Connecting personnel systems with your application environment. (Enabling SSO)
What is User provisioning?
User provisioning provides a solution for the seamless onboarding of users and keeping their roles synced, ensuring efficient user management processes.
The solution ensures that user accounts are automatically created, given proper permissions, updated, and have their access revoked to the platform.
Preventing admins from having to do this manually and only being able to do so after a user has registered to the platform. Some of the key benefits are:
-
Efficiency: Administrators can quickly provision user accounts and assign appropriate roles and permissions, reducing onboarding time and minimizing errors.
-
Security: Provide correct and uniform access to the organizations within the platform, mitigating security risks and ensuring compliance.
Getting started with user provisioning
Starting with user provisioning requires an identity provider (IDP) and Single Sign-On (SSO) to be configured for the company. When this is set up company members with the permissions to manage the user provisioning can navigate to the settings of the company via the overview. Here they can configure the provisioning connectors so that the roles within the company and organization are connected to user attributes and group memberships from your IDP.
To set up user provisioning, the Betty Blocks support team will need some information, talk with them to discuss how you can convey this information:
-
Name of the provider
-
A unique name to identify the identity provider. This name is for display purposes only and it can be modified later if desired.
-
-
ClientId and Client secret to authenticate with this provider
-
The client Id that will be used during the authentication workflow with this provider.
-
The client secret that will be used during the authentication workflow with this provider.
-
-
Issuer
-
This is the public URL of the identity provider.
-
-
Authorization endpoint
-
The public URL of the OpenID Connect authorization endpoint.
-
-
Token endpoint
-
The public URL of the OpenID Connect token endpoint.
-
-
User info endpoint
-
The public URL of the OpenID Connect userinfo endpoint.
-
-
E-mail domain(s) - these domains will require to login via the Identity provider
Contact our support team when you need help and specifics for setting this up depending on the requirements of your IDP.
After our support team has enabled the connection, they will provide you with the necessary information to continue configuring your single sign-on (E.g. a callback URL). Once you and the Betty Blocks support team have everything set in place, you can turn on the automatic user provisioning in the company settings, these can be found via your My Betty Blocks environment.
Connecting your roles & users
When user provisioning is enabled the access and roles will be managed based on the connected identity provider, which you can connect in your user provisioning overview.
Important: be sure to write the connector with the same capitals and symbols as your IDP otherwise they might not connect.
Users who log in without a provisioning connector to an organization role get their access revoked to that organization. When access is revoked this also impacts the application developer's access to the applications within that organization meaning they won’t be able to access those applications anymore.
During offboarding when users are removed from the identity provider they are not removed from the company & organization within the platform and will have to be removed manually within My Betty Blocks.