Auto Provisioning in Viewpoint

Viewpoint

Auto Provisioning in Viewpoint

 Automatic profile creation in Viewpoint is known as Auto provisioning .

How to know if the Teradata viewpoint system is set up to create a user profile automatically?

Tags (1)
4 REPLIES
Teradata Employee

Re: Auto Provisioning in Viewpoint

You want to look at the LDAP Servers portlet in the Admin area.  The "Turn on auto-provisioning" option in the Advanced section controls whether or not an LDAP user can log into Viewpoint and automatically have a Viewpoint user created.  The list of roles under that checkbox will be the Viewpoint roles to which that user will be automatically assigned upon first login.

Re: Auto Provisioning in Viewpoint

Thanks Stever!

Re: Auto Provisioning in Viewpoint

Our site uses Active Directory (AD), and we have configured and tested Viewpoint for ldap auto-provisioning. Am I correct in understanding that, with auto-provisioning enabled, any user on AD will be auto-provisioned if they log onto Viewpoint, regardless of whether they have a need to or not?

On my initial reading of the Viewpoint Config guide, I thought we could avoid auto-provisioning of users having no business with Teradata/Viewpoint by implementing Role Mapping and adding only authorised users to a "Viewpoint-User-Access" AD group.

On re-visiting, this appears to not be the case. 

Teradata Employee

Re: Auto Provisioning in Viewpoint

You are mostly correct in understanding that with auto provisioning enabled, any user on AD will be auto-provisioned if the log into Viewpoint.  The one caveat is that the user must match the DN Pattern Bind or User Search that is configured in the Viewpoint LDAP Servers admin portlet.  That would be one way to limit the users that can log into Viewpoint.  I do realize that depending upon the structure of your AD this potentially provides little or no value, assuming that many or all of your AD users are in the same location in AD.

The better answer to this question is to use the "Automatically assign these roles" option in the auto provisioning section.  The only role that Viewpoint will automatically assign to an auto provisioned user is the "User" role.  By default Viewpoint ships with this role having absolutely no access to any features.  Being a member of this role only gives you the ability to log in.  So only configure the "User" role to be assigned to your auto provisioned users.

Then as you suggest, you would want to map your "Viewpoint-User-Access" AD group to some Viewpoint role that provides whatever permissions you would want to grant by default to a basic Viewpoint user.

Note that we do have a feature request opened to provide the ability to limit the scope of users that are auto-provisioned.  However, this feature is not yet targeted for any particular release of Viewpoint.

Hope that helps!