Provisioning
Provisioning is a feature used to manage user information in Kintone using the Identity Provider (IdP) such as Azure Active Directory and Okta.
With provisioning enabled, user information in the IdP will be automatically propagated to Kintone.
Items Propagated from IdP
When provisioning is enabled, the following items from IdP are propagated.
- Login Name
- Display Name
- Surname
- Given Name
- E-mail Address
- Available Services
Departments, Job Titles, and Groups (or Roles) will not be propagated.
Enabling Provisioning
-
Click
in the header.
-
Click Users & System Administration.
Accessing Kintone Users & System Administration -
Click Provisioning.
-
Click Create API Token.
-
Select the validity period.
-
Enter notes for this API token.
-
Click Create.
-
An API token is created.
-
Register the API token and the SCIM Endpoint of Kintone with the IdP.
Click the button to copy the API token. -
Close the dialog.
-
Enable "Propagate Provisioning".
Disabling Provisioning
If "Propagate Provisioning" is disabled, user information in the IdP will no longer be propagated to Kintone.
Reissuing an API token
-
Click Create API Token.
-
Select the validity period.
-
Enter notes for this API token.
-
Click Create.
-
An API token is created.
-
Register the API token of Kintone with the IdP.
Click the button to copy the API token. -
Close the dialog.
-
Disable the old API token.
-
Click Delete.
Limitations
- If "Propagate Provisioning" is enabled, users cannot change their login names.
- You cannot synchronize "User available services" from Azure Active Directory.
- If you perform any of the following actions while "Propagate Provisioning" is enabled, you might encounter errors when propagating user information from IdP.
- Delete users propagated from IdP in Kintone.
- Add users to Kintone first, then add the users with the same user names (same login names) to IdP.
- Change user names (login names) in Okta.