Brightspace Provisioning & Deprovisioning
Brightspace User Provisioning allows to create account in a simplified way and link Brightspace users' account to their existing or new apps. Brightspace Provisioning automates user provisioning with their identities. Brightspace User Provisioning enables a user to get instant access to their third-party apps with a single click.
Provisioning saves time when setting up new users and teams, and also manages access privileges through the user lifecycle. miniOrange can create, read, and update user accounts for new or existing users, remove accounts for deactivated users, and synchronize attributes across multiple user stores.
Deprovisioning means deleting a user and removing their access from multiple applications and network systems at once. Deprovisioning action is triggered when an employee leaves a company or changes roles within the organization
The deprovisioning features increase your organization's security profile by removing access to sensitive applications and content from people who leave your organization.
Prerequisites
- Brightspace Provisioning prerequisites
- You should sign-in to the Brightspace as an administrator with webhook access.
- miniOrange prerequisites
Provisioning & Deprovisioning Scenarios
miniOrange provides solutions for all scenarios of provisioning, which includes AD Integration, LDAP Integration and automated provisioning for all External Applications such as Office 365, Google Workspace, Brightspace, etc
Follow the Step-by-Step Guide given below to setup Brightspace Provisioning
1. Configure Brightspace Provisioning
- On Brightspace portal select Admin tools and select Manage Extensibility.
- Select OAuth 2.0 and click Register an app.
- Meanwhile, go to the miniOrange portal and on the sidebar select Apps.
- Click on Add Application.
- Under Choose Application, select Provisioning from the All Apps dropdown.
- Select Brightspace Community.
- In API PROVISIONING CREDENTIALS copy the Callback URL.
- Go to the Brightspace page and enter the following details:
- Enter Scope Value as enrollment:orgunit:read enrollment:orgunit:create enrollment:orgunit:delete role:detail:read users:userdata:create,read users:userdata:update
- Paste the "Callback URL" value copied from the miniOrange website in the Redirect URI box.
- Enter Access Token Lifetime as "72000" in Access token box.
- You will receive values for Client Id and Client Secret after configuring the application copy these values.
- Go back to the miniOrange portal and paste the "Client Id" and "Client Secret" and copy the base domain brightspace url in the Base Url Column (For example https://test.brightspace.com).
- Enable Create User and Update User toggle switches and click Save.
- Select Edit on Brightspace Application and select Verify Credentials.
2. Create App Policy
- Go to Policies >> App Login Policy from the side menu.
- Click on the Add Policy tab to add a new policy.
- For the application field, select the application which you created in the above steps.
- For the group field, select the group for which provisioning is to be enabled or simply select the DEFAULT group if provisioning is to be done for all users.
- Provide the policy name. For the login method, select password and click Save.
- Your configuration is now complete.
- Now on assigning user to the group would automatically provisioning the user. However group assignment is not required if it is DEFAULT group.
External References