> Clumio user guide > Administer

Auto user provisioning

Auto user provisioning allows you to map and automatically assign your Clumio users' roles and OUs based on their association with IdP Groups. Configure provisioning rules to enable automatic assignment of OUs and roles to users that are members of those IdP groups.

When you enable Auto User Provisioning, all existing permissions are overwritten and users will be evaluated based on their group membership within the IdP and against the rules configured for the said groups within Clumio. Once enabled, you cannot manually assign roles and OUs to users.

The feature can only be enabled by a Super Admin user in Clumio. Before you can enable this feature, you must first create a rule to assign a Super Admin role to the global OU. Only super admins can manage auto assignment rules. You must not delete the Super Admin rule, otherwise you will lose all access to the portal.

Each time a user logs into the Clumio portal, their role and OU assignment is evaluated to determine their permissions and level of access. It can take up to five minutes for role and OU changes to take effect in Clumio when any changes are made to IdP group memberships.

Create a user provisioning rule

  1. From the Clumio navigation pane, go to Administration > Access management > Auto User Provisioning.

  2. Click Get Started.

  3. Enter a unique name for the rule.

  4. Create a condition for the rule. Enter a group name and then select one of the conditions from the list.

    If you select conditions with ANY or ALL, click the plus sign ( + ) to add more groups.

  5. Select a role and organizational unit to assign to the group based on the conditions you selected.

    You can only select one role, but you can select more than one OU to assign to a group.

  6. Click Create.

The rule functions as follows: If the rule name rule for group name meets the condition, then assign the following role and the following OU(s). Groups that fulfill the conditions will be assigned a role and OUs per that rule.

If a user is a member of several groups with different rules, then that user is assigned the role with the lowest permission and access to all assigned OUs. If a user is a member of a group that does not have a role assigned, then that user is denied access to the Clumio portal.

To update or delete a rule, click the relevant icons in the Action column of the rules table.

×

Loading...