In the sample scenario, the first available location from which the operation data can be retrieved and utilized for SecretStore credential provisioning is in the driver's Input Transformation policy. In the sample scenario, two policies are implemented:
Set SecretStore Credentials after successful password synchronization
Remove SecretStore Credentials if Application User Deleted (Identity Vault object not deleted)
There is a sample policy in the SampleInputTransform.xml file that sets the SecretStore credentials after a successful password synchronization occurs. The file is located in the cred_prov folder in the utilities directory on the Identity Manager media.
The Set SecretStore Credentials policy needs to make sure the provisioning happens only if the returned command status is Success and the previously set <operation-data> is present.