Auto User Provisioning

Variphy now allows auto creation of named user accounts and associates them to predetermined application security groups.

This concept introduces new, configurable functionality which is intended to ease/simplify the provisioning of new user accounts by:

• Not requiring Administrators to manually create each individual user account for their desired user base in Variphy
• Configure/enable
  1. Either a valid Active Directory or SAML for Single Sign-On (SSO) configuration REQUIRED
  2. One or more “Default User Groups” which new auto-provisioned users will automatically be added to in order to provide them desired initial privileges

This article assumes you have Active Directory or SSO configuration in place. For additional information on activating Active Directory Authentication or Single Sign-On authentication please review the appropriate documentation.

• Active Directory Server configuration Knowledge Base article here.
• SSO SAML with Azure configuration Knowledge Base article here. Webinar video here.
• SSO SAML with Google configuration Knowledge Base article here.
• SSO SAML with Okta configuration Knowledge Base article here. Webinar video here.

Check Active Director or Single Sign-on Authentication configurations.

To Validate you are using AD Authentication or SSO Authentication navigate to the appropriate User Authentication section in the System Settings menu.

Configuring Auto User Provisioning

1. Navigate to System Settings Gear–>User Authentication–>User Accounts & Groups:

2. Select User Groups to create a permissions group that your Auto Provisioned users will join when they first login.
   • At least 1 User Group must be created to allow provisioned level of access into the application. For Additional Information on creating user groups please review the “Configuring User and Group Permissions in Variphy” article.
3. Once your User Group is configured navigate to the Settings menu in User Accounts and Groups and turn on Enable Auto User Provisioning.

4. Select the appropriate authentication type SAML for SSO Authentication or Active Directory.

5. Using the corresponding drop down menu select the appropriate SAML Config or Active Directory Server.

6. Select the Default User Group configured in step 2.

7. Enable “Alert When New Users Auto Provisioned” to receive emails each time a new user is provisioned.

Users seeking access and provisioning will simply just need to browse to the Variphy web user interface. Active Directory credentials or SSO SAML login will automatically allow access into the application after verification.

Active Directory Auto User Provisioning Example.

SAML SSO Auto User Provisioning Example.

Newly authenticated and authorized users will be allowed access into the application per the default User Groups permissions and privileges assigned.

Notes worth mentioning

• If SSO or AD authentication is not configured properly or that user is not part of the authentication string, and login failure will appear.

• If no active SAML or Active Directory configurations exist, warning message(s) will be present and prevent saving of the Auto User Provisioning.

• If Authentication Type of Active Directory is chosen, at least 1 default User Group must use the selected AD Server.

• Cannot remove or delete a User Group if it is the default group for the Auto User Provisioning.

• Cannot remove or delete Active Directory Servers that are used for the Auto User Provisioning.

• Users cannot use Active Directory if SSO is enabled.

• Cannot change Active Directories on the default Auto User Provisioning user group