There are two ways that users are added to the application: automatically and manually.

Automatic user registration and provisioning

If you have enabled Single Sign On for your application, your users will be automatically provisioned the first time they enter the application. During the Single Sign On configuration process, your organization will define the default role and default application for your users. Subsequent changes to the assigned role and default application can be made manually in the admin portal for the respective application.

Your organization’s identity provider will pass the user’s information from the corporate directory to Ravnur. Ravnur limits the user information to:

  • First name
  • Last name
  • Email address
  • UID (optional, email address can also be used as a unique identifier)

At no time does Ravnur have access to, store or use the user’s password. When Single Sign On is enabled, authentication is carried out by your organization’s identity provider (e.g. Azure Active Directory). Ravnur has established trust with the identity provider and will accept the response.

Ravnur creates two additional user parameters from the supplied data:

  • Display name. This is changeable at any time by the user. For example, the corporate directory may list you as Elizabeth, but you prefer Liz. You would change the Display Name to Liz and this would ensure that your name is displayed as Liz everywhere in the application. Display name is not unique in the application (username is unique, but that is not displayed). The default display name value is the first name last name passed by the identity provider.
  • User name. This is the unique identifier for the user. Depending on the configuration with your identity provider, it may be the UID or email address.

Manual user creation is needed when using OAuth

If you are using social identity providers (e.g. login using a Google, Microsoft or Facebook button), you’ll have to create the user manually in the admin portal before the user can access the application. Unlike the SAML integration with automatic user provisioning described above, the OAuth process works like this:

  1. User authenticates with the OAuth identity provider
  2. The identity provider authenticates the user and sends the user to the Ravnur application.
  3. If the user is an already registered and active (i.e. not disabled, not deleted) user in the application, the user will be granted access.

Ensure that the user’s email address matches the email address they’ve registered with the social identity provider or the access will be denied.

How to add a user manually

  1. In the admin portal, click on Settings Users
  2. Click on the blue Create user button in the upper right corner of the user list.
  3. Enter the userโ€™s first name, last name and the email address. Please make sure that this email address is either a Google ID or a Microsoft ID or the user will not be able to authenticate.
  4. The username will be automatically defaulted to the first part of the email address (before the @). You can change the username before saving, but once the user has been created the username cannot be changed. Usernames are limited to a-z, 0-9 and dots, dashes and underscore characters.
  5. Assign a role
  6. Click on Create to save the user.

Was this article helpful to you?

Ravnur

Posts

Comments are closed.