When a Provisioning Role is assigned to an IM User, a Create Global User will be performed if the Provisioning Global User does not yet exist. If the submitted task contains a password then that password will be used for the new global user which is created. But if no password was included in the submitted task than a random password will be generated that is what will be set on the new global user which is created. Note that the random password will not be based on any IM password policies but instead will only adhere to Provisioning Server Password Profile settings. Note that we do not recommend using Provisioning Server Password Profile settings either.

So if one is bulk feeding the assignment of Provisioning Roles which may lead to the create global user then one should also include a default password in that same feed input file.

Furthermore if you are utilizing PolicyXpress policies to generate a new random password then one must be careful to configure the PolicyXpress policy so that the generated random password is submitted with the task and not simply included with a specific event else the create global user call will not have access to use it.

Release:
Component: IDMGR

For bulk loading be sure that the password value is included with the submitted task.

For PolicyXpress create a UI type policy which will run on State=Submission for Event=CreateUser and set the %PASSWORD% well-known.