Customer Onboarding - User Provisioning Options

Options

Type Supports SSO Auto Provisioning Dynamic Groups Organisation Size

1. SCIM

(Azure or Okta)

✔️ ✔️ ✔️* 200+
2. Federated ✔️ less than 200**
3. Email

less than 200**

* Azure: P1,P2 or E5 Licence required. Okta: Lifecycle Management Licence required.

** Supports more but not recommended.


1. SCIM (AzureAD or Okta)

Why choose SCIM?

Pros

✅ Automation of the adding and removing of users.

✅ Automation of targeting of new users with content within your MyCompliance library.

✅ Allows for SSO for safer, more secure login for your users.

✅ Allows for enabling of MFA via your SSO Identity Provider.

✅ Allows for the provisioning of pre-existing groups within either AAD or Okta.

✅ Have the option of enabling the MyCompliance Teams App.

Cons

❌ Requires your organisation to have the relevant licensing within either AAD or Okta.

❌ Does not support the provisioning of nested groups.

🚩 SCIM Prerequisites 

Azure AD

  • An Azure AD tenant with Azure AD Premium 1 or Premium 2 (or EMS E3 or E5) licence.
  • Completed Discovery document that will be sent by MetaCompliance Support.
  • Have the relevant groups created within your Azure AD that you will provision to your MetaCompliance tenant. (These can be either Dynamic or Security Groups.)
  • An Azure Global Admin who is available to set up the SCIM provisioning and SSO applications.

Okta


2. Federated

Why choose Federated?

Pros

✅ Does not require your organisation to have a cloud AD solution within AAD or Okta.

✅ The option of enabling the Microsoft Teams App.

✅ The option of creating your own groups and subgroups.

Cons

❌ Manual process which will require manual updating when users are onboarded and offboarded within your organisation.

❌ Will require the manual creation of Groups and Sub-groups within your MyCompliance tenant.

🚩 Federated Prerequisites 

  • An Identity Provider that will facilitate SSO for your users.
  • Dedicated personnel who can configure SSO via your Identity Provider.
  • Completed spreadsheet of user information as per the MyCompliance Cloud site instructions. 
  • Dedicated personnel who will update user data as and when required via the MyCompliance Cloud site.

3. Email

Why choose Email?

Pros

✅ Does not require your organisation to have a cloud AD solution within AAD or Okta.

✅ The option of creating your own Groups and Subgroups.

Cons

❌ Manual process which will require manually updating when users are onboarded and offboarded within your organisation.

❌ Will require the manual creation of Groups and Subgroups within your MyCompliance tenant.

❌ Your users cannot use SSO to log in to their MyCompliance account. A separate password will have to be created upon registration.

🚩 Email Prerequisites 

  • Completed spreadsheet of user information as per the MyCompliance Cloud site instructions. 
  • Dedicated personnel who will update user data as and when required via the MyCompliance Cloud site.
  • Trigger 'registration email' to all users so that they can set up a password for their MyCompliance account.
Back to all articles