Hello there!

Need Help? We are right here!
support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

User Provisioning and Deprovisioning

Create, manage, & delete your external and internal users access to on-premises, cloud, and hybrid apps.

Free Trial Setup Document App Integrations Request a Demo

User Provisioning Deprovisioning

What is User Provisioning?


User Provisioning is an Identity Access Management (IAM) process that involves the process of creating, updating and deleting a user's account and access in multiple applications and systems at once. Account and access management avail user / employee’s information such as name, attributes, group name and other related data which helps to grant or deny access accordingly. Need to provision arise when information is added or changed in a “original system database ”(e.g. HR system, Institute Database). Hiring, promotions, transfers, are examples of events that can set off provisioning. Provisioning ensures user’s access rights are up to date, without manual efforts.

On- Premise User provisioning with multiple app integration


User Provisioning working

What is Deprovisioning?


Deprovisioning means deleting a user and removing their access from multiple applications and network systems at once. Deprovisioning action is triggered when an employee leaves a company or changes roles within the organization. Deprovisioning removes individual accounts on file servers, authentication servers, such as Active Directory, which helps organization’s to free up disk space, ports, certificates and company-issued computers for future use. Deprovisioning prevents former employees from accessing corporate resources after he leaves the organization,improving security and confidentiality of the organization.This keeps the organisation’s applications secure and reduces administrative costs and time.



What is Group Provisioning?


Group Provisioning is required when you want to maintain the same user hierarchy and access control in multiple applications at once. You can sync users with their corresponding group names between different applications. Suppose in your organization all users are stored in AD with specific groups e.g Developer, Tester, and Marketer. If a Developer group user wants to access both Developers and Tester Tools application, then group provisioning comes in frameto help out in this use case. Group Provisioning syncs user groups with all related applications and provides equivalent access accordingly.

2FA (Two-factor Authentication) working


Some of Distinct User Provisioning Solutions Provided by miniOrange


Steps to setup User Provisioning


If you want to sync your users with miniOrange for Identity and Access Management (IAM). No matter where your users are stored AD or Database.


Steps to setup Group Provisioning


If you want to sync your user groups with miniOrange and maintain the same user hierarchy and access control in miniOrange as in your Active Directory.


FEATURES

Real-Time Provisioning

It means that disabling a end-user in any application will directly target miniOrange within a second.


Scheduled Provisioning

You can import users from directory to miniOrange at regular intervals on an hourly, daily or weekly basis.


Import Users

You can import users in a bulk amount from several applications/directory.




Automatic Deprovisioning

It automatically deactivates user accounts in the systems when user leaves the team or organization.


User Management

Accommodates the full user lifecycle by creating, updating, removing user data in connected application.


Reduce Human Involvement

Changes in Active Directory are automatically synchronized to downstream applications within a seconds.


BENEFITS



Enhance Security

Improve security by assigning different permissions level on role based with automatic provisioning within apps.

Reduce Cost

Reduces the cost of identity access management (IAM) operations by automating onboarding and offboarding processes.

Increase Efficiency

Provide employees, contractors and partners with access to the applications they need when they need it.

Reduce Complexity

Administrators can automatically provision and administer multiple application accounts from one centralized system.


What is Automated User Provisioning?

Automated User Provisioning means making manual processes of Onboarding and Offboarding employee’s automatic. Automated User Provisioning removes the difficulties and delays caused while manually managing profiles, account privileges thus preventing gaps in security by minimizing the impact of human error, and provides better ease of operation. Manually creating employee accounts means that someone within an organization knows your password — which is likely a very insecure process. Similar sorts of situations of human error occur like, employee could accidentally be provisioned to systems and data that they shouldn’t have access to, or still have access once they leave your organization.

Automating user provisioning and deprovisioning removes these sorts of risks, providing individuals with permissions in a safe and private manner. The process ensures that a employee is provisioned for on-premises and external apps based on their role’s attributes. These attributes and permissions are then stored in one central database, ensuring they can be easily modified as employee role changes. When departments or teams execute a new tool or modify an employee's position, access can also be rolled out based on group rules. Provisioning provides employees with access only when it is necessary, preventing any security gaps that hackers could exploit to gain unauthorized access to sensitive organization information.


Pre-Integrated Apps for Provisioning and Deprovisioning




Active Directory Provisioning

Active Directory
Provisioning and Deprovisioning in Google App

G Suite App
AWS Cognito provisioning and deprovisioning

AWS Cognito




Active Directory (AD) Provisioning

Active Directory (AD) provisioning can help your organization to manage resources between your cloud applications and on-premises systems (AD and applications). This helps enterprises to have a simplified user & access management (IAM) and permit access to the applications and systems in a simple and intuitive manner. AD provisioning allows administrators to assign employees and users the appropriate access management (IAM) provisioning levels to company resources as per their department (HR, Finance, IT, Operation, Marketing etc).


Steps to setup User Provisioning


Given below are the steps to setup User provisioning in miniOrange IDP. As an example, we will be setting up Active Directory (AD) for user provisioning. At the end of this setup, we will have configured Active Directory (AD) User Provisioning. After integrating Provisioning admin will be able to perform operations like import, create, delete, update, change the password from the miniOrange console and these changes will be automatically reflected in the Active Directory.

To configure user provisioning feature refer to the steps given below:

  • Login to the miniOrange Admin Console as a customer.
  • Go to the User Stores, Click on Add Users Store.
  • Configure ldap as a User Store to set up user provisioning with AD/LDAP. You can choose any of the user store mentioned there.
    • Store LDAP Configuration in miniOrange: Keep configuration in miniOrange. Make sure to open the firewall to allow incoming requests to your LDAP.
    • Store LDAP Configuration On-Premise: Keep configuration in your premise and only allow access to LDAP inside premises. You will have to download and install miniOrange gateway in your premise.
    Configure LDAP for AD provisioning

    Note: If you want to setup AD as a user store for the first time, refer to step-1 of this document.

  • Select the provisioning option.
  • Select the Active Directory from the drop down menu in Select Application.
    • Select AD Provisioning

  • Enable the provisioning features you want for users.
  • Click on the Save Button to save the configuration and you will see the successful message on the top.

    • Enable Provisioning and save Configuration

  • To import the users from Active Directory, go to the Import Users tab.
  • Select the Active Directory from the drop down menu and click on import.

    • Import user from AD for provisioning

  • Now go to the Users >> User List and you will find the all the users imported from Active Directory.

    • List of users imported from Active Directory provisioning

  • To create a user in miniOrange, Go to Users >> User List >> click on the Add User button. Fill out user basic information and click on Create User button.

    • User Provisioning and Deprovisioning Add User

  • After creating user in miniOrange it will automatically create the same user in AD.

    • User automatically created and provisioned in miniOrange

    View user details after AD Provisioning


Steps to setup Group Provisioning (Sync) with Active Directory (AD)


You can also set up Group Provisioning (Sync) with miniOrange to enable syncing of Active Directory (AD) groups in miniOrange. This will also help you maintain the same user hierarchy and access control in miniOrange as in your Active Directory. You can sync users with their corresponding group names between AD and miniOrange. The user groups will be automatically provisioned and deprovisioned in miniOrange when they are created or modified in AD and vice versa. The groups will be created on the fly if they are not present in miniOrange. You can follow the below instructions to setup AD Group Sync:

  • Go to miniOrange Dashboard >> Userstore and edit the AD configuration which you have set up earlier.
  • Enter the name of AD group attribute in Group Attribute textbox. If you are using default settings in AD leave it to memberof. Now, Save the settings
    • Active Directory (AD) Group Attribute

  • Go to provisioning. Select Active Directory from Dropdown menu.
    • Select Active Directory

  • Enable Import Groups option.
  • Enter base DN for group sync.
    • Note: if you want to find group base dn, enter following command in windows command prompt. dsquery ou -name (known organisational unit)
  • Save and go to Import groups.
    • Import groups after AD provisioning

  • Select Active Directory and click on import. Your groups will be imported.
  • If you also enable Assign Users to groups, imported users will be assigned to respective groups in miniorange
The Active Directory Group Provisioning (Sync) setup is done. Now, whenever a user is created or modified and if the group sync is enabled, the user group attribute will be automatically synced and the user group will be assigned or changed accordingly in miniOrange.

Our Other Identity & Access Management Products

Single Sign-On

Eliminate the need to remember or type enter usernames and passwords

Learn more

Two Factor Authentication

Secure user identity with an additional layer of authentication

Learn more

Adaptive Authentication

Restrict access to apps based on IP, Device, Time & Location

Learn more

Identity Brokering

An intermediary which connects multiple applications with various different IdPs

Learn More