Overview
Bizagi has to identify which users have access to the Work Portal. Therefore, the web application authenticates users first. Authentication is the process to validate the identification of a user, and there are different methods to generate the identity of a user in a system, like user names. All users' identities must be registered in Bizagi regardless of the authentication type you use.
Organizations usually store the information of users in Active Directories, and you have to synchronize those users from your Active Directories, with the repository of users in Bizagi., that is, all users have to be registered in Bizagi. To do that, Bizagi exposes different methods to synchronize users, and this article explains them.
Users in Bizagi
Every single user accessing the Work Portal has to be registered in the Bizagi project environment. The information of users is stored in a system entity called WFUSER. Having users stored in Bizagi is needed because it associates information of cases, tasks, or accesses to users, for auditing and assignment purposes.
Consequently, you have to define a way to synchronize users between your Active Directory and Bizagi.
To do that Bizagi offers different ways to registers users in the WFUSER:
•Register users manually in the Work Portal.
•Synchronize users using REST services through the SCIM standard (push).
•Synchronize users using the Bizagi SOA layer (push).
•Invoke an external web service to store users in Bizagi (pull).
•Import users using LDAP (pull).
•Import users using an Excel file.
Depending on your infrastructure and security standards, you might choose any of the methods mentioned.
How to choose the synchronization method
The following table describes the availability of functions or requirements when synchronizing users, so you can easily choose the best option:
SCIM |
LDAP |
SOA LAYER |
Excel File (Using a Process) |
||
|---|---|---|---|---|---|
Mappings |
Support properties with multiple values. |
- |
- |
✔ |
✔ |
Support properties related to other entities. |
- |
✔ |
✔ |
✔ |
|
Support custom User Properties |
✔ |
✔ |
✔ |
✔ |
|
Support sync of the user's boss |
- |
✔ |
✔ |
✔ |
|
Administration |
Trigger the synchronization manually |
✔ |
- Depends on the Scheduler |
✔ |
✔ |
Edit the configuration in each environment with no deployment needed |
✔ |
✔ |
✔ |
- |
|
Infrastructure |
Can be configured using an out-of-the-box user interface |
✔ If using Entra ID or IdP supporting SCIM |
✔ |
-
|
- |
It is cloud-ready, and does not need VPN |
✔ |
- |
✔ |
✔ |
|
Ready to use with no additional infrastructure on the customer side needed |
✔ If using Entra ID or IdP supporting SCIM |
✔ |
- Need to host a system that invokes Bizagi's SOA Layer |
✔ |
|
Execution mode |
Triggered automatically when new user is registered or edited |
✔ |
- Depends on the Scheduler |
✔ |
- You need to upload the Excel file manually |
Others |
No additional cost of BPUs |
✔ |
✔ |
✔ |
- |
Last Updated 9/11/2024 10:24:54 AM