The SAML automatic user account provisioning option automatically creates, updates, and
activates Identity Provider (IdP) user accounts and provisions them in the Control Room using SAML authentication.
Prerequisites
Ensure that a user with the Manage roles
permission has created the IdP group mappings for the IdP user groups to automatically
provision user accounts. See Create IdP group mapping.
Note: This feature requires the Enterprise Platform
license. Contact your Automation Anywhere account representative for more information
about this license.
The following is the workflow for SAML automatic user account provisioning:
An IdP user signs in to the Control Room.
The IdP user is redirected to their IdP SSO sign in page.
The IdP user authenticates on their IdP sign in screen.
A SAML assertion that includes the user details is sent from their IdP to
the Control Room.
The Control Room validates the SAML assertion with the IdP
group mapping configured in the Control Room and performs the
following actions:
If the user does not exist in the Control Room, the
user is created with the attributes included in the SAML assertion
and assigned the roles as configured in the IdP group mapping.
If the user already exists in the Control Room and is
active, the Control Room validates the SAML assertion
to identify any changes in the user information and roles and
updates the user information accordingly.
If the user already exists in the Control Room and is
inactive, the Control Room enables the user,
validates the SAML assertion to identify any changes in the user
information and roles, and updates the user information
accordingly.
Procedure
Log in to your Control Room.
Navigate to Administration > Roles.
On the Roles page, click the IdP group mapping
tab.
Select the Automatic user account provisioning disabled
option to enable automatic user account provisioning.
Users of the IdP groups that are mapped in the Control Room can now log in
to the Control Room using their IdP authentication.
