{"id":9951,"date":"2024-02-02T19:47:23","date_gmt":"2024-02-02T19:47:23","guid":{"rendered":"https:\/\/when2work.com\/help\/mgr\/?page_id=9951"},"modified":"2024-08-07T17:19:21","modified_gmt":"2024-08-07T17:19:21","slug":"iam-emp-provisioning","status":"publish","type":"page","link":"https:\/\/when2work.com\/help\/mgr\/iam-emp-provisioning\/","title":{"rendered":"IAM Employee Provisioning"},"content":{"rendered":"<div class=\"inforight\">\n<ul>\n<li style=\"text-align: left;\"><a href=\"https:\/\/when2work.com\/help\/mgr\/enterprise-sso\/\">Enterprise SSO<\/a><\/li>\n<li style=\"text-align: left;\"><a href=\"https:\/\/when2work.com\/help\/mgr\/sso-setup-start-here\/\">SSO Start Here<\/a><\/li>\n<li style=\"text-align: left;\"><a href=\"https:\/\/when2work.com\/help\/mgr\/sso-setup-assistant\/\">SSO Setup Assistant<\/a><\/li>\n<li style=\"text-align: left;\"><a href=\"https:\/\/when2work.com\/help\/mgr\/sso-mode-options\">SSO Mode Options<\/a><\/li>\n<li style=\"text-align: left;\"><a href=\"https:\/\/when2work.com\/help\/mgr\/sso-error-codes\/\">SSO Error Codes<\/a><\/li>\n<li style=\"text-align: left;\"><a href=\"https:\/\/when2work.com\/help\/mgr\/sso-glossary\/\">SSO Glossary<\/a><\/li>\n<li style=\"text-align: left;\"><strong><a href=\"https:\/\/when2work.com\/help\/mgr\/iam-emp-provisioning\/\">IAM Emp Provisioning<\/a><\/strong><\/li>\n<\/ul>\n<\/div>\n<p data-renderer-start-pos=\"8758\"><strong>Employee Provisioning for IAM &#8211; Okta\/Azure<\/strong><\/p>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"1\">\n<p data-renderer-start-pos=\"8804\">In contrast to IDP-only &#8220;signin with&#8221; first-time linking process, under IAM, employees must be independently provisioned (i.e. linked to the externally managed user in the IAM directory) by a manager before they can access WhenToWork. In this case, employee user types are never prompted to enter a w2w login id and password.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"1\">\n<p data-renderer-start-pos=\"9132\">New page at <em data-renderer-mark=\"true\">EMPLOYEES \u2192 Okta\/Azure Employee Provisioning<\/em> provides the tools needed to provision new or existing employees.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"1\">\n<p data-renderer-start-pos=\"9256\"><strong>Grid with three views &#8211; New\/Existing\/Deleted<\/strong><\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"2\">\n<p data-renderer-start-pos=\"9302\"><strong data-renderer-mark=\"true\">New<\/strong> &#8211; Added to IAM directory, but not yet linked to a w2w employee.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"3\">\n<p data-renderer-start-pos=\"9371\">On the right of the list of ext users, there are two columns, Emp Action and Mgr Action. Click on either cell or both set a pending action to provision an existing w2w employee as either employee or manager or both, or to create and provision a new employee or manager.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"3\">\n<p data-renderer-start-pos=\"9642\">All actions are executed by clicking on the Save button.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"3\">\n<p data-renderer-start-pos=\"9700\">After provisioning changes are saved, affected users will henceforth appear in the &#8220;Existing&#8221; list.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"2\">\n<p data-renderer-start-pos=\"9801\"><strong data-renderer-mark=\"true\">Existing <\/strong>&#8211; Link exists between IAM directory and active w2w employee.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"3\">\n<p data-renderer-start-pos=\"9872\">Shows employee status in the &#8220;Is Emp&#8221; and &#8220;Is Mgr&#8221; columns.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"3\">\n<p data-renderer-start-pos=\"9933\">Provisioning links can be removed by selecting rows and clicking on &#8220;Unlink SSO&#8221;.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"3\">\n<p data-renderer-start-pos=\"10016\">Modifications of provisioning for users in the Existing list can only be accomplished by first unlinking. Unlinking returns the user to the New list, wherein provisioning can be selectively added.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"3\">\n<p data-renderer-start-pos=\"10215\">Final column &#8220;Last Login&#8221; displays an icon which indicates whether the user&#8217;s last login succeded or failed. Click on that cell for detail.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"2\">\n<p data-renderer-start-pos=\"10356\"><strong data-renderer-mark=\"true\">Deleted <\/strong>&#8211; w2w link exists for active w2w employee, but deleted\/missing from external IAM directory.<\/p>\n<\/div>\n<div class=\"fabric-editor-block-mark fabric-editor-indentation-mark\" data-level=\"3\">\n<p data-renderer-start-pos=\"10457\">Provisioning links can be removed by selecting rows and clicking on &#8220;Unlink SSO&#8221;.<\/p>\n<\/div>\n<p data-renderer-start-pos=\"10540\">FAQ:<\/p>\n<p><strong>Provisioning users is very slow.<\/strong><\/p>\n<div>If your user directory is very large, you may experience slow response when provisioning users. This condition can be improved by fashioning a Users Query Url with a filter that limits the result set to only the people that belong to your organization. Note the following example:<\/div>\n<div><a href=\"https:\/\/graph.microsoft.com\/v1.0\/users?$filter=officeLocation\" target=\"_blank\" rel=\"noopener\">https:\/\/graph.microsoft.com\/v1.0\/users?$filter=officeLocation<\/a> eq &#8216;My Dept&#8217;<\/div>\n<div>\u00a0<\/div>\n<div>Consult Microsoft Graph API online docsfor information regarding query URL syntax:<\/div>\n<div><a href=\"https:\/\/learn.microsoft.com\/en-us\/graph\/api\/user-list?view=graph-rest-1.0&amp;tabs=http\" target=\"_blank\" rel=\"noopener\">https:\/\/learn.microsoft.com\/en-us\/graph\/api\/user-list?view=graph-rest-1.0&amp;tabs=http<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Enterprise SSO SSO Start Here SSO Setup Assistant SSO Mode Options SSO Error Codes SSO Glossary IAM Emp Provisioning Employee Provisioning for IAM &#8211; Okta\/Azure&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/when2work.com\/help\/mgr\/iam-emp-provisioning\/\">More<span class=\"screen-reader-text\">IAM Employee Provisioning<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/when2work.com\/help\/mgr\/wp-json\/wp\/v2\/pages\/9951"}],"collection":[{"href":"https:\/\/when2work.com\/help\/mgr\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/when2work.com\/help\/mgr\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/when2work.com\/help\/mgr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/when2work.com\/help\/mgr\/wp-json\/wp\/v2\/comments?post=9951"}],"version-history":[{"count":10,"href":"https:\/\/when2work.com\/help\/mgr\/wp-json\/wp\/v2\/pages\/9951\/revisions"}],"predecessor-version":[{"id":10191,"href":"https:\/\/when2work.com\/help\/mgr\/wp-json\/wp\/v2\/pages\/9951\/revisions\/10191"}],"wp:attachment":[{"href":"https:\/\/when2work.com\/help\/mgr\/wp-json\/wp\/v2\/media?parent=9951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}