Hi,
I am configuring SAML to authenticate users to login into Appian and whenever there is a new user SAML will create that user in Appian.
But my requirement is that there is a table which contains all the groups to which that new user should be assigned like roles and responsibilities for that new user.
Whenever that new user is created by SAML i need to trigger a process model to synch all the groups with the user.
My question is there any way to trigger a process when SAML creates a new user?
Thanks
Discussion posts and replies are publicly visible
Harika
I am not sure if you could really achieve a process model trigger on new user creation.
But, it also seems like you aren't using much of Appian's groups. If you can use role and responsibility assignment via groups, and not manage it through a DB table, you could map the user at tge time of creation to the right groups.
Was there a specific reason why you choose to implement role management through DB and not groups ?
Hi Harika,
You can create form to capture new user data and then you can trigger respective process model to add the users to groups
You'd be better off implementing an LDAP sync process that regularly (say nightly) creates/updates/deactivates user accounts between the repository that holds and authenticates your user community and Appian. By synchronising in this manner you can assure that User accounts already exist when someone SSOs into Appian and they already have the role(s) that you want them to have.
Please find the below link for more information.community.appian.com/.../ldap-synchronization
We are already using LDAP sync in on-premise and now we are migrating to cloud which is a new version and doesn't support LDAP. So, we are going with SAML now.
SAML supports group sync. Did you check this?
There is the SCIM standard which you could also look at.
Yeah, It's supports group sync but the team who adds users to SAML Idp and the Team who give roles and responsibilities are different and more over we were already doing the group sync from database when we were using LDAP itself. So, Customer don't want to change that.
And the databases are on-premise and that is shared across multiple platforms.