Provisioning users to other systems

User provisioning is the integration flow specifically designed to ensure you have the same set of users in all your systems and is usually part of the Identity Management landscape. The basic idea is that there is one master system at the core that act as the source of truth for your user data and other business systems syncronizes their users with the master system.

The HR masterdata system is specifically suited for this purpose because it this is where your employee data first starts to exist. HR is usually the first to know about this data, immediately after recruitment, and will continue to keep this data up to date throughout the lifecycle of the employment.

 Starting user provisioning this early and integrating the HR system into your Identity Management (IDM) landscape (often represented by Azure AD/Entra ID or similar) leads to two user provisioning scenarios where one need to happen before the other.

HR Driven Provisioning

With HR Driven provisioning, the user data starts to exist in the HR masterdata system first, but the IDM need to be in control of usernames and often email address. This is resolved by HR masterdata system making the data available for integration to transfers it to IDM where username and email is added and then updated back to HR masterdata system.

General user provisioning

The general user provisioning with any other system needs to happen after the HR driven provisioning simply because it requires the username attribute to be non-empty and unique. Before this data exists in the HR masterdata system, provisioning users to other systems cannot happen.

Apart from this requirement the provisioning scenario is not much different from HR driven provisioning other than that the data only flows one way: From CatalystOne towards consuming systems.

CatalystOne support general user provisioning through a SCIM compliant API supporting clients to request user data.