All About User Provisioning (using WSO2 Identity Server) #Identityin15

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone welcome you all to new episode identity 15 powered by wsu 2. so today session is we are going to discuss all about user provisioning so before i start the session let me introduce myself first i'm brittany lochman working as a senior software engineer and wso2 identity and access management team so if you guys come across any issues or any configuration related issues or any unshear areas please feel free to add your questions in our youtube live chat so when we can take your questions at the end of the session so if and also after these sessions also if you guys trying out this stuff you if you get any questions please feel free to uh add your issues or any uh concerns in our youtube channel so our expertise happy to help you guys always so let's start the session uh let's see what is this user provisioning is first user provisioning is an identity access management process that involves creating updating and deleting a user account and accessing multiple application and system x1 so uh let me explain you with the simple words so uh everyone us are having user accounts and when you go to the bank or school or any institution yoga is having any sort of user accounts with the multiple privileges so these user calls we call it digital identities so there has to be some process to manage these user profiles and by giving the appropriate privileges so this process we call it user provisioning there are three uh methods that we can do the use of the provision but one is inbound provisioning and outbound provisioning and just in time provisioning so throughout these sessions i i'll be uh describing you the with some hands-on sessions about these three user provisioning methods so you will get a more clear picture on how we do this user provisioning using identity and access management process so first let's look at these uh what are these provisioning methods for inbound provisioning creating and managing user identities in the internal system using an external user store we call it inbound provisioning propagating internal user identities to the external system we call it outbound provisioning just in time provisioning we call it jit provisioning so this cheat provisioning is about how to function users to the identity server at the times of federate authentication so this check provisioning allows allows the creation of the user's account automatically for the long-term user in the any of the identity server so this uh just in time provisioning talks about how to provision users to any of the identity server at the times of federate authentication so these are some core concepts of these uh how we do the uh provisioning so let's look at some hands-on session regarding this three user provisioning so you guys get more clear pitch on how we do the user provisioning so um uh to do the demonstration i'll be using ws2 identity server version 5 latest version which is 5.11.0 so you can download the latest product pack from wc official website on the identity server product under try it now you will see the installation options and including the zip archive so you can try out any of the in any installation options here so for demonstrations i already download the uh ws2is a 5110 version and a sip archive and it is already up and running in my local machine so let's uh first go to the uh identity server first login to this cub management console of identity server so uh let's check if there is any uses okay so the admin user is the one who is in the user list so okay so let's uh try with the inbound provisioning first so as i mentioned you earlier impound provisioning is the provision a user uh in the external user store uh which is in the internal system so uh to do this i'm using a whisper identity server as the user store in here external users too so i'm trying to provision a user in identity server so for that time we're using a api request so i'm going to do the schema call a request to the identity server which is fine running online for fourth report so i'm adding authorization of my idt server username and the password and as the body i'm passing the uh username of the user um i'm going to create a provision the user called jack now so let's uh let's send this request okay so the request is success now let's uh go and create go and check if our usage i've got provision in identity server uh go to the uh user sections yeah so the check user got permission use uh by using the inbound transitioning chat user got created in our internal of the external user store so that's how we do the inbound provisioning now let's look at the outbound provision so for outbound provisioning we need to providers for this identity server for this demonstration so as i explained you earlier outbound provisioning provision users to a trusted identity provider so from the w to identity provider so this trusted uh identity provider can be a google sales force or any identity provider that support inbound authentication so the wc2 identity server is supporting uh inbound authentication so i use uh i'm using ws2 identity server as the trusted identity provider so i usually um i already configured another ws2 identity provider and it is up and running in my local machines so it is uh it is a pin 9 for triple 4 port so [Music] i'm going to log into this so if i if i uh configure the outbound provisioning in my identity to identity provider that the user should be a true outbound provisioning configuration though this user supposed to be uh provision in my trusted identity provider so uh first see if there is any use uh in the uh trusted identity provider so under user sections uh there is a jack and admission there so let me uh first let's create the configurations for that you need to configure the identity provider just add identity provider here just talking identity provider and then you need to under outbound publishing connectors you will see the google cell phones and the skin provisioning configurations so this demonstrations i'm using skin production configurations so if you are in your configurations you are using google or salesforce uh you can do at the google and salesforce configurations uh here so in the skin positioning i am adding the username passwords of my trusted identity provider in this case uh let's add me and the use endpoint so uh you send points where we need to provision uh do the outbound captioning and then and then you need to register it um same slide it's already created yeah okay so uh okay so now we go to the uh now we need to configure uh the uh resident service provider which i needed provider we just created in our service in our resident service provider so under the uh inbound provision configurations uh let me go back uh you will see the identity provider which we just created so just add it and you need to update it okay now we did the outbound provision configuration so let's create a user uh let's uh create a called uh tom and uh username and password finish it okay now the tom user got created so let's check uh if the tom user got created in our trusted identity provider okay so the tom user got created here so now that um we can we configure the outbound provisioning and the tom user uh provision in our trusted identity provider so uh that's how we uh do the provisioning using outbound provisioning now let's look at how we do that just in time provisioning so uh to do that uh as i explained you earlier so just in time provisioning provision users to the identity server uh at the times of federated authentication so it is trigger when the identity server uh received a positive authentication response from the external identity provider so for that also we need as i uh as showing the outbound provisioning configurations so for that also we need a two identity server uh server so we can use the urgent provisioning as google or facebook or anything but in this demonstration i'll be using uh another wc to identity server so first first let me uh let me delete what we already created here see that okay so now you need to configure the sp in the uh okay so before that i'll uh like this so for this demonstrations uh i'll taking as i explain you earlier i'll taking the two ic instances uh for this so wsu to is uh which provided provisioning as is one uh and the wsu identity server act as idt provider i'm calling this is true so uh the uh identity server which sharpen unit nine but i'm calling this identity provider as is 2 and this 9 triple 443 we i call this is one so now let's uh let's configure the service provider in is too so go into there and let's check if we have any uh service provider in here we have the service provider let me service providers [Music] so first let's create an a service provider let's try it and under the inbound authentication configuration and the open id kind of configurations you need to configure the service provider so now you need to add your callback url which is common command url of the is fine so i'm adding the command or url of the ios one and then edit uh and then you will receive the client id and the client secret of the sp now uh let's configure the is2 as an identity provider with uh check provisioning in one so for that you need to and you need to go back to the is one and create the identity provider identity provider and then under the uh federate authentication uh open id connect configurations you need to add the client id and client secret um which we just created in this b yes and secrets and then you need to add the authorized end point where we need to do the federated authentication there is authorization endpoints and also the token endpoint and you need to click here and then you need to configure the just-in-time function configurations so in uh here uh you need to pick the provision silence so in this demonstrations i'll be using provision silencer so you can try these those options as well so register this so um let me create it again because i already added it previously um okay so now we created the uh identity provided now you need to configure uh service provider for this you can add any of the application so any application as a service provider but uh to this demonstrations i'll be using a wc to sample application which is playground sample application so uh it is already configured in my local machine so you um and it is up and running now so under the now let's uh add the service provider so and uh let's check if there is any uh let's take this so let's add a let's add the service provider and then under the involved authentication configuration open id connect configuration you need to add the sample application callback url um it's uh to client and then edit it okay so now you need to add your identity provider uh in local onboard authentication configurations so under the federal you need to select the federated authentication and you need to select the identity provider this is what we created in is one so update it okay now all uh uh justin trump provisioning configurations are done so let's first check if there is any users uh in this uh is2 so uses and we have jack kento and let's see if those are the same in okay check and okay so i'm going to create a user here admin user and i'll create a alex user with the password okay and now we created the alex user so uh now let's uh this is the sample application so i'm as a client id i'm going to add the uh at the our sample application client id uh you can find under inbound authentication so this is the client id so you can copy this and is this okay so when you do the authorizations you will be directing to the um identity server which we do the federated authentication so let's uh try to log in with the alex user which we created just now so once the once you log into this with alex user user has to be provisioned by using aj provisional and the is one so log into the it's asking concerns okay so now uh we successfully uh federate authenticated through the is one now let's look at the user list here okay so now our alex user got provision using a jit provisioning in our is1 so these are some these are some basic configurations what i just now demonstrations and inbound outbound and just in time provisioning so there are plenty of configurations you can you can do do in here so and please try these options so you will get more clear pitch on this uh provisioning methods so that's about it on the hands-on session so if you have any questions uh regarding this so please uh feel free to add your questions in our youtube live chat so we wait for few seconds here so yeah uh let me check [Music] let's wait for few more minutes okay uh so uh there is no questions for the moment so we can uh wind up the session uh before that so guys please follow up please follow up uh our youtube channel uh and also uh subscribe the youtube channel and also uh follow us on uh follow us on twitter hope you guys see on the next sessions bye um bye see

Info

Channel: WSO2

Views: 645

Rating: undefined out of 5

Keywords: User Provisioning, identity and access management, wso2 identity server, Identity Federation, managing user identity, inbound provisioning, outbound provisioning

Id: tDu9kwBQMYo

Channel Id: undefined

Length: 24min 20sec (1460 seconds)

Published: Tue Oct 05 2021