Provisioning

Article Number:020260
Intended audience: cybozu.cn Administrators

Provisioning is a feature used to manage user information in cybozu.cn using the Identity Provider (IdP) such as Microsoft Entra ID and Okta.
When provisioning is enabled, user information in the IdP will be automatically propagated to cybozu.cn.

Items Propagated from IdP

When provisioning is enabled, the following items from IdP are propagated.

  • Login Name
  • Display Name
  • Surname
  • Given Name
  • E-mail Address
  • Available Services

Departments, Job Titles, and Groups (or Roles) will not be propagated.

Enabling Provisioning

  1. Click the gear-shaped menu button in the header.

  2. Click Users & System Administration.

  3. Click Provisioning. Screenshot: "Provisioning" is highlighted

  4. Click Create API Token. Screenshot: "Create API Token" is highlighted

  5. Select the validity period. Screenshot: Selecting the validity period in the "Create API Token" dialog

  6. Enter "Notes for API Token". Screenshot: Entering notes for this API token in the "Create API Token" dialog

  7. Click Create. Screenshot: "Create" is highlighted in the "Create API Token" dialog

  8. An API token is created.
    Screenshot: The created API token and the SCIM endpoint are displayed in the "Create API Token" dialog

  9. Register the API token and the SCIM Endpoint of cybozu.cn with the IdP.
    Click the button to copy the API token. Screenshot: Copying the created API token in the "Create API Token" dialog

  10. Close the dialog.

  11. Enable "Propagate Provisioning". Screenshot: "Propagate Provisioning" is enabled

Disabling Provisioning

If "Propagate Provisioning" is disabled, user information in the IdP will no longer be propagated to cybozu.cn.

Screenshot: "Propagate Provisioning" is disabled

Reissuing an API token

  1. Click Create API Token. Screenshot: "Create API Token" is highlighted

  2. Select the validity period. Screenshot: Selecting the validity period in the "Create API Token" dialog

  3. Enter "Notes for API Token". Screenshot: Entering notes for this API token in the "Create API Token" dialog

  4. Click Create. Screenshot: "Create" is highlighted in the "Create API Token" dialog

  5. An API token is created.
    Screenshot: The created API token and the SCIM endpoint are displayed in the "Create API Token" dialog

  6. Register the API token of cybozu.cn with the IdP.
    Click the button to copy the API token. Screenshot: Copying the created API token in the "Create API Token" dialog

  7. Close the dialog.

  8. Disable the old API token. Screenshot: Old API token is disabled

  9. Click Delete. Screenshot: "Delete" for old API token is highlighted

Limitations

  • If "Propagate Provisioning" is enabled, users cannot change their login names.
  • You cannot synchronize "User available services" from Microsoft Entra ID.
  • If you perform any of the following actions while "Propagate Provisioning" is enabled, you might encounter errors when propagating user information from IdP.
    • Delete users propagated from IdP in cybozu.cn.
    • Add users to cybozu.cn first, then add the users with the same user names (same login names) to IdP.
    • Change user names (login names) in Okta.