Back to all articles

Customer Onboarding - User Provisioning Options

Options

Type Supports SSO Auto Provisioning Dynamic Groups Organisation Size

1. SCIM

(Azure or Okta)

✔️ ✔️ ✔️* 200+
2. Federated ✔️ less than 200**
3. Email

less than 200**

* Azure: P1,P2 or E5 Licence required. Okta: Lifecycle Management Licence required.

** Supports more but not recommended.

 


1. SCIM (AzureAD or Okta)

Why choose SCIM?

Pros

✅ Automation of the adding and removing of users.

✅ Automation of targeting of new users with content within your MyCompliance library.

✅ Allows for SSO for safer, more secure login for your users.

✅ Allows for enabling of MFA via your SSO Identity Provider.

✅ Allows for the provisioning of pre-existing groups within either AAD or Okta.

✅ Have the option of enabling the MyCompliance Teams App.

 

Cons

❌ Requires your organisation to have the relevant licensing within either AAD or Okta.

❌ Does not support the provisioning of nested groups.

 

 

🚩 SCIM Prerequisites 

Azure AD

  • An Azure AD tenant with Azure AD Premium 1 or Premium 2 (or EMS E3 or E5) licence.
  • Completed Discovery Document that will be sent by MetaCompliance Support.
  • Have the relevant groups created within your Azure AD that you will provision to your MetaCompliance tenant. These can be either Dynamic or Security Groups.
  • An Azure Global Admin who is available to set up the SCIM provisioning and SSO applications

Okta

  • An Okta tenant with a Lifecycle Management licence.
  • Complete Discovery Document that will be sent by MetaCompliance Support.
  • Have the relevant groups created within your Okta environment that you will provision to your MetaCompliance tenant.
  • A dedicated resource who can configure the provisioning app and enable SSO within Okta.

Click here to view the AAD SCIM configuration instructions

Click here to view the Okta SCIM Configuration instructions


2. Federated

Why choose Federated?

Pros

✅ Does not require your organisation to have a cloud AD solution within AAD or Okta.

✅ The option of enabling the Microsoft Teams App.

✅ The option of creating your own groups and subgroups.

Cons

❌ Manual process which will require manual updating when users are onboarded and offboarded within your organisation.

❌ Will require the manual creation of Groups and Sub-groups within your MyCompliance tenant.

 

🚩 Federated Prerequisites 

  • An Identity Provider that will facilitate SSO for your users.
  • Dedicated personnel who can configure SSO via your Identity Provider.
  • Completed spreadsheet of user information as per the MyCompliance Cloud site instructions. 
  • Dedicated personnel who will update user data as and when required via the MyCompliance Cloud site.

3. Email

Why choose Email?

Pros

✅ Does not require your organisation to have a cloud AD solution within AAD or Okta.

✅ The option of creating your own Groups and Subgroups.

 

Cons

❌ Manual process which will require manually updating when users are onboarded and offboarded within your organisation.

❌ Will require the manual creation of Groups and Subgroups within your MyCompliance tenant.

❌ Your users cannot use SSO to log in to their MyCompliance account. A separate password will have to be created upon registration.

 

🚩 Email Prerequisites 

  • Completed spreadsheet of user information as per the MyCompliance Cloud site instructions. 
  • Dedicated personnel who will update user data as and when required via the MyCompliance Cloud site.
  • Trigger 'registration email' to all users so that they can set up a password for their MyCompliance account.