• Workcloud Communication Profile Manager Provisioning Guide
Provisioning Architecture
Provisioning Architecture

Provisioning Architecture

There are several methods of providing the user provisioning and attribute transformation functions. Shown in this diagram is the general system architecture.
Provisioning Architecture for Profile Manager and PTT Pro
1
Existing LDAP connection to ADFS. User database is read and evaluated by an LDAP query created in Profile Manager. The Import job is scheduled for automatic updates. This method provisions users into Profile Manager and PTT Pro server. Provides attribute transformation for role selection presentation.
2
Import flat file from cloud-based GCP bucket. The import is scheduled for automatic update. This method provisions users into Profile Manager and PTT Pro server. Provides attribute transformation for role selection presentation.
3
Import flat file from cloud-based SFTP service. The import is scheduled for automatic update. This method provisions users into Profile Manager and PTT Pro server. Provides attribute transformation for role selection presentation.
4
Manually enter each user into Profile Manager and PTT Pro Server. Is a one-at-time time activity initiated by the administrator and does not provide automated updates. Provides attribute transformation for role selection presentation.
5
Import dynamic-ad-hoc device by passing the token for a user who is authenticated to the IDP with the APP Launcher. The validated identity of the user is to the PFM Proxy service along with the information which is retrieved from the Access Token. The PFM Proxy Provides the server connection related information.
Reviewing the five provisioning methods:
  • Method 1 is the most common and is available to any customer supporting AD/ADFS’s LDAP services. Connection to an AD/ADFS environment provides user provisioning, attribute transformations, and user authentication. A PFM import job can be scheduled for regular user provisioning updates.
  • Methods 2 and 3 are new functions and use the same approach for user provisioning and attribute transformations. The same comma-separated value (csv) file construct is used for either the GCP or SFTP method. The file repository is either a customer hosted Google Bucket or an SFTP site. An import job can be scheduled for regular user provisioning updates.
  • Method 4 is a legacy approach to user provisioning. It is a manual, single event method. It is documented here for completeness.
  • Method 5 is a new function that allows ad-hoc provisioning for users who are not added by the User Import csv file. This capability is provided by a returned JWT Access Token from the IDP to an authenticated device user. After the user successfully signs-in through the App Launcher, UserID and SiteID are captured and combined with additional elements found in the received Access Token.  This combined information allows user successfully provisioning  into the system at the correct site and server.