Employee Provisioning for IAM – Okta/Azure
In contrast to IDP-only “signin with” first-time linking process, under IAM, employees must be independently provisioned (i.e. linked to the externally managed user in the IAM directory) by a manager before they can access WhenToWork. In this case, employee user types are never prompted to enter a w2w login id and password.
New page at EMPLOYEES → Okta/Azure Employee Provisioning provides the tools needed to provision new or existing employees.
Grid with three views – New/Existing/Deleted
New – Added to IAM directory, but not yet linked to a w2w employee.
On the right of the list of ext users, there are two columns, Emp Action and Mgr Action. Click on either cell or both set a pending action to provision an existing w2w employee as either employee or manager or both, or to create and provision a new employee or manager.
All actions are executed by clicking on the Save button.
After provisioning changes are saved, affected users will henceforth appear in the “Existing” list.
Existing – Link exists between IAM directory and active w2w employee.
Shows employee status in the “Is Emp” and “Is Mgr” columns.
Provisioning links can be removed by selecting rows and clicking on “Unlink SSO”.
Modifications of provisioning for users in the Existing list can only be accomplished by first unlinking. Unlinking returns the user to the New list, wherein provisioning can be selectively added.
Final column “Last Login” displays an icon which indicates whether the user’s last login succeded or failed. Click on that cell for detail.
Deleted – w2w link exists for active w2w employee, but deleted/missing from external IAM directory.
Provisioning links can be removed by selecting rows and clicking on “Unlink SSO”.
FAQ:
Provisioning users is very slow.