User Provisioning in LeanKit
Our customer’s Account Administrators are responsible for creating, updating, deleting, and disabling all users for their LeanKit account. As the number of users in an account increases, Administrators may find themselves:
- Spending large amounts of time maintaining users
- Becoming a bottleneck to business units wishing to adopt Lean principles
- Wishing for a faster way to disable users who have left the company
User provisioning is a feature that allows our Premium edition customers to connect LeanKit to their existing identity management systems and change management processes. Whether by using our SCIM 1.1-compliant integration or the API, you can reduce the manual work and challenges associated with enterprise user management
How it Works
User provisioning is implemented by connecting LeanKit with an identity management system, such as Okta. This connection enables user data to flow from your identity management system into LeanKit. We offer two options for creating this connection:
- A configurable integration between your identity provider and LeanKit using the SCIM 1.1 (System for Cross-domain Identity Management) standard.
- A completely customized integration between your system and LeanKit by interacting directly with LeanKit’s user provisioning APIs.
1. Configurable SCIM 1.1 Integration
The SCIM-based integration option removes the need for Account Administrators to manage users manually in LeanKit. Instead, users are stored centrally in your identity system and assigned access to LeanKit by performing simple workflows, like adding or removing a user from a group.
Account Administrators without deep technical experience may be able to configure this type of integration on their own, but it is worth exploring both options with a technical team member to ensure your needs are met.
LeanKit’s user provisioning solution is compatible with these identity providers and others that support SCIM 1.1:
- Ping Identity
Example use case - If you have hundreds, or even thousands, of users, managing their access to LeanKit can be simple with a SCIM-based integration. Let’s assume your IT group has invested in the identity management system Okta, and all of your enterprise’s users are included in Okta’s user directory. Connecting Okta to LeanKit is simple process, and you can configure which fields flow between the two systems. Then, user management is easy. Here are some examples of how you can use the Okta-LeanKit integration, without ever leaving your Okta interface:
- Add users to LeanKit by selecting a subset of users from the Okta directory and adding them to the LeanKit group in Okta. New users will have instant access to LeanKit and receive a welcome email.
- Deactivate users in LeanKit by removing them from the LeanKit group in Okta.
- When employees leave your enterprise, they will be removed or disabled in the Okta directory, which will also instantly disabled them in LeanKit.
2. Customizable API Integration
You may opt to integrate directly with LeanKit’s user provisioning API when your identity provider does not support SCIM 1.1, or when you need maximum flexibility to overcome a specific challenge.
Because this option requires building and maintaining an integration from scratch, we recommend you pull in a technical team member with programming ability to fully assess this option.
The user provisioning API consists of building blocks that can be used to create a custom solution, which include the ability to:
- Add a user
- Get a user's information
- Search for users that match criteria
- Modify a user's information
- Deactivate a user
- Change a user's password
- Delete a user
Example use case - Let’s suppose you want to deactivate all users who have been inactive in LeanKit for more than 90 days to optimize license utilization. Using the API, you could write a software application to:
- Ask LeanKit for a list of users, filtering for users who have a Last Access date greater than 90 days ago.
- For each user returned ...
- Ask LeanKit to update the user’s Enabled field to ‘false,’ which will disable the user’s account in LeanKit.
Please note that once a user is disabled card assignments and notifications for that user are removed.
Use the Solution that Fits Your User Management Needs
Both user provisioning options are available within a Premium edition account and give Account Administrators a tool to solve user management issues that occur when adoption grows rapidly within an organization. User provisioning allows for seamless integration with your identity provider of choice and the flexibility to create custom solutions when necessary.
Please contact your LeanKit Account Representative or Customer Success Manager to get started with user provisioning.