Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Automations


What is Rule based provisioning?

Rule-based provisioning, or rule-based automation, enables administrators to set up specific rules that automatically manage the assignment of users to various groups and roles. This is particularly useful in scenarios where user attributes and actions need to trigger specific provisioning workflows.

Here’s a breakdown of how rule-based provisioning works:

  1. Rule Definition: Administrators define rules based on user attributes and events. These rules specify the conditions under which certain actions should be taken. For example, a rule might specify that any user with the department attribute set to "Sales" should be added to the "Sales Team" group.
  2. Trigger Configuration: Triggers can be set up to initiate the provisioning process.Triggers, for now, include the creation of a new user account, updates to an existing user’s attributes. For example, a rule might be triggered whenever a new user is created or whenever a user’s department attribute is updated.
  3. Provisioning Actions: Once the rule trigger conditions are met, the specified provisioning actions are automatically executed. These actions involve assigning the user to specific groups or roles. For example, if a user's department changes to "Engineering," they might be automatically added to the "Engineering" role and given access to resources in line with the role they are assigned.
  4. Automation and Efficiency: Rule-based provisioning automates the user management process, reducing the need for manual intervention. This ensures that users are quickly and consistently provided with the appropriate access and resources based on their role or other attributes. It also helps maintain compliance with organizational policies by ensuring that access rights are granted or revoked in accordance with predefined rules.

Example Scenario:

Consider a company that wants to automate the provisioning of user accounts based on departmental changes:

  • Rule: If a user’s department is set to "Finance," add them to the "Finance Team" group and assign them the "Finance Analyst" role.
  • Trigger: The rule is triggered whenever a user’s department attribute is updated.
  • Action: Once the department attribute is updated to "Finance," the user is automatically added to the "Finance Team" group and granted the "Finance Analyst" role.

Benefits of Rule-Based Provisioning:

  • Consistency: Ensures that users are always assigned the correct roles and access rights based on predefined rules, eliminating inconsistencies that can arise from manual processes.
  • Efficiency: Reduces the administrative burden of manually managing user access, allowing IT teams to focus on more strategic tasks.
  • Scalability: Easily scales with the organization as rules can be applied uniformly across all users, making it easier to manage large numbers of users and complex organizational structures.
  • Compliance: Helps maintain compliance with internal policies and external regulations by ensuring that access rights are automatically managed according to predefined criteria.

Provisioning & Deprovisioning Scenarios


miniOrange provides Provisioning solutions for all scenarios of user management (provisioning), which includes AD Integration, LDAP Integration and automated provisioning for all External Applications such as Asana, Google Workspace, Workday, etc


Configure Rule-Based Automation

  • Head over to the menu on the left side and go to Workflow > Automations. The Automation Rules page will open up.
  • Rule-Based Automation/Provisioning : Navigate to Workflow, click on Automations

  • To add a new rule click on the Add Rule button. A dialog box will appear. Enter the name of the rule and click save.
  • Rule-Based Automation/Provisioning : click add rule

    Rule-Based Automation/Provisioning : enter name of rule and click save

  • After saving the rule, the page will redirect to the Edit Rule page. Here you can add the Rule Triggers and Rule Actions for the newly created rule.
  • Click on Add Trigger button to add trigger.
  • Rule-Based Automation/Provisioning : Click Add Trigger

    • Triggers can be "Create User" or "Update User", which implies that the respective actions will be performed, when the rule trigger is satisfied during either user creation or user updation.
    • Rule-Based Automation/Provisioning : Select Trigger from dropdown

    • On clicking on Trigger Query Input, a list of Default and Custom profile attributes (if any created) will be displayed.
    • The required attributes can be selected and a value can be passed for these attributes. If the attribute values for the user or users match the trigger query attribute values, the rule action will execute automatically.
    • Rule-Based Automation/Provisioning : Clicking on Trigger Query input, showing a default list and custom profile attribute

    • Here, for instance, we have taken Department = Engineering and ProjectAssigned = P01 as the trigger query.
    • Click Save after creating the desired query.
  • Click on Add Action button to add action(s).
  • Rule-Based Automation/Provisioning : Click Add Action

    • In Group Assignment or Group Deassignment, multiple groups can be added in the same action.
    • In Role Assignment or De-assignment, only one role should be mentioned, as a user can be assigned to just one role at a time.
    • Rule-Based Automation/Provisioning : In Actions, select group assignment and role assignment from dropdown

    • Here, for instance, we have made 2 rule actions, one will assign the user(s) to group P01 and the second will assign user(s) to engineering role.
    • Rule-Based Automation/Provisioning : In Actions, select group assignment and role assignment

  • After the rule trigger and action are configured, the created rule has to be activated, for it to be triggered during user creation or updation. This can be done in the following ways:
  • Rule-Based Automation/Provisioning : enable the toggle to activate the created rule

    Rule-Based Automation/Provisioning : Click on Activate

Test the rule

  • If the rule trigger is for create user, then test by creating and user and checking if it is assigned to mentioned groups and roles.
  • If the rule trigger is for update user, then test by updating an existing user and checking if it is assigned and/or unassigned from mentioned groups and roles.
  • Head over to the Users >> User List section from the left menu and click on Add User button.
  • Rule-Based Automation/Provisioning : Go to Users and click User list

  • If a user is created with Department=Engineering and ProjectAssigned=P01, it will be assigned to mentioned group and roles.
  • Rule-Based Automation/Provisioning : after created a user assigned to mentioned group and roles

  • Go to Users > User role and check if the user is assigned to Engineering role like follows :
  • Rule-Based Automation/Provisioning : Go to users and user role

  • Go to Groups > Manage Groups and check if the user is assigned to group named P01 like follows:
  • Rule-Based Automation/Provisioning : Go to groups and manage groups