Configure provisioning
About this task
To configure a connection for outbound provisioning to Lucidchart, follow the instructions in this section.
Outbound provisioning details are managed within an SP connection. You can configure outbound provisioning with or without Browser SSO, WS-Trust STS, or both when you create a new SP connection. You can also add outbound provisioning to an existing SP connection.
Steps
-
In the PingFederate administrator console, configure the data store that PingFederate will use as the source of user data. For instructions, see Datastores in the PingFederate documentation.
-
When targeting users and groups for provisioning, exclude the user account that you will use to administer users in your connection to Lucidchart. This prevents the PingFederate provisioning engine from interfering with the account that provisions users and groups.
-
-
Create a new SP connection or select an existing SP connection from the SP Configuration menu.
-
On the Connection Template screen, select Use a template for this connection and choose Lucidchart Connector from the Connection Template drop-down list. When asked during the connection configuration steps, import the
lucidchart-saml-metadata.xml
packaged with this connector.If this selection is not available, verify the connector installation and restart PingFederate.
-
On the Connection Type screen, ensure the Outbound Provisioning checkbox is selected, and the Browser SSO Profiles checkbox is cleared (if appropriate).
-
On the General Info screen, the default values are taken from the metadata file you selected in step 2. We recommend using the metadata default values.
-
Follow the connection wizard to configure the connection.
-
On the Outbound Provisioning screen, click Configure Provisioning.
-
On the Target screen, enter the values for each field as required by the Lucidchart Connector.
Table 1. Target screen options Field Name Description Base URL
The base URL for Lucidchart.
For more information on obtaining the base URL, see Obtain base URL and bearer token.
Bearer Token
The bearer token used by the connector to make authenticated API calls to Lucidchart. For more information on obtaining the bearer token, see Obtain base URL and bearer token.
Provisioning Options
User Create
True (default) – Users will be created in Lucidchart.
False – Users will not be created in Lucidchart.
The
provisioner.log
will display a warning within the create user workflow that the user was not created in Lucidchart.User Update
True (default) – Users will be updated in Lucidchart.
False – Users will not be updated in Lucidchart.
The
provisioner.log
will display a warning within the update user workflow that the user was not updated in Lucidchart.User Disable / Delete
True (default) – Users will be disabled or deleted in Lucidchart.
A disabled user can only be re-enabled if User Update is true.
False – Users will not be disabled or deleted in Lucidchart.
+
The provisioner.log
will display a warning within the user workflow that the user was not disabled or deleted in Lucidchart.Provision Disabled Users
This option is only relevant if you select User Create.
True (default) – If a disabled user in the user store is targeted for provisioning, it will be created in a disabled state in Lucidchart.
False – If a disabled user in the user store is targeted for provisioning, it will be not be created in Lucidchart.
The
provisioner.log
will display a warning within the create user workflow indicating that the user was not created in Lucidchart.Remove User Action
Select a deprovision method (Disable or Delete). Deprovisioning is triggered when previously provisioned users no longer meet the condition set in the Source Location screen, or when a user has been suspended or deleted from the data store. This option is only applicable if User Disable / Delete is set to True.
Disable (default) – Deactivates the user account in Lucidchart (also known as a soft delete).
Delete – Removes the user account in Lucidchart (also known as a hard delete).
-
Click Next to continue the provisioning configuration. For more information, see the following sections under Outbound provisioning for IdPs in the PingFederate documentation:
-
Credentials will be verified when the channel and SP connection is set to Active and provisioning is initiated.
If you are not ready to complete the provisioning configuration, you can click Save and return to the configuration page later. To return to the configuration page, select the connection from Identity Provider → SP Connections → Manage All.