This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Identity Provisioning from On-premise to Cloud
Currently enterprise IT solutions adopt products and services from multiple cloud providers in order to accomplish various business requirements. Hence it is no longer sufficient to maintain user identities only in corporate LDAP. In most cases, SaaS providers also need dedicated user accounts created for the cloud service users, which raises the need for proper identity provisioning mechanisms to be in place. WSO2 Identity Server (IS) supports the open standard SCIM for identity provisioning. Additionally, WSO2 Stratos Live is also geared towards supporting SCIM for Identity Provisioning.
This section is about implementing a use case which depicts identity provisioning from on-premise to cloud using Identity Server and Stratos (here, same IS distribution can be used to simulate Stratos IS with multi-tenancy aspects).
In this example, two organizations called wso2.com and willpower.org have their on-premise enterprise Identity Management Solutions running with Identity Server. Both these organizations use cloud services offered by WSO2 StratosLive and have created tenants in there. Now, they want to provision the user account, identity management operations such as creating/deleting users and groups, updating user identity attributes etc which happens in their on-premise Identity Server to the respective tenants they have in StratosLive.
The following diagram gives an overview of the deployment:
In this case, Identity Server is running inside the organizational boundaries of each organization act as SCIM consumers and the Identity Server as a Service is running in StratosLive and acts as a SCIM Service Provider. Each organization can register SCIM provider configurations pointing to their tenant space in StratosLive within enterprise IS instances.
The following is a step by step guide for this.
Step 1: Setup
- Download and unzip IS distribution into three different folders (to represent instances at: 1. WSO2, 2. WillPower, 3. StratosLive).
- Increment the Ports->PortOffset element in
carbon.xml
to indicate that three instances are running in the following ports:
- IS of WSO2: 9443
- IS of Willpower: 9444
- StratosLive IS: 9445
For more information, see Setting up Three Nodes.
Step 2: Creating Tenants
- Login as an admin to the IS instance that simulates Stratos IS in our setup.
- In the Management Console, navigate to the Configure menu and under Multitenancy, click Add New Tenant.
- Create two tenants named "wso2.com" and "willpower.com".
You need to add the following: Domain, First Name, Last Name, Admin Username, Admin Password (repeated) and Email. Additionally, you need to use the drop-down to Select Usage Plan For Tenant. - Click Save.
Step 3: Registering SCIM Providers
Login to the IS instances of WSO2 and WillPower as an admin user and register SCIM provider configurations pointing to their respective tenant spaces in the StratosLive IS instance.
For a more detailed guide on how to register SCIM providers, see Registering SCIM Providers.
Example configurations are as follows:
Sample 1: wso2.com
Sample 2: willpower.com
Step 4: Testing Provisioning
Now you can test creating/deleting/updating users and groups in organizational IS instances and verify if they are provisioned to the particular tenant space of each organization in the StratosLive IS instance.