User Provisioning Capabilities
User Provisioning in AgilePlace
Our customer’s Account Administrators are responsible for creating, updating, deleting, and disabling all users for their Planview AgilePlace account. As the number of users in an account increases, Administrators may find themselves:
- Spending large amounts of time maintaining users
- Becoming a bottleneck to business units wishing to adopt Lean principles
- Wishing for a faster way to disable users who have left the company
User provisioning is a feature that allows customers in certain edition accounts to connect Planview AgilePlace to their existing identity management systems and change management processes. Whether by using our SCIM 1.1-compliant integration or the API, you can reduce the manual work and challenges associated with enterprise user management
How it Works
User provisioning is implemented by connecting AgilePlace with an identity management system, such as Okta. This connection enables user data to flow from your identity management system into AgilePlace. We offer two options for creating this connection:
- A configurable integration between your identity provider and AgilePlace using the SCIM 1.1 (System for Cross-domain Identity Management) standard.
- A completely customized integration between your system and AgilePlace by interacting directly with AgilePlace’s user provisioning APIs.
Configurable SCIM 1.1 Integration
The SCIM-based integration option removes the need for Account Administrators to manage users manually in AgilePlace. Instead, users are stored centrally in your identity system and assigned access to AgilePlace by performing simple workflows, like adding or removing a user from a group.
Account Administrators without deep technical experience may be able to configure this type of integration on their own, but it is worth exploring both options with a technical team member to ensure your needs are met.
AgilePlace’s user provisioning solution is compatible with these identity providers and others that support SCIM 1.1:
- Okta
- OneLogin
- Ping Identity
Example use case - If you have hundreds, or even thousands, of users, managing their access to AgilePlace can be simple with a SCIM-based integration. Let’s assume your IT group has invested in the identity management system Okta, and all of your enterprise’s users are included in Okta’s user directory. Connecting Okta to AgilePlace is simple process, and you can configure which fields flow between the two systems. Then, user management is easy. Here are some examples of how you can use the Okta- AgilePlace integration, without ever leaving your Okta interface:
- Add users to AgilePlace by selecting a subset of users from the Okta directory and adding them to the AgilePlace group in Okta. New users will have instant access to AgilePlace.
- Deactivate users in AgilePlace by removing them from the AgilePlace group in Okta.
- When employees leave your enterprise, they will be removed or disabled in the Okta directory, which will also instantly disabled them in AgilePlace.
Customizable API Integration
You may opt to integrate directly with AgilePlace’s user provisioning API when your identity provider does not support SCIM 1.1, or when you need maximum flexibility to overcome a specific challenge.
Because this option requires building and maintaining an integration from scratch, we recommend you pull in a technical team member with programming ability to fully assess this option.
The user provisioning API consists of building blocks that can be used to create a custom solution, which include the ability to:
- Add a user
- Get a user's information
- Search for users that match criteria
- Modify a user's information
- Deactivate a user
- Change a user's password
- Delete a user
Example use case - Let’s suppose you want to deactivate all users who have been inactive in AgilePlace for more than 90 days to optimize license utilization. Using the API, you could write a software application to:
- Ask AgilePlace for a list of users, filtering for users who have a Last Access date greater than 90 days ago.
- For each user returned ...
- Ask AgilePlace to update the user’s Enabled field to ‘false,’ which will disable the user’s account in AgilePlace.
NOTE
Please note that once a user is disabled card assignments and notifications for that user are removed.
Use the Solution that Fits Your User Management Needs
Both user provisioning options give Account Administrators a tool to solve user management issues that occur when adoption grows rapidly within an organization. User provisioning allows for seamless integration with your identity provider of choice and the flexibility to create custom solutions when necessary.
Please contact your AgilePlace Account Representative or Customer Success Manager to get started with user provisioning.