Automatic creation, update & deletion of Workplace users
- Julie Isebaert
Difficulty: expert
Learning Objectives
After reading this article, you’ll be able to:
understand the flow of creation of Workplace users
understand the flow of updating user information through IDP
As an additional feature of Workplace SSO (see How to set up Workplace SSO), user creation for Workplace Experience and Workplace Management can be configured, as such providing an alternative to an HR interface.
Automatic creation of Workplace users
Just-in-time provisioning is a hidden advantage of the Workplace SSO configuration: for every (new) Workplace user signing in, upon first login, Workplace creates an account on-the-fly (both in Workplace Management and Experience) and the user can start using the system.
Auto-create user: A user logging in with Workplace ID (tenant.ID) or e-mail address is recognized as being part of a tenant where SSO has been setup and Workplace will automatically create a Cobundu account.
“Local Attribute mapping of IWMS User ID” dropdown: assuming the IWMS account already exists, this object defines which element of the IWMS user Cobundu will check to do the mapping (this field becomes redundant when “Auto-create IWMS Account” is enabled). Can be considered the joint piece of information available in both Identity Provider and IWMS, that will be used by Cobundu to map both.
Auto-create user is possible without any email domain being whitelisted, but then the user needs to log in with tenant specific ID or go through customer specific URL.
Best practice is to only enable “Auto-create user” when an email domain is whitelisted in the configuration.
Auto-create IWMS user: A user logging in with Workplace ID (tenant.ID) or e-mail address is recognized as being part of a tenant where SSO has been setup and Workplace will automatically create a Cobundu account AND an Axxerion account.
Auto-create IWMS user can only be enabled if Auto-create user is enabled.
Automatic update of Workplace users
The Identity provider is considered as the single source of truth. In other words: if the user is created automatically, the information is managed externally.
To make sure Workplace is always up-to-date with the user information, at each login (of an automatically created user), the following attributes are checked and updated (in both Workplace Management and Experience, if auto-creation is enabled for both):
user first name
last name
IWMS ID
Automatic deletion of Workplace users
An SSO connection only checks if a user that tries to log in, is an active user in customer IDP (and creates a user if this is configured). If the user is no longer logging in… then SSO is not applied and nothing else happens. As such, there is no automatic deletion of Workplace users.
There are 2 ways to disable, anonymize or radically delete users in Workplace Management:
manually
though an HR-interface
See Anonymizing data on how to disable, delete or anonymize users in Workplace Management/Asset, so users will also be disabled or deleted in Workplace.
To start using this feature, contact your Spacewell Account Manager.
Search