Identity Provider
The Axon Ivy Engine allows you to connect external Identity Providers (IDPs) to automatically create, maintain, and deactivate your workflow users. Axon Ivy Engine never removes or deletes users, it just deactivates them.
Axon Ivy Engine currently offers interfaces for three different IDPs:
If an IDP supports daily user synchronization (which all standard IDPs do), you can make the following settings for all of your IDPs:
1UserSynch:
2 # Shall we synchronize a user with the Identity Provider at login?
3 # If the user does not exist yet, he will be synchronized anyway. In case of slow Identity Provider
4 # connections, it can make sense to set this to false.
5 OnLogin: true
6
7 OnSchedule:
8 # Shall we run the daily Identity Provider user synchronization job?
9 # When the synchronization runs is defined by Cron.
10 Enabled: true
11
12 # Cron expression for the user synchronization.
13 # Format is minutes, hours, day of month, month, day of the week. e.g. "32 13 * * *" is everyday at 13:32
14 Cron: "0 0 * * *"
15
16 # Shall we import NEW users with the Identity Provider on schedule?
17 # This setting does not affect synchronization of existing users.
18 # If ImportUsers is set to:
19 # true: NEW users are imported on schedule.
20 # If a user has not yet been imported by the user synchronization job, she is also imported the first time she logs in.
21 # false: NEW users are not imported on schedule.
22 # Instead, a NEW user is only imported the first time she logs in.
23 ImportUsers: true