User Provisioning

Overview

The self-provisioning connector is a directory connector that automatically creates and synchronizes a user based on the user's session token claims that contain claims from the OpenID Connect provider ID token. This feature is only compatible with an OpenID Connect authentication.

Prerequisites

  • Make sure to have a working WorkflowGen instance.

  • Make sure to know the instance's IP address or its fully qualified name.

  • Make sure to know the address of the instance.

  • Make sure to have configured Auth0 or one of the other OIDC-compliant authentication methods (Microsoft Entra ID, formerly Azure Active Directory; AD FS; Okta; or Microsoft Identity Platform v2.0).

WorkflowGen configuration

This section will guide you through the WorkflowGen configurations necessary to set up the self-provisioning feature with a directory.

Step 1: Create a self-provisioning directory

This directory will contain all of the users that are not provisioned elsewhere. To create a self-provisioning directory, do the following:

  1. On the Directories page in the WorkflowGen Administration Module, click New directory.

  2. Fill in the form:

    • Name: SELF_PROVISIONING(or something else)

    • Description: A good description of the directory

    • Directory connector: Self-provisioning

  3. Click Save.

Step 2: Configure the user fields-to-claims mapping

Now that you've created a new directory with the self-provisioning connector, you need to define which claims are mapped to which WorkflowGen user field. To do this:

  1. On the new directory's page, click Edit mapping.

  2. To the right of the name of a WorkflowGen user's field, enter the name of the claim in the session token that you want to map.

    Here's an example of a session token generated by the auth node application from the Auth0 ID token connected with Google Apps:

     {
         "sub": "[email protected]",
         "iss": "https://<workflowgen_url>/auth",
         "aud": "https://<workflowgen_url>",
         "exp": 1535627127,
         "https://api.workflowgen.com/username": "[email protected]",
         "given_name": "Some",
         "family_name": "User",
         "nickname": "some-user",
         "name": "Some User",
         "picture":  "https://lh4.googleusercontent.com/path/to/photo.jpg",
         "gender": "male",
         "locale": "en",
         "updated_at": "1970-01-01T00:00:00Z",
         "email": "[email protected]",
         "email_verified": true,
         "nonce": "ffdd6d95-31e6-4466-84c4-43f8c0fbaae7",
         "iat": 1535591128
     }

    These claims could be mapped in WorkflowGen like this:

    ✏️ Note: The Username and Name fields are required.

  3. Click Save.

Last updated