User Provisioning

Overview

The self-provisioning connector is a directory connector that automatically creates and synchronizes a user based on the user's session token claims that contain claims from the OpenID Connect provider ID token. This feature is only compatible with an OpenID Connect authentication.

Prerequisites

• Make sure to have a working WorkflowGen instance.

• Make sure to know the instance's IP address or its fully qualified name.

• Make sure to know the address of the instance.

• Make sure to have configured Auth0 or one of the other OIDC-compliant authentication methods (Microsoft Entra ID, formerly Azure Active Directory; AD FS; Okta; or Microsoft Identity Platform v2.0).

WorkflowGen configuration

This section will guide you through the WorkflowGen configurations necessary to set up the self-provisioning feature with a directory.

Step 1: Create a self-provisioning directory

This directory will contain all of the users that are not provisioned elsewhere. To create a self-provisioning directory, do the following:

1. On the Directories page in the WorkflowGen Administration Module, click New directory.

2. Fill in the form:

   • Name: SELF_PROVISIONING(or something else)

   • Description: A good description of the directory

   • Directory connector: Self-provisioning

     

3. Click Save.

Step 2: Configure the user fields-to-claims mapping

Now that you've created a new directory with the self-provisioning connector, you need to define which claims are mapped to which WorkflowGen user field. To do this:

1. On the new directory's page, click Edit mapping.

   

2. To the right of the name of a WorkflowGen user's field, enter the name of the claim in the session token that you want to map.

   Here's an example of a session token generated by the auth node application from the Auth0 ID token connected with Google Apps:

   These claims could be mapped in WorkflowGen like this:

   

   ✏️ Note: The Username and Name fields are required.

3. Click Save.