Identity Patterns with the WSO2 Identity Server
JIT provision users to cloud service providers
Problem:
JIT provision users to cloud service providers
Problem:
- The company foo has an account with the bar cloud service provider (it can be Google Apps, Salesforce, Workday).
- The company foo trusts employees from the company zee to login into the bar cloud service provider, under the foo account.
- For example, foo company wants the users from company zee to login into its Google Apps domain.
- Introduce bar as a service provider (bar-sp) to the WSO2 Identity Server running at foo.
- Introduce bar as a provisioning identity provider (bar-idp) to the WSO2 Identity Server, and configure the provisioning protocol as supported by bar. For example, if bar is Salesforce, then one can pick the Salesforce provisioning connector.
- Introduce the company zee as an identity provider to the WSO2 Identity Server running at foo, and enable JIT provisioning.
- Under the bar-sp service provider configuration, under local and outbound authentication configuration, select zee as a federated identity provider. This means, a user who wants to login bar-sp, will be redirected to the zee identity provider for authentication.
- Under the bar-sp service provider configuration, under outbound provisioning configuration, select bar-idp as a provisioning identity provider.
- Introduce the WSO2 Identity Server running at foo as a trusted identity provider to the zee cloud service provider. For example in Salesforce, add WSO2 Identity Server as a trusted identity provider.
- Products: WSO2 Identity Server 5.0.0+
