Auto Provisioning

In this Lesson

You will learn how you can provision users automatically – as they sign on.


Auto provisioning is the ability to assign security groups to users as they are signing on to a solution. It is designed to reduce the burden associated with defining user security for certain types of solutions.

Let’s look at an example…

Imagine a solution offering different levels of access for directors, managers, and associates within an organization. Furthermore, let’s say the organization has a human resources system which identifies the job position for each employee.

Auto provisioning could be used to look up the user’s job position in the human resources system and then grant them the appropriate security group at the time they sign on. This provides the following benefits

  • Reduced costs
    There is no need to predefine the security access for each user.
  • Improved accuracy
    The user’s access to the solution is guaranteed to match their job position.

User Service

Auto provisioning is provided by the user service. A user service is a class which implements The interface specifies the following method

The auto provisioning process works like this

  1. The user attempts to sign on
  2. The authentication services validates the user and if the credentials are valid it calls the checkUserSecurity method.
  3. The method receives the groups which are currently provisioned to the user.
  4. The method returns one of two values
    • null in which case the user’s security groups are left unchanged.
    • A List containing zero or more security group IDs. The user’s security groups for the product will be replaced by the groups in the list, if any.

Custom User Service Considerations

When it comes to user provisioning there is a catch-22 which must be resolved for custom user services.

Here is the catch: the server console is used to assign groups to users – but no users have access to the console.

You need some way to provision at least one user administrator who can then manage security for the other users.
Here are two options:

  • Use the provisioning APIs to set up the administrator
  • Use auto-provisioning

The auto-provisioning option would look something like this

That’s all for this lesson.