In order to get started with automated user provisioning, ensure that your organization has properly configured OneCloud's SAML with your organization's identity provider. Once this is configured, and your company’s SAML token is available, configure your identity provider to send a POST request to the following
Required Attributes for Provisioning
Audience URI (SP Entity ID): https://app.onecloud.io/saml/metadata.xml
OneCloud enforces user uniqueness via the user’s email address, so the name ID of the SAML request must contain an email address. Make sure the request uses the following name ID formats:
Name ID Formats
Within the SAML response, make sure to have the following attributes in order to correctly identify the user:
The user's first name
The user's last name
Optional Attributes for Provisioning
If there is a need to synchronize the tenant ID, Workspaces, and User Groups to an external system, optional attributes can be provided in the SAML request. Using these attributes provides the power to create Workspaces and User Groups on-the-fly:
The username associated with this user in an external system. This attribute will be stored as metadata with the OneCloud user associated with the request to tie them to an external system.
An external ID that will be stored on your OneCloud company tenant. This can be used to associate a construct similar to how a OneCloud company tenant is structured from an external system.
The role of the newly provisioned user in OneCloud. The following options are available:
An identifier for the equivalent of a OneCloud Workspace in an external system. When specifying this value, a OneCloud Workspace will be created if it does not exist in the system. If a Workspace already exists with this external identifier, the user will simply be granted access to this Workspace, based on the role specified.
The name of the OneCloud Workspace to be created. If the Workspace already exists, the name will be overwritten.