Provisioning
Provisioning is a feature used to manage user information in cybozu.cn using the Identity Provider (IdP) such as Microsoft Entra ID and Okta.
When provisioning is enabled, user information in the IdP will be automatically propagated to cybozu.cn.
Items Propagated from IdP
When provisioning is enabled, the following items from IdP are propagated.
- Login Name
- Display Name
- Surname
- Given Name
- E-mail Address
- Available Services
Departments, Job Titles, and Groups (or Roles) will not be propagated.
Enabling Provisioning
-
Click the gear-shaped menu button in the header.
-
Click Users & System Administration.
-
Click Provisioning.
-
Click Create API Token.
-
Select the validity period.
-
Enter "Notes for API Token".
-
Click Create.
-
An API token is created.
-
Register the API token and the SCIM Endpoint of cybozu.cn with the IdP.
Click the button to copy the API token. -
Close the dialog.
-
Enable "Propagate Provisioning".
Disabling Provisioning
If "Propagate Provisioning" is disabled, user information in the IdP will no longer be propagated to cybozu.cn.
Reissuing an API token
-
Click Create API Token.
-
Select the validity period.
-
Enter "Notes for API Token".
-
Click Create.
-
An API token is created.
-
Register the API token of cybozu.cn with the IdP.
Click the button to copy the API token. -
Close the dialog.
-
Disable the old API token.
-
Click Delete.
Limitations
- If "Propagate Provisioning" is enabled, users cannot change their login names.
- You cannot synchronize "User available services" from Microsoft Entra ID.
- If you perform any of the following actions while "Propagate Provisioning" is enabled, you might encounter errors when propagating user information from IdP.
- Delete users propagated from IdP in cybozu.cn.
- Add users to cybozu.cn first, then add the users with the same user names (same login names) to IdP.
- Change user names (login names) in Okta.