Identity Provider
The Axon Ivy Engine allows you to connect external Identity Providers (IDPs) to automatically create, maintain, and deactivate your workflow users. Axon Ivy Engine never removes or deletes users, it just deactivates them.
Axon Ivy Engine currently offers interfaces for three different IDPs:
If an IDP supports daily user synchronization (which all standard IDPs do), you can make the following settings for all of your IDPs:
1UserSynch:
2 # Shall we synchronize a user with the Identity Provider at login?
3 # If the user does not exist yet, he will be synchronized anyway. In case of slow Identity Provider
4 # connections, it can make sense to set this to false.
5 OnLogin: true
6
7 OnSchedule:
8 # Shall we run the daily Identity Provider user synchronization job?
9 # When the synchronization runs is defined by Time.
10 Enabled: true
11
12 # Time of day when the security system will synchronize the users.
13 # The engine has to be running at this time otherwise the synchronization will not be executed.
14 # Daily synchronization can be switched on or off by setting Enabled.
15 # Format is hh:mm. e.g. "02:00" or "14:15"
16 # [daytime]
17 Time: "00:00"
18
19 # Shall we import NEW users with the Identity Provider on schedule?
20 # This setting does not affect synchronization of existing users.
21 # If ImportUsers is set to:
22 # true: NEW users are imported on schedule.
23 # If a user has not yet been imported by the user synchronization job, she is also imported the first time she logs in.
24 # false: NEW users are not imported on schedule.
25 # Instead, a NEW user is only imported the first time she logs in.
26 ImportUsers: true