# User Provisioning ## Overview The self-provisioning connector is a directory connector that automatically creates and synchronizes a user based on the user's session token claims that contain claims from the OpenID Connect provider ID token. This feature is only compatible with an OpenID Connect authentication. ## Prerequisites * Make sure to have a working WorkflowGen instance. * Make sure to know the instance's IP address or its fully qualified name. * Make sure to know the address of the instance. * Make sure to have configured Okta or one of the other OIDC-compliant authentication methods ([Azure Active Directory](https://docs.advantys.com/workflowgen-for-azure/v/8.0.0/), [AD FS](https://advantys.gitbooks.io/workflowgen-technical-reference-guide/content/adfs-integration.html), [Auth0](https://advantys.gitbooks.io/workflowgen-technical-reference-guide/content/auth0-integration), or [Microsoft Identity Platform v2.0](https://docs.advantys.com/workflowgen-for-azure/v/8.0.0/)). ## WorkflowGen configuration This section will guide you through the WorkflowGen configurations necessary to set up the self-provisioning feature with a directory. ### Step 1: Create a self-provisioning directory This directory will contain all of the users that are not provisioned elsewhere. To create a self-provisioning directory, do the following: 1. On the **Directories** page in the WorkflowGen Administration Module, click **New directory**.
2. Fill in the form: * **Name**: `SELF_PROVISONING`(or something else) * **Description:** A good description of the directory * **Directory connector:** `Self-provisioning`
![](https://content.gitbook.com/content/jK1auXGTOrIDry9dUMok/blobs/ym2cT20dT9vZ2rwG1f8g/create-self-prov-dir-crop.png)
3. Click **Save**. ### Step 2: Configure the user fields-to-claims mapping Now that you've created a new directory with the self-provisioning connector, you need to define which claims are mapped to which WorkflowGen user field. To do this: 1. On the new directory's page, click **Edit mapping**.
![](https://content.gitbook.com/content/jK1auXGTOrIDry9dUMok/blobs/a3FVo8TkEjQCHM62wYeU/self-prov-dir-edit-mapping.png)
2. To the right of the name of the WorkflowGen user field, enter the name of the claim in the session token that you want to map.
Here's an example of a session token generated by the `auth` node application from the Okta ID token connected with Google Apps: ``` { "sub": "some.user@advantys.com", "iss": "https:///auth", "aud": "https://", "exp": 1535627127, "https://api.workflowgen.com/username": "some.user@advantys.com", "given_name": "Some", "family_name": "User", "nickname": "some-user", "name": "Some User", "picture": "https://lh4.googleusercontent.com/path/to/photo.jpg", "gender": "male", "locale": "en", "updated_at": "1970-01-01T00:00:00Z", "email": "some.user@advantys.com", "email_verified": true, "nonce": "ffdd6d95-31e6-4466-84c4-43f8c0fbaae7", "iat": 1535591128 } ``` \ These claims could be mapped in WorkflowGen like this:
![](https://content.gitbook.com/content/jK1auXGTOrIDry9dUMok/blobs/cKL1v01alzYdFxiC3gL3/self-prov-example-mapping-crop.png)
✏️ **Note:** The **Username** and **Name** fields are required.
3. Click **Save**. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.workflowgen.com/tech/9.0/okta-integration/user-provisioning.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.