SAML User provisioning

Liz Abraham · ‎08-10-2023

Hello,

I am trying to configure SAML SSO using my pdi and was successful in doing so using the idp.ssocircle IDP and my PDI. Now I want to use user provisioning and that does not seem to work Not sure what I am missing but here is what I did;

a. created another account in idp.ssocircle

b. turned on user provisioning

c. Coalesce is true for email in the transform map

d. "enable auto importing of users ...." is turned on.

Is there anything else I am missing?

Tushar · ‎08-10-2023

Hi @Liz Abraham

make sure that the email address that you are using in the transform map is the same email address that you used to create the account in idp.ssocircle.

If the email addresses are different, then i guess user provisioning will not work.

Please, don't forget to mark my answer as correct if it solves your issue or mark it as helpful if it is relevant for you!

Regards,
Tushar

Liz Abraham · ‎08-14-2023

@Tushar Thank you for the response ! How exactly does user provisioning work? This is what I did. I created 2 accounts inidp.ssocircle, with 2 different email addresses. But only one of them has a record in SNOW. After configuring SAML , I was able to access snow using the first email address. it redirected to idp, i used the email and then logged me into snow.

using the second email address, it logged me out. Do I have to have a record in SNOW with that email address for user provisioning to work? How I understood user provisioning was that it creates the record in SNOW if there isn't one after authentication as long as it is in the idp. Is my understanding wrong?

Liz Abraham · ‎08-23-2023

Hello,

Wanted to reach out and follow up on user provisioning. Question is , do we need a record in ServiceNow user table with email or id for user provisioning to work? or is a record on the idp side enough to authenticate and then it creates a record in servicenow?