This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Role Based Provisioning
This topic provides instructions on how to provision users to a trusted identity provider from the WSO2 Identity Server, based on the user roles. 'User provisioning', in general, involves enabling and managing access to resources. In outbound provisioning, the user is provisioned to the trusted identity provider at the point of user creation. In role based provisioning, the user is provisioned when the user is added to a preconfigured role, and the user is deleted from the trusted identity provider, when the user is removed from the role.
Configuring an identity provider
- Download the WSO2 Identity Server and run it.
- Log in to the Management Console as an administrator.
- Navigate to the Main menu and access the Identity menu. Click Add under Identity Providers.
See the Configuring an Identity Provider topic for more information. - Enter "role based provisioning" as the Identity Provider name for this scenario.
- Configure the Outbound Provisioning Connectors with SPML, SCIM or Salesforce connecter.
Expand the Role Configuration section and enter a role name (or set of roles as a comma separated list) for the Identity Provider OutBound Provisioning Roles field as seen below.
For this flow, a role named "provision" was created and has been entered here.If you do not have roles already, see the Configuring Role and Permissions topic to add roles.
- Click Update to save changes.
Configuring outbound provisioning
- In the Main menu, under the Identity section, click List under Service Providers. The list of service providers you have added appears.
- Click the Resident Service Provider link.
Expand the Outbound Provisioning Configuration section and enter the name of the identity provider you just created, and select the connecter from the dropdown list.
If you enable Blocking, WSO2 Identity Server will wait for the response from the Identity Provider to continue.
- Click Update to save changes.
Provisioning Users
- In the Main menu of the management console, click Add under Users and Roles under the Identity menu.
- Click Add New User. See Configuring Users for more information.
- Provide a username and a password(with confirmation) and click Next.
Click Finish to create the user.
At this point, the user is not yet provisioned to the identity provider.
- On the Main tab in the management console, click List under Users and Roles in the Identity menu.
Click Users and then click the Assign Roles action of the newly created user. Select the "provision" role (or any role added in the Role Configuration section of the identity provider) and click Finish.
The user is now provisioned to the identity provider.
Remove user from the identity provider
- On the Main tab in the management console, click List under Users and Roles in the Identity menu.
Click Users and then click on the Assign Roles action of the newly created user. De-select the "provision" role (or any role added in the Role Configuration section of the identity provider) and click Finish.
The user will now be removed from the identity provider.