Provisioning Patterns¶
Provisioning patterns are used to build the username that is needed to create the user in the identity provider. This functionality is available with the google provisioning connector and salesforce provisioning connector. If two users with the same username need to be created in two different user store domains, the user cannot be provisioned to the identity provider with the username only. For such scenarios, provisioning patterns can be used.
Provisioning pattern can be used to create a pattern for the username. It can combine 4 user attributes to create the user id.
- Username - UN
- User Domain -UD
- Tenant Domain -TD
- Identity Provider -IDP
Then provisioning separator can be specified to combine the above mentioned user attributes.
Tip
If provisioning pattern is specified as "{UN, UD, TD, IDP}" and Provisioning Separator is "-", for a user created with the username "user@provisioning.com", in super tenant, primary userstore user will be provisioned to Salesforce with username " primary-user@provisioning.com-carbon.super-salesforce " from a identity provider named as salesforce.
Configure Provisioning Pattern¶
- Login to the management console using administrator credentials.
- Navigate to the Main menu and click List under Identity Providers.
-
Configure the salesforce outbound provisioning connector or the google outbound provisioning connector.
Info
This functionality has been demonstrated on this page, using the salesforce outbound provisioning connector.
-
Edit the outbound provisioning connector configuration of the identity provider and enter a provisioning pattern and seperator for the following fields.
- Provisioning Pattern - Enter a combination of user attributes of the user ID as the pattern, for example {UD,UN,TD,IDP}
- Provisioning Seperator - This can be a character such as a dash ( - ) which is used to seperate the attributes.
- Provisioning Domain - This refers to the user store domain in MWARE IAM. If no value is entered here, the WSO2 IS will take the primary user store domain by default.
-
Click Update to save the changes.
Working with users¶
- On the Main tab in the management console, click Add under Users and Roles in the Identity menu.
- Click Add New User. See Configuring Users for more information on this process.
- Provide a username and a password(with confirmation) and click
Next.
- Click Finish to create the user.
- Login to your already created Salesforce account. O n the left
navigation pane, click Users under Manage Users. You will
see that the user you created in the MWARE IAM has been
added to Salesforce as well.
Observe the username used for the provisioning. It is build using the provisioning pattern you specified in the configuration.