Workflow: Provision AAD users into WFO application (WFO Admin procedures)

A WFO Administrator follows the steps in this workflow to perform the procedures associated with automatically provisioning users from an Azure Active Directory One of the main user authentication methods supported in the system, allowing customers to leverage Windows Authentication as the authentication mechanism in the system. (AAD) into the WFO application in an on-premises environment.

Before you begin 

Perform the Prerequisite: Enable the 2020R1 - Provisioning with SCIM license procedure.

Workflow 

  1. Enabling administration of user attributes from IDP server

    If you are managing an existing SAML IDP, you must be enabled to administer these employee attributes from the IDP server. Once provisioning is complete, you cannot change these attributes from the employee Profiles screen in the WFO application.

  2. Create an organization in which to provision users

    You must create a dedicated organization in which to provision the users. Create this organization from the enterprise root organization. Use this organization only to support the provisioning process. Do not use this organization for application use.

  3. Select the organization for provisioning

    Select the organization you have just created in the Provisioning Settings of the WFO Feature Settings.

  4. Create a JWT token in the Provisioning Settings of the WFO Feature Settings

    The JWT token is required for authentication when the Azure Active Directory (AAD) provisioning process connects to the WFO application using the SCIM protocol.

  5. Communicate the Tenant URL and the JWT Token to the Cloud Services Administrator

    Communicate the Tenant URL and JWT Token on the System Management Module that allows performing suite-wide system management activities from a single, Web-based application, the Enterprise Manager., General Settings, Feature Settings, Provisioning Settings screen to the Cloud Services Administrator.

  6. View the new employees in the WFO application

    After the Cloud Services administrator completes the provisioning process, you can view the newly created employees in the WFO application.

  7. Move employees to the organization to which they belong

    Currently, the provisioned users exist in the organization that you created to support the provisioning process. In this procedure, you move the employees from the organization created to support the provisioning process into the organization to which each employee belongs.

  8. Configure access rights for the provisioned users

    Configure the access rights for the provisioned users by assigning security roles and scopes to the provisioned users from the User Management Module that an administrator uses to create a profile for each employee in their organization., Security, User Access Rights page.