When performing Automated Provisioning, such as Just-in-Time Provisioning or SCIM, you will need to map attributes for your user data.
📚 Overview
Automated Provisioning is an efficient means of creating users for your Living Security application, and maintaining those users through automatic updates via your Identity Management service. In order for this automated functionality to work however, it will require your organization to front load some initial labor towards properly configuring/mapping the attributes of your user profiles to fields that the Living Security application will require in order for your users to be granted access successfully.
🛂 Prerequisites
Before you begin the process of conducting your attribute mappings, we recommend you ensure you have validated what form of Automated Provisioning you wish to enable for your environment. We have a detailed breakdown of the two methods of automated provisioning, which can be found in the below articles. For a quick reference, the different processes are broken down as such:
🙅 Please note that you cannot enable both SCIM and Just-in-Time Provisioning.
- SCIM - User Profile Creation and User Profile Updates are conducted automatically via your Identity Management service's SCIM Provisioning functionality. Creation and Updates are submitted at intervals set by your IT Organization policy.
- Just-in-Time - User Profile Creation and User Profile Updates are conducted automatically via your Identity Management service upon User Login through SAML Single-Sign on.
✅ Attributes Mappings
Based on the method you choose to conduct your provisioning, you will need to map your attributes based on your preferred method below:
⚙️ SCIM
SCIM provisioning for Living Security applications support the below Attribute Maps.
In order to Configure Attribute Mapping for your chosen Identity Management service, please see below articles.
🕛 Just-in-Time Provisioning
In order to use Just-in-Time provisioning, you will need to map the below attributes in your Identity Management service.
| Application Attribute | Outgoing Value |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city | Locality |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/companyname | Organization |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country | Country Code |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/department | Department |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/division | Division |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | Given Name |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/jobtitle | Title |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/manageremail | managerEmail |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/managername | Manager |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/roles | Role |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/state | Region |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | Family Name |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/timezone | Timezone |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/usertypeusertype | usertype |
In order to configure your Attribute Mappings for Just-in-Time Provisioning, please see the below articles based on your Identity Management Service.