Setting up app-specific provisioning

This section includes a general overview of how you set up applications to automatically handle user provisioning. For additional details, refer to the documentation for that app.

What you do to set up user provisioning for applications (an overview)

  1. Open an application’s Provisioning tab and select Enable provisioning for this application.
  2. Select either Preview Mode or Live Mode.

    • Preview Mode: Use Preview Mode when you’re initially testing the application provisioning or making configuration changes. When the identity platform next runs a synchronization job, it processes this application but does not save any user account changes in the application. When you’re sure that the provisioning configuration is correct and the preview results match what you expect, you then enable the application for Live Mode.
    • Live Mode: Use Live mode when you want to use application provisioning in your production system. The identity platform does the provisioning run and saves the changes to both the identity platform and the application’s account information.
  3. Enter and verify the provisioning credentials or select authorize to connect with the application provisioning APIs.

    The credential values are obtained from the administrator page for each application. Each application is different, so the credentials and field values that you supply will vary.

  4. Add Admin Portal roles to the application, and you map those Admin Portal roles to groups, roles, or other similar items that are defined in the target web application.

    The connection of the Admin Portal role to the target application role (or other item) is a role mapping. Each application is different and what you can map a role to is different for each application.

    You specify which users have access to the application with the roles you add in the application’s User Access tab. You specify what kind of access those users have in the target application by assigning roles in the application’s Provisioning > Role Mappings area.

  5. Synchronize the user accounts in your directory service with the accounts in the application.

    Refer to Provisioned account synchronization options for more information.