Identity Provisioning Framework¶
The identity provisioning framework is the main component that handles user/role provisioning in MWARE IAM. The WSO2 Identity Provisioning framework can be separated into three main components:
- Inbound provisioning: used by the external applications to provision users to MWARE IAM
- Outbound provisioning: responsible for provisioning users from MWARE IAM to external applications
- Userstore management: used to persist users within the system
Inbound provisioning¶
Inbound provisioning focuses on how to provision users to MWARE IAM.
The userstore manager receives provisioning requests from the provisioning framework. These provisioning requests are handled and the relevant userstore is updated. The request can affect multiple userstores if the configuration is such. Once this request has been handled, an update is sent back to the provisioning framework.
Outbound provisioning¶
Outbound provisioning focuses on provisioning users to external systems. This can be initiated by any of the following.
- An inbound provisioning request (initiated by a service provider or the resident service provider)
- JIT provisioning (initiated by a service provider)
- Adding a user via the MWARE IAM portal
- Assigning a user to a provisioning role
MWARE IAM supports outbound provisioning with the following connectors.
- SCIM
- SPML
- Google Apps provisioning API
- Salesforce provisioning API
To set up outbound provisioning, one or more outbound provisioning connectors need to configured for a given identity provider, and the identity provider should be associated with an application. All the provisioning requests must be initiated by an application registered in MWARE IAM and will be provisioned to all the identity providers configured in the outbound provisioning configuration of the corresponding application.
The provisioning request comes into the outbound provisioning component from the provisioning framework. This request will then go to the relevant connector.
Top