr., Ms.
etc.</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_SpouseLastName"
remediationModificationType="None" type="string">
<Description>The last, or family name of the user's
spouse</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_SpouseLastNameFirst"
remediationModificationType="None" type="boolean">
<Description>"Yes" or "No." If "Yes", the spouse's last name
will appear first in the hyphenated last name</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_SpousePrefix"
remediationModificationType="None" type="string">
<Description>The user's spouse prefix</Description>
</AttributeDefinition>
<AttributeDefinition name="UserComplexName_Suffix"
remediationModificationType="None" type="string">
<Description>Suffix of user e.g. Sr., Jr., I, II,
III</Description>
</AttributeDefinition>
<AttributeDefinition name="CommunityUser_WebExternalIdentifier"
remediationModificationType="None" type="string">
<Description>The external system Login ID</Description>
</AttributeDefinition>
<AttributeDefinition name="CommunityUser_ReceiveExternalEmail"
remediationModificationType="None" type="boolean">
<Description>This controls whether users receive notification
emails from EpicCare link</Description>
</AttributeDefinition>
 <AttributeDefinition
name="CommunityUser_ReceiveGroupNotifications" remediationModificationType="None"
type="boolean">
<Description>This controls whether users receive group
notification emails from EpicCare link</Description>
</AttributeDefinition>
<AttributeDefinition name="CommunityUser_Deactivated"
remediationModificationType="None" type="boolean">
<Description>Signifies a user should no longer have access to
the application</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="CommunityUser_SiteManagerContexts" remediationModificationType="None"
type="string">
<Description>This links users to EpicCare Link user context
groups for the purposes of site management</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="CommunityUser_UserContexts" remediationModificationType="None" type="string">
<Description>This links users to EpicCare Link user context
groups</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="UserGroups"
remediationModificationType="None" type="string">
<Description>The current list of User Groups for the selected
user</Description>
</AttributeDefinition>
<AttributeDefinition name="BIDefaultUser"
remediationModificationType="None" type="string">
<Description>The BI default user name for the Hyperspace user,
which is used by Hyperspace to connect to BI applications</Description>
</AttributeDefinition>
<AttributeDefinition name="EmailAddress"
remediationModificationType="None" type="string">
<Description>Email address of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="PhoneNumber"
remediationModificationType="None" type="string">
<Description>Phone number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="FaxNumber"
remediationModificationType="None" type="string">
<Description>Fax number of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="UpdateLinkedProviderRecord"
remediationModificationType="None" type="boolean">
<Description>Update linked provider record flag</Description>
</AttributeDefinition>
<AttributeDefinition name="Address_City"
remediationModificationType="None" type="string">
<Description>City of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Address_Country"
remediationModificationType="None" type="string">
<Description>Country of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Address_County"
remediationModificationType="None" type="string">
<Description>County of the user</Description>
 </AttributeDefinition>
<AttributeDefinition name="Address_District"
remediationModificationType="None" type="string">
<Description>District of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Address_HouseNumber"
remediationModificationType="None" type="string">
<Description>House number of the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="Address_Lines"
remediationModificationType="None" type="string">
<Description>Lines of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Address_State"
remediationModificationType="None" type="string">
<Description>State of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Address_ZipCode"
remediationModificationType="None" type="string">
<Description>Zip code of the user</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="PreferredLoginDepartments" remediationModificationType="None" type="string">
<Description>The departments on the user's preferred
list</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="LoginDepartmentFilterList" remediationModificationType="None"
type="Department">
<Description>The list of departments to use when limiting
access for the user</Description>
</AttributeDefinition>
<AttributeDefinition name="LoginDepartmentFilterSetting"
remediationModificationType="None" type="string">
<Description>Whether the Department Filter List is Inclusive or
Exclusive</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="ReportAuthorizedServiceAreas" remediationModificationType="None"
type="string">
<Description>A list of service areas for which the user has
access</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="ReportAuthorizedLocations" remediationModificationType="None" type="string">
<Description>A list of locations for which the user has
access</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="ReportAuthorizedDepartments" remediationModificationType="None"
type="string">
<Description>A list of Departments for which the user has
access</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="ReportAuthorizedDepartmentGroups" remediationModificationType="None"
type="string">
<Description>A list of department groups for which the user has
access</Description>
 </AttributeDefinition>
<AttributeDefinition multi="true" name="ReportAuthorizedUsers"
remediationModificationType="None" type="string">
<Description>A list of users for which the user has
access</Description>
</AttributeDefinition>
<AttributeDefinition multi="true"
name="ReportAuthorizedProviders" remediationModificationType="None" type="string">
<Description>A list of providers for which the user has
access</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="LinkedTemplateName"
identityAttribute="LinkedTemplateID" nativeObjectType="group" objectType="group">
<AttributeDefinition name="LinkedTemplateID"
remediationModificationType="None" type="string">
<Description>ID of the Linked template</Description>
</AttributeDefinition>
<AttributeDefinition name="LinkedTemplateName"
remediationModificationType="None" type="string">
<Description>Name of the Linked template</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group"
displayAttribute="LinkedSubTemplateName" identityAttribute="LinkedSubtemplateIDs"
nativeObjectType="linkedSubTemplate" objectType="linkedSubTemplate">
<AttributeDefinition name="LinkedSubtemplateIDs"
remediationModificationType="None" type="string">
<Description>ID of the Linked Sub template</Description>
</AttributeDefinition>
<AttributeDefinition name="LinkedSubTemplateName"
remediationModificationType="None" type="string">
<Description>Name of the Linked Sub template</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="Title"
identityAttribute="Number" nativeObjectType="InBasketClassification"
objectType="InBasketClassification">
<AttributeDefinition name="Number"
remediationModificationType="None" type="string">
<Description>Number of the InBasket
Classification</Description>
</AttributeDefinition>
<AttributeDefinition name="Title"
remediationModificationType="None" type="string">
<Description>Title of the InBasket Classification</Description>
</AttributeDefinition>
<AttributeDefinition name="Abbreviation"
remediationModificationType="None" type="string">
<Description>Abbreviation of the InBasket
Classification</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" displayAttribute="Name"
identityAttribute="ExternalID" nativeObjectType="Department"
objectType="Department">
<AttributeDefinition name="ExternalID"
remediationModificationType="None" type="string">
<Description>The external ID of department</Description>
 </AttributeDefinition>
<AttributeDefinition name="Name"
remediationModificationType="None" type="string">
<Description>Name of the department</Description>
</AttributeDefinition>
<AttributeDefinition name="Location"
remediationModificationType="None" type="string">
<Description>Location of the department</Description>
</AttributeDefinition>
<AttributeDefinition name="Service Area"
remediationModificationType="None" type="string">
<Description>Service Area of the department</Description>
</AttributeDefinition>
<AttributeDefinition name="Center"
remediationModificationType="None" type="string">
<Description>Center of the department</Description>
</AttributeDefinition>
<AttributeDefinition name="Specialty"
remediationModificationType="None" type="string">
<Description>Specialty of the department</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, AUTHENTICATE, PASSWORD, ENABLE, SEARCH,
DIRECT_PERMISSIONS, NO_PERMISSIONS_PROVISIONING" icon="internetIcon" name="GE
Centricity" type="GE Centricity">
<Attributes>
<Map>
<entry key="CAConnector" value="true"/>
<entry key="connectorClass"
value="openconnector.connector.GECentricity"/>
<entry key="formPath" value="GECentricityForm.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" objectType="account" type="Create">
<Field displayName="con_prov_policy_GEKey"
helpKey="help_con_prov_policy_GEKey" name="Key" required="true"
reviewRequired="true" type="string">
<Script>
<Source>
return identity.getName();
</Source>
</Script>
</Field>
<Field displayName="con_prov_policy_Password"
helpKey="help_con_prov_policy_Password" name="password" required="true"
reviewRequired="true" type="secret"/>
<Field displayName="con_prov_policy_Name"
helpKey="help_con_prov_policy_Name" name="Name" required="true"
reviewRequired="true" type="string"/>
<Field displayName="con_prov_policy_DefaultSystem"
helpKey="help_con_prov_policy_DefaultSystem" name="DefaultSystemID" required="true"
reviewRequired="true" type="string"/>
<Field defaultValue="false" displayName="con_prov_policy_Active"
helpKey="help_con_prov_policy_Active" name="IIQ_DISABLED" required="true"
reviewRequired="true" type="string" value="N">
 <AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field defaultValue="true"
displayName="con_prov_policy_PasswordNeverExpires"
helpKey="help_con_prov_policy_PasswordNeverExpires" name="PasswordNeverExpires"
reviewRequired="true" type="string" value="Y">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_PasswordChange"
helpKey="help_con_prov_policy_PasswordChange" name="PasswordExpired"
reviewRequired="true" type="string" value="N">
<AllowedValues>
<String>Y</String>
<String>N</String>
</AllowedValues>
</Field>
<Field displayName="con_prov_policy_Email"
helpKey="help_con_prov_policy_Email" name="Email" reviewRequired="true"
type="string"/>
<Field displayName="con_prov_policy_DefaultRole"
helpKey="help_con_prov_policy_DefaultRole" name="DefaultRoleKey"
reviewRequired="true" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="Key" identityAttribute="Key"
includePermissions="true" nativeObjectType="account" objectType="account">
<AttributeDefinition name="Key"
remediationModificationType="None" type="string">
<Description>User Id of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="Name"
remediationModificationType="None" type="string">
<Description>User full name</Description>
</AttributeDefinition>
<AttributeDefinition name="Email"
remediationModificationType="None" type="string">
<Description>Define User department</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordExpired"
remediationModificationType="None" type="string">
<Description>Flag that indicates if the user password
expired</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordFailures"
remediationModificationType="None" type="string">
<Description>Indicates of user failure attempts</Description>
</AttributeDefinition>
<AttributeDefinition name="PasswordLastChanged"
remediationModificationType="None" type="string">
<Description>Date timestamp of user last password
changed</Description>
</AttributeDefinition>
 <AttributeDefinition name="PasswordNeverExpires"
remediationModificationType="None" type="string">
<Description>Flag indicates the user neverexpires
password</Description>
</AttributeDefinition>
<AttributeDefinition name="DefaultSystemID"
remediationModificationType="None" type="string">
<Description>Default System of user</Description>
</AttributeDefinition>
<AttributeDefinition name="LastLogin"
remediationModificationType="None" type="string">
<Description>Date timestamp of user last login</Description>
</AttributeDefinition>
<AttributeDefinition name="LastFailedLogin"
remediationModificationType="None" type="string">
<Description>Date timestamp of user last failed
login</Description>
</AttributeDefinition>
<AttributeDefinition name="Authentication"
remediationModificationType="None" type="string">
<Description>Authentication name</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="UserSystems" remediationModificationType="None" type="string">
<Description>User system connections</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="UserSystemApplications" remediationModificationType="None"
type="string">
<Description>User application connections</Description>
</AttributeDefinition>
<AttributeDefinition name="DefaultRoleKey"
remediationModificationType="None" type="string">
<Description>Default role of user</Description>
</AttributeDefinition>
<AttributeDefinition managed="true" multi="true" name="Rights"
remediationModificationType="None" type="string">
<Description>List of rights defined for user</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="Roles" schemaObjectType="group" type="string">
<Description>List of roles</Description>
</AttributeDefinition>
</Schema>
<Schema descriptionAttribute="Description" displayAttribute="Key"
identityAttribute="Key" includePermissions="true" nativeObjectType="group"
objectType="group">
<AttributeDefinition name="Key" type="string">
<Description>Role Id</Description>
</AttributeDefinition>
<AttributeDefinition name="Name" type="string">
<Description>Name of the Role</Description>
</AttributeDefinition>
<AttributeDefinition name="ProductID" type="string">
<Description>Name of the Product mapped to Role</Description>
</AttributeDefinition>
<AttributeDefinition name="ApplicationID" type="string">
<Description>ApplicationID</Description>
</AttributeDefinition>
 <AttributeDefinition name="ID" type="string">
<Description>Represents the unique Role</Description>
</AttributeDefinition>
<AttributeDefinition name="Description" type="string">
<Description>Detail description of Roles</Description>
</AttributeDefinition>
<AttributeDefinition name="VTBMenuKey" type="string">
<Description>Menukey which is mapped to each Role</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, ENABLE, ACCOUNT_ONLY_REQUEST" name="SOAPConnec"
type="SOAPConnector">
<Attributes>
<Map>
<entry key="authSearchAttributes">
<value>
<List>
<String>UserID</String>
</List>
</value>
</entry>
<entry key="connectorClass"
value="sailpoint.seri.openconnector.SOAPConnector"/>
<entry key="formPath" value="SOAPConnector.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" type="Create">
<Field displayName="User ID" name="biCN" required="true"
section="" type="string"/>
<Field displayName="Given Name" name="GivenName" required="true"
section="" type="string"/>
<Field displayName="Surname" name="Surname" required="true"
section="" type="string"/>
</Form>
</ProvisioningForms>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="DISCOVER_SCHEMA, PROVISIONING, SYNC_PROVISIONING, ENABLE, PASSWORD,
UNSTRUCTURED_TARGETS" icon="internetIcon" name="Privileged Account Management"
type="Privileged Account Management">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.scim2.SCIM2Connector"/>
<entry key="encrypted"
value="password,client_secret,refresh_token,oauthBearerToken"/>
<entry key="explicitAttributesRequest"/>
<entry key="formPath" value="pamAttributesForm.xhtml"/>
<entry key="pageSize" value="5000"/>
<entry key="schemaPropertyMappings">
<value>
<List>
<SchemaPropertyMapping
urn="urn:ietf:params:scim:schemas:core:2.0:User">
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="id" property="id"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="userName"
property="userName" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping name="name">
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="formatted"
property="name.formatted"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="familyName"
property="name.familyName"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="givenName"
property="name.givenName"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="middleName"
property="name.middleName"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="honorificPrefix"
property="name.honorificPrefix"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="honorificSuffix"
property="name.honorificSuffix"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
</AttributePropertyMapping>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="displayName"
property="displayName" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="nickName"
property="nickName" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="profileUrl"
property="profileUrl" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="title"
property="title" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="userType"
property="userType" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="preferredLanguage"
property="preferredLanguage"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="locale"
property="locale" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="timezone"
property="timezone" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="active"
property="active" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
 <AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="password"
property="password" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2MultiValuedPropertyGetter" name="emails"
setter="openconnector.connector.scim2.SCIM2MultiValuedPropertySetter">
<AttributePropertyMapping name="value"
property="value"/>
<AttributePropertyMapping name="display"
property="display"/>
<AttributePropertyMapping name="type" property="type"/>
<AttributePropertyMapping name="primary"
property="primary"/>
</AttributePropertyMapping>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2MultiValuedPropertyGetter" name="groups"
property="groups" setter="openconnector.connector.scim2.SCIM2PropertySetter">
<AttributePropertyMapping name="value"
property="value"/>
<AttributePropertyMapping name="$ref" property="$ref"/>
<AttributePropertyMapping name="display"
property="display"/>
<AttributePropertyMapping name="type" property="type"/>
</AttributePropertyMapping>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2MultiValuedPropertyGetter"
name="entitlements" property="entitlements"
setter="openconnector.connector.scim2.SCIM2PropertySetter">
<AttributePropertyMapping name="value"
property="value"/>
<AttributePropertyMapping name="display"
property="display"/>
<AttributePropertyMapping name="type" property="type"/>
<AttributePropertyMapping name="primary"
property="primary"/>
</AttributePropertyMapping>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2MultiValuedPropertyGetter" name="roles"
property="roles" setter="openconnector.connector.scim2.SCIM2PropertySetter">
<AttributePropertyMapping name="value"
property="value"/>
<AttributePropertyMapping name="display"
property="display"/>
<AttributePropertyMapping name="type" property="type"/>
<AttributePropertyMapping name="primary"
property="primary"/>
</AttributePropertyMapping>
</SchemaPropertyMapping>
<SchemaPropertyMapping
urn="urn:ietf:params:scim:schemas:pam:1.0:LinkedObject">
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="source"
property="source"
setter="openconnector.connector.scim2.SCIM2ExtendedPropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="nativeIdentifier"
property="nativeIdentifier"
setter="openconnector.connector.scim2.SCIM2ExtendedPropertySetter"/>
</SchemaPropertyMapping>
 <SchemaPropertyMapping
urn="urn:ietf:params:scim:schemas:pam:1.0:Container">
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="id" property="id"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="name"
property="name" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="displayName"
property="displayName" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="description"
property="description" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="type"
property="type" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping name="owner">
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="value"
property="owner.value" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="$ref"
property="owner.$ref" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="display"
property="owner.display"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
</AttributePropertyMapping>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2MultiValuedPropertyGetter"
name="privilegedData"
setter="openconnector.connector.scim2.SCIM2MultiValuedPropertySetter">
<Attributes>
<Map>
<entry key="excludeTypeFromAttributeName"
value="true"/>
</Map>
</Attributes>
<AttributePropertyMapping name="value"
property="value"/>
<AttributePropertyMapping name="$ref" property="$ref"/>
<AttributePropertyMapping name="display"
property="display"/>
<AttributePropertyMapping name="type" property="type"/>
</AttributePropertyMapping>
</SchemaPropertyMapping>
<SchemaPropertyMapping
urn="urn:ietf:params:scim:schemas:pam:1.0:PrivilegedData">
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="id" property="id"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="name"
property="name" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="description"
property="description" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="type"
property="type" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
</SchemaPropertyMapping>
<SchemaPropertyMapping
urn="urn:ietf:params:scim:schemas:core:2.0:Group">
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="id" property="id"
setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2PropertyGetter" name="displayName"
property="displayName" setter="openconnector.connector.scim2.SCIM2PropertySetter"/>
<AttributePropertyMapping
getter="openconnector.connector.scim2.SCIM2MultiValuedPropertyGetter"
name="members" property="members"
setter="openconnector.connector.scim2.SCIM2PropertySetter">
<AttributePropertyMapping name="value"
property="value"/>
<AttributePropertyMapping name="$ref" property="$ref"/>
<AttributePropertyMapping name="type" property="type"/>
</AttributePropertyMapping>
</SchemaPropertyMapping>
</List>
</value>
</entry>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create Account Form" objectType="account"
type="Create">
<Attributes>
<Map>
<entry key="pageTitle" value="Create Account Form"/>
</Map>
</Attributes>
<Description>Provisioning form for create account.</Description>
<Section>
<Field displayName="User Name" name="userName" required="true"
reviewRequired="true" type="string"/>
<Field displayName="Formatted Name" name="name.formatted"
required="true" reviewRequired="true" type="string"/>
<Field displayName="Family Name" name="name.familyName"
required="true" reviewRequired="true" type="string"/>
<Field displayName="Given Name" name="name.givenName"
required="true" reviewRequired="true" type="string"/>
<Field displayName="Display Name" name="displayName"
required="true" reviewRequired="true" type="string"/>
<Field displayName="Email" name="emails.work.value"
required="true" reviewRequired="true" type="string"/>
</Section>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="userName" identityAttribute="id"
nativeObjectType="User" objectType="account">
<AttributeDefinition name="id" type="string">
<Description>The unique identifier of the User.</Description>
</AttributeDefinition>
<AttributeDefinition name="userName" type="string">
<Description>Unique identifier for the User, typically used by
the user to directly authenticate to the service provider.</Description>
</AttributeDefinition>
<AttributeDefinition name="name.formatted" type="string">
<Description>The full name, including all middle names, titles,
and suffixes as appropriate, formatted for display (e.g., 'Ms. Barbara J Jensen,
III').</Description>
</AttributeDefinition>
<AttributeDefinition name="name.familyName" type="string">
<Description>The family name of the User, or last name in most
Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen,
III').</Description>
</AttributeDefinition>
<AttributeDefinition name="name.givenName" type="string">
<Description>The given name of the User, or first name in most
Western languages (e.g., 'Barbara' given the full name 'Ms. Barbara J Jensen,
III').</Description>
</AttributeDefinition>
<AttributeDefinition name="name.middleName" type="string">
<Description>The middle name(s) of the User (e.g., 'Jane' given
the full name 'Ms. Barbara J Jensen, III').</Description>
</AttributeDefinition>
<AttributeDefinition name="name.honorificPrefix" type="string">
<Description>The honorific prefix(es) of the User, or title in
most Western languages (e.g., 'Ms.' given the full name 'Ms. Barbara J Jensen,
III').</Description>
</AttributeDefinition>
<AttributeDefinition name="name.honorificSuffix" type="string">
<Description>The honorific suffix(es) of the User, or suffix in
most Western languages (e.g., 'III' given the full name 'Ms. Barbara J Jensen,
III').</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>The name of the User, suitable for display to end-
users. The name SHOULD be the full name of the User being described, if
known.</Description>
</AttributeDefinition>
<AttributeDefinition name="nickName" type="string">
<Description>The casual way to address the user in real life,
e.g., 'Bob' or 'Bobby' instead of 'Robert'. This attribute SHOULD NOT be used to
represent a User's username (e.g., 'bjensen' or 'mpepperidge').</Description>
</AttributeDefinition>
<AttributeDefinition name="profileUrl" type="string">
<Description>A fully qualified URL pointing to a page
representing the User's online profile.</Description>
</AttributeDefinition>
<AttributeDefinition name="title" type="string">
<Description>The user's title, such as "Vice
President."</Description>
</AttributeDefinition>
<AttributeDefinition name="userType" type="string">
<Description>Used to identify the relationship between the
organization and the user. Typical values used might be 'Contractor', 'Employee',
'Intern', 'Temp', 'External', and 'Unknown', but any value may be
used.</Description>
</AttributeDefinition>
<AttributeDefinition name="preferredLanguage" type="string">
<Description>Indicates the User's preferred written or spoken
language. Generally used for selecting a localized user interface; e.g., 'en_US'
specifies the language English and country US.</Description>
 </AttributeDefinition>
<AttributeDefinition name="locale" type="string">
<Description>Used to indicate the User's default location for
purposes of localizing items such as currency, date time format, or numerical
representations.</Description>
</AttributeDefinition>
<AttributeDefinition name="timezone" type="string">
<Description>The User's time zone in the 'Olson' time zone
database format, e.g., 'America/Los_Angeles'.</Description>
</AttributeDefinition>
<AttributeDefinition name="active" type="boolean">
<Description>A Boolean value indicating the User's
administrative status.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.work.primary.value"
type="string">
<Description>Email addresses for the user. The value SHOULD be
canonicalized by the service provider, e.g., 'bjensen@example.com' instead of
'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and
'other'.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.work.secondary.value"
type="string">
<Description>Email addresses for the user. The value SHOULD be
canonicalized by the service provider, e.g., 'bjensen@example.com' instead of
'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and
'other'.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.work.primary.display"
type="string">
<Description>A human-readable name, primarily used for display
purposes. READ-ONLY.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.work.secondary.display"
type="string">
<Description>A human-readable name, primarily used for display
purposes. READ-ONLY.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.home.primary.value"
type="string">
<Description>Email addresses for the user. The value SHOULD be
canonicalized by the service provider, e.g., 'bjensen@example.com' instead of
'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and
'other'.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.home.secondary.value"
type="string">
<Description>Email addresses for the user. The value SHOULD be
canonicalized by the service provider, e.g., 'bjensen@example.com' instead of
'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and
'other'.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.home.primary.display"
type="string">
<Description>A human-readable name, primarily used for display
purposes. READ-ONLY.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.home.secondary.display"
type="string">
 <Description>A human-readable name, primarily used for display
purposes. READ-ONLY.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.other.primary.value"
type="string">
<Description>Email addresses for the user. The value SHOULD be
canonicalized by the service provider, e.g., 'bjensen@example.com' instead of
'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and
'other'.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.other.secondary.value"
type="string">
<Description>Email addresses for the user. The value SHOULD be
canonicalized by the service provider, e.g., 'bjensen@example.com' instead of
'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and
'other'.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.other.primary.display"
type="string">
<Description>A human-readable name, primarily used for display
purposes. READ-ONLY.</Description>
</AttributeDefinition>
<AttributeDefinition name="emails.other.secondary.display"
type="string">
<Description>A human-readable name, primarily used for display
purposes. READ-ONLY.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" schemaObjectType="group" type="string">
<Description>A list of groups to which the user belongs, either
through direct membership, through nested groups, or dynamically
calculated.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="entitlements" type="string">
<Description>A list of entitlements for the User that represent
a thing the User has.</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="roles" type="string">
<Description>A list of roles for the User that collectively
represent who the User is, e.g., 'Student', 'Faculty'.</Description>
</AttributeDefinition>
<AttributeDefinition correlationKey="1" name="source"
type="string">
<Description>The name of the external application on which the
object lives. If this is a PAM local object, this is null.</Description>
</AttributeDefinition>
<AttributeDefinition correlationKey="2" name="nativeIdentifier"
type="string">
<Description>The native identifier of the object on the
external application (eg - the LDAP DN). If this is a PAM local object, this is
null.</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" descriptionAttribute="description"
displayAttribute="displayName" featuresString="PROVISIONING" identityAttribute="id"
nativeObjectType="Container" objectType="Container">
<AttributeDefinition name="id" type="string">
 <Description>The unique identifier of the
Container</Description>
</AttributeDefinition>
<AttributeDefinition name="name" type="string">
<Description>The name of the container.</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>The display name of the container. This is
optional. If null, the name will be used as the display name.</Description>
</AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>The description of the container.</Description>
</AttributeDefinition>
<AttributeDefinition name="type" type="string">
<Description>The type of container (eg - management set or
account store). This is optional if the PAM system does not support multiple types
of containers.</Description>
</AttributeDefinition>
<AttributeDefinition name="owner.value" type="string">
<Description>The ID of the user that owns this
container</Description>
</AttributeDefinition>
<AttributeDefinition name="owner.$ref" type="string">
<Description>A URI reference to the user that owns this
container.</Description>
</AttributeDefinition>
<AttributeDefinition name="owner.display" type="string">
<Description>The display name of the user that owns this
container</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="privilegedData.value"
type="string">
<Description>The ID of the privileged data.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="privilegedData.$ref"
type="string">
<Description>A URI reference to the
PrivilegedData</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="privilegedData.display"
type="string">
<Description>The displayable value of the
PrivilegedData</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="privilegedData.type"
type="string">
<Description>The type of the PrivilegedData</Description>
</AttributeDefinition>
</Schema>
<Schema aggregationType="group" descriptionAttribute="description"
displayAttribute="name" featuresString="PROVISIONING" identityAttribute="id"
nativeObjectType="PrivilegedData" objectType="PrivilegedData">
<AttributeDefinition name="id" type="string">
<Description>The unique identifier of the
PrivilegedData.</Description>
</AttributeDefinition>
<AttributeDefinition name="name" type="string">
<Description>A descriptive name for this piece of
PrivilegedData. For example, root@mylinuxhost</Description>
 </AttributeDefinition>
<AttributeDefinition name="description" type="string">
<Description>A description for this piece of
PrivilegedData.</Description>
</AttributeDefinition>
<AttributeDefinition name="type" type="string">
<Description>The type of PrivilegedData. The value will be
dependent on what is supported by the PAM system. Examples include 'credential',
'ssh key', 'file', etc...</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="displayName"
featuresString="PROVISIONING" identityAttribute="id" nativeObjectType="Group"
objectType="group">
<AttributeDefinition name="id" type="string">
<Description>The unique identifier of the Group</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" type="string">
<Description>A human-readable name for the Group.
REQUIRED.</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="members" type="string">
<Description>A list of members of the Group.</Description>
</AttributeDefinition>
<AttributeDefinition correlationKey="1" name="source"
type="string">
<Description>The name of the external application on which the
object lives. If this is a PAM local object, this is null.</Description>
</AttributeDefinition>
<AttributeDefinition correlationKey="2" name="nativeIdentifier"
type="string">
<Description>The native identifier of the object on the
external application (eg - the LDAP DN). If this is a PAM local object, this is
null.</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="PROVISIONING, SYNC_PROVISIONING, SEARCH, DIRECT_PERMISSIONS,
ENABLE, PASSWORD, CURRENT_PASSWORD" icon="internetIcon" name="Atlassian Suite -
Server" type="Atlassian Suite - Server">
<Attributes>
<Map>
<entry key="connectorClass"
value="openconnector.connector.atlassian.AtlassianServerConnector"/>
<entry key="encrypted" value="password"/>
<entry key="formPath" value="AtlassianServerConfigForm.xhtml"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="Create Account" objectType="account" type="Create">
<Field displayName="con_template_atlassian_name"
helpKey="help_con_template_atlassian_name" name="name" required="true" section=""
type="string"/>
<Field displayName="con_template_atlassian_email_address"
helpKey="help_con_template_atlassian_email_address" name="emailAddress"
required="true" type="string"/>
<Field displayName="con_template_atlassian_display_name"
helpKey="help_con_template_atlassian_display_name" name="displayName"
required="true" section="" type="string"/>
<Field displayName="con_template_atlassian_password"
helpKey="help_con_template_atlassian_password" name="password"
reviewRequired="true" section="" type="secret"/>
<Field displayName="con_template_atlassian_notification"
helpKey="help_con_template_atlassian_notification" name="notification"
reviewRequired="true" section="" type="boolean" value="false"/>
</Form>
<Form name="Create Group" objectType="group" type="Create">
<Attributes>
<Map>
<entry key="IIQTemplateOwnerDefinition">
<value>
<DynamicValue value=""/>
</value>
</entry>
</Map>
</Attributes>
<Field displayName="con_template_atlassian_group_name"
helpKey="help_con_template_atlassian_group_name" name="name" required="true"
section="" type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="displayName"
featuresString="PROVISIONING" identityAttribute="name" nativeObjectType="account"
objectType="account">
<AttributeDefinition name="name" required="true" type="string">
<Description>Username of Atlassian User</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" required="true"
type="string">
<Description>The display name of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="emailAddress" required="true"
type="string">
<Description>The e-mail address of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="timeZone" type="string">
<Description>The timezone of the user</Description>
</AttributeDefinition>
<AttributeDefinition name="locale" type="string">
<Description>The default location of the user for purpose of
localizing items</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="groups" required="true" schemaObjectType="group" type="string">
<Description>The list of groups that the user belongs
to</Description>
</AttributeDefinition>
<AttributeDefinition entitlement="true" managed="true"
multi="true" name="projectRoles" required="true" schemaObjectType="ProjectRole"
type="string">
<Description>The list of roles that the user belongs
to</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="name" featuresString="PROVISIONING"
identityAttribute="name" nativeObjectType="group" objectType="group">
<AttributeDefinition name="name" required="true" type="string">
<Description>The name of the group</Description>
</AttributeDefinition>
<AttributeDefinition multi="true" name="labels" type="string">
<Description>The description (labels) of the
group</Description>
</AttributeDefinition>
</Schema>
<Schema displayAttribute="displayName"
identityAttribute="projectRoleId" nativeObjectType="ProjectRole"
objectType="ProjectRole">
<AttributeDefinition name="name" required="true" type="string">
<Description>Name of the Project Role</Description>
</AttributeDefinition>
<AttributeDefinition name="displayName" required="true"
type="string">
<Description>Display name of the Project Role</Description>
</AttributeDefinition>
<AttributeDefinition name="projectRoleId" required="true"
type="string">
<Description>An unique identifier for the project specific
roles</Description>
</AttributeDefinition>
<AttributeDefinition name="id" required="true" type="string">
<Description>An unique identifier for the project
role</Description>
</AttributeDefinition>
<AttributeDefinition name="description" required="true"
type="string">
<Description>The description of the Project Role</Description>
</AttributeDefinition>
</Schema>
</Schemas>
</Application>
<Application connector="sailpoint.connector.OpenConnectorAdapter"
featuresString="GROUP_PROVISIONING, PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE,
PASSWORD, ENABLE, SEARCH, UNSTRUCTURED_TARGETS, DISCOVER_SCHEMA,
ACCOUNT_ONLY_REQUEST" icon="internetIcon" name="CustomConnectorTest"
profileClass="" type="CustomConnectorTest">
<Attributes>
<Map>
<entry key="authSearchAttributes">
<value>
<List>
<String>UserID</String>
</List>
</value>
</entry>
<entry key="compositeDefinition"/>
<entry key="connectorClass"
value="openconnector.CustomConnectorTest"/>
<entry key="formPath" value="CustomConnectorTest.xhtml"/>
<entry key="nativeChangeDetectionAttributeScope"
value="entitlements"/>
<entry key="nativeChangeDetectionAttributes"/>
<entry key="nativeChangeDetectionEnabled">
<value>
<Boolean></Boolean>
 </value>
</entry>
<entry key="nativeChangeDetectionOperations"/>
</Map>
</Attributes>
<ProvisioningForms>
<Form name="account" type="Create">
<Field displayName="User Name" name="username" type="string">
<Script>
<Source>return identity.getName(); </Source>
</Script>
</Field>
<Field displayName="First Name" name="firstname" type="string">
<Script>
<Source>return identity.getFirstname(); </Source>
</Script>
</Field>
<Field displayName="Last Name" name="lastname" type="string">
<Script>
<Source>return identity.getLastname(); </Source>
</Script>
</Field>
<Field displayName="Email Address" name="email" type="string">
<Script>
<Source>return identity.getEmail(); </Source>
</Script>
</Field>
<Field name="disabled" type="boolean" value="false"/>
</Form>
<Form name="Update Group" objectType="group" type="Update"/>
<Form name="Group Creation" objectType="group" type="Create">
<Field displayName="Group Name" name="name" type="string"/>
<Field displayName="Description" name="description"
type="string"/>
</Form>
</ProvisioningForms>
<Schemas>
<Schema displayAttribute="username" groupAttribute="groups"
identityAttribute="username" instanceAttribute="" nativeObjectType="account"
objectType="account">
<AttributeDefinition name="username"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="firstname"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="lastname"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="email"
remediationModificationType="None" type="string"/>
<AttributeDefinition multi="true" name="groups"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="disabled"
remediationModificationType="None" type="boolean"/>
<AttributeDefinition name="locked"
remediationModificationType="None" type="boolean"/>
<AttributeDefinition name="password"
remediationModificationType="None" type="string"/>
</Schema>
<Schema displayAttribute="name" identityAttribute="name"
instanceAttribute="" nativeObjectType="group" objectType="group">
 <AttributeDefinition name="name"
remediationModificationType="None" type="string"/>
<AttributeDefinition name="description"
remediationModificationType="None" type="string"/>
</Schema>
</Schemas>
</Application>
</List>
</value>
</entry>
</Map>
</Attributes>
</Configuration>