User Provisioning will allow you to manage all of your users, including Core System, Hiring Managers & Employees from your central directory, automatically creating, deactivating and adding permissions & roles as required.
In order to set this up, you will need to access to Eploy, with the relevant Manage User Type Security Permission. This permission will then give you access to User Provisioning within the Admin Menu.
To learn about how to configure User Provisioning within Azure, please see here.
User Provisioning
Within User Provisioning, there are three tabs to configure before you can activate the tool, including Settings, Users & Groups.
As well as fully configuring the tool before being able to activate, there are also some other additional prerequisites:
- All users must be linked with a contact in Eploy before you can activate the tool. Best practice is to always create users against contacts anyway, but if you do have any that aren't aligned, you will need to fix this first.
- All active users that are against the same contact, must have the same username. So if you have a contact that is associated to a Standard User as well as a Hiring Manager, the username must match.
- No users of the same type (i.e. two hiring managers) can have the same username - they all need to be unique. So whilst all the users against one contact need to be the same (as above), that one contact cant have more than HM user etc.
If you see any warnings like these, click through the link to access the records that require updating, before returning to the User Provisioning settings to confirm the issue resolved.
Settings
The other settings then include the SCIM Details, plus how Standard users, Hiring Managers and Employees are then managed:
- URL - This is the Tennant URL which you need to enter to set up the application within Azure.
- Generate New Token - As part of the application set up, you will need to enter a secret token, which can be generated here.
Important - Generating a new token will invalidate any already in use, so only do this if you are replacing all instances in which the token has already bee used (or if it is not yet in use). For more information on setting up the application within Azure, please see the help content here.
Enabling Standard Users / Hiring Managers / Employees
Up next, there are three sections for the different type of users you can manage with provisioning. All you need to do is opt in (select YES) and then determine the method used.
For the method there are two options:
- Import Only - This means new users and roles will be assigned, but never removed using the integration. If you wanted to restrict access whilst using this method, you would need to do so manually.
- Fully Managed - This means that roles and access will be assigned and removed automatically, based on the information received. This will deactivate users and prevent access when they leave (as well as if it is not set up correctly).
As well as the method, you can determine if users can be created manually or not.
Contacts
As well as determining how to manage users & roles, you also need to set appropriate statuses for Contacts as they are created / deactivates / reactivated.
This will allow you to track contacts in the system using reports and dashboards based on the status.
Hint - You can create new statuses within Admin - Drop Down Lists, before selecting the list for Contact Status. Each status can either be an active or terminating status.
Matching Criteria
The final setting is to determine how contacts are managed when they don't match with a company. i.e. they are imported but the CompanyExternalID is not included. In this scenario, you can:
- Set a Company record, which all new contacts where there is no CompanyExternalID included will be imported against. This will then allow you to manually move them to the correct part of your structure once the users have been created.
- Leave the Company field blank, which means that these records will be ignored. They will not be imported as there is no company to associate them too.
Once fully configured, you can then click Save to confirm your settings. From here you can either view the User & Groups tabs to ensure that users will be managed correctly or if this has already been done, activate the tool in full at the top.
Hint - Once up and running, if there's ever the need to re-sync (after a settings change etc), then you can do so from here.
For more information on the Users & Groups tabs, please see the help content available here.