# Provisioning In any Identity and Access Management (IAM) system, provisioning rules are predefined instructions or policies that dictate how user accounts and access privileges are automatically created, modified, or deactivated across various IT systems and applications. These rules streamline the process of managing user identities and access rights throughout their lifecycle within an organization. In Cymmetri, administrators have the ability to establish these rules within the "Rules" tab under the Lifecycle Management module. To do so, the administrator navigates to the "Provision" section, where the following page will be displayed.

On this page, administrators can view a comprehensive list of all the currently established rules within Cymmetri, along with an "Edit" button that allows them to make modifications to these rules. On the top right corner of the page the admin can find the **Add New** button to add a new provisioning rule in Cymmetri.

To add a new rule you must do the following: * Add the name of the rule * Add Description of the rule * Activate the rule

Next select one or more applications with their corresponding roles (if defined).

If necessary, roles can be created for the application directly within the provisioning rule before adding them.

Note: Multiple application and roles can be added in a single provisioning rule

Just the way multiple applications can be assigned to users during provisioning, administrator can also assign one or more groups during the provisioning process. For assigning groups the administrator needs to go to the Groups Tab and click on **+Add New Group** button.

Next a drop down appears where the user may select the group that the user needs to be a part of. Administrator may also assign multiple groups if required.

The next step is to add the condition upon which the rule will be activated within the system. ### Filtering Conditions To add a condition navigate to the conditions section and click on **+ Add Condition** button.

You can set up multiple conditions for the rule. For example, in the rule below, the conditions are that the user must be an "Employee," and their department should be "Sales." A group of conditions can be added to be true/ false together. The AND/ OR Switch allows to toggle if all the conditions are associated with an AND condition or an OR Condition If required these conditions can be added, deleted or modified.

Once all the configurations are done the page needs to be saved. The Provision Rule creation page after all the configurations appears as below:

These rules automate and streamline the process of managing user accounts and access privileges across various systems and applications within an organization. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.cymmetri.io/lifecycle-management/application-management/rules/provisioning.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.