Difference between revisions of "Select the Best Method to Create Users"

Latest revision as of 23:10, 10 April 2019

Introduction

This How To looks at the different options and methods for adding Users to Hornbill. Depending on your environment and requirements, there are a number of different approaches for adding users to your Hornbill Instance which can be anything from the manual creation of a single user to the automated provisioning of users from a scheduled import.

Quick Check

I just need to create one user

I need to do a one-time import from CSV

I want to schedule an import of users from Microsoft Active Directory

I want to schedule an import of users from an external data source

I want accounts to be automatically created when users login using SAML authentication

Create an Individual User Account

When either a single user or a small handful of accounts that are needed, manually adding these can be the most practical option when you are dealing with a small number.

Often used to create the first few accounts that will be used when initially setting up a Hornbill instance
Use to add an individual user that is not automatically added as part of a scheduled import
Manually adding accounts does not include any configuration options for automatic updates to the account
Done using the Administration Portal. No additional configuration required

How To:Create an Individual User Account

Create Multiple User Accounts using CSV Upload

When a large number of user accounts need to be created, a CSV file can be a quick and simple way to achieve this. A CSV template is provided which includes some of the standard fields that are required to create a new user account.

A user account is created when the upload is initiated via Hornbill Administration
The account is created using the contents of the CSV template selected
The CSV upload is designed only for the creation of new accounts. It is not capable of updating existing user accounts
This particular CSV import cannot be scheduled

How To:Create Multiple User Accounts using CSV Upload

Hornbill User Import Utilities

Application User and Basic User accounts can be created based on the content of another data source such as your Directory Service or an MSSQL database using one of Hornbill's Open integration Utilities. A user import utility is the preferred choice for an implementation involving Service Manager. All Hornbill user import utilities can be scheduled to create new, and update existing, end user accounts.

These can be scheduled using Windows Scheduler
Options to allow for both create and update of users
Installed within your environment and securely connects to your Hornbill instance
Ability to maintain a greater range of user account properties
Ability to make associations between user accounts and site records and also department (group) membership based on the contents that exist in your directory services
A user account is created at the time the chosen utility is scheduled to run

The available User Import tools include:

LDAP User Import

This utility provides a simple, safe and secure way to create new Hornbill User Accounts and update existing ones by synchronizing with accounts held in your Active Directory or other industry standard LDAP capable directory service.

SQL User Import

This utility provides a simple, safe and secure way to create user accounts on the Hornbill platform by synchronizing with accounts held in your Database.

Azure User Import

The utility provides a simple, safe and secure way to create user accounts on the Hornbill platform by synchronizing with accounts held in your Azure AD

Auto Provisioning via SSO

In a Collaboration only environment this is a very effective approach. The creation of user accounts can be automated as part of the Single Sign-on (SSO) configuration meaning no physical import is required if SAML is available. Your users are self-provisioned automatically when they first navigate to your Hornbill instance.

No Import of users required. Accounts are created as they login
Site associations are limited to a single site specified in the Auto-Provisioning template.
Only a single user template can be used in conjunction with a Hornbill Security profile (Single sign on configuration).
Updates to existing user accounts are supported
The account is created based on the contents of your directory services transported through the attributes specified in the outgoing claim of your Identity Provider. The directory attribute-to-Hornbill mappings are stored in the Hornbill SSO Profile.

Information regarding the configuration of Hornbill for use with Single Sign On can be found here: Single Sign On with SAML 2.0

@@ Line 1: / Line 1: @@
-{{DISPLAYTITLE:''How To'': Select the Best Method to Create Users}}
+{{DISPLAYTITLE:'''''How To''''': Select the Best Method to Create Users}}
 <div style="border:1px solid #90C0FF; background:#D0E0FF; width:99%; padding:4px; margin-bottom:10px;">
 __NOTOC__
 {| style="width:100%"
-|[[Main_Page|Home]] > [[Administration]] > System
+|
 |style="text-align:right;"|[[:Category:How To|Index]]
 |}
@@ Line 24: / Line 24: @@
 == Quick Check ==
-:[[File:checkbox.png|8px|baseline|link=#Creating an Individual User Account]] I just need to create one user
+:[[File:checkbox.png|8px|baseline|link=#Create an Individual User Account]] I just need to create one user
-:[[File:checkbox.png|8px|baseline|link=#Creating Multiple User Accounts via CSV Upload]] I need to do a one-time import from CSV
+:[[File:checkbox.png|8px|baseline|link=#Create Multiple User Accounts using CSV Upload]] I need to do a one-time import from CSV
 :[[File:checkbox.png|8px|baseline|link=#Hornbill User Import Utilities]] I want to schedule an import of users from Microsoft Active Directory
 :[[File:checkbox.png|8px|baseline|link=#Hornbill User Import Utilities]] I want to schedule an import of users from an external data source
@@ Line 31: / Line 31: @@
 <br>
-== Creating an Individual User Account ==
+== Create an Individual User Account ==
 When either a single user or a small handful of accounts that are needed, manually adding these can be the most practical option when you are dealing with a small number.
@@ Line 39: / Line 39: @@
 :* Done using the Administration Portal. No additional configuration required
 <br>
-::''How To'':[[Create an Individual User Account]]
+::'''''How To''''':[[Create an Individual User Account]]
 <br>
-==Creating Multiple User Accounts via CSV Upload==
+==Create Multiple User Accounts using CSV Upload==
-When a large number of user accounts need to be created, a CSV file can be a quick and simple way to achieve this.  A CSV template is provided which includes some of the standard fields that are required to create a new user account.
+When a large number of user accounts need to be created, a CSV file can be a quick and simple way to achieve this. A CSV template is provided which includes some of the standard fields that are required to create a new user account.
-<ol>
-<li>From the User list menu, select ''Upload Users'' action from the Account Management Actions drop down menu.</li>
-<li>Click on the ''Download Template File'' button</li>
-<li>Populate the CSV Template File with the users that you wish to upload</li>
-<li>Click on the ''Select CSV File to Upload'' button</li>
-<li>View and check upload results</li>
-</ol>
-The CSV template consists of the following fields:
+:* A user account is created when the upload is initiated via Hornbill Administration
-:* '''userId''' - The User Id should ideally be made up of alphanumeric characters although full stops (.) and underscores (_) are permissible. The User Id plays a key role in the database relationships so once it is created, it is not possible to amend. This is a mandatory field.
+:* The account is created using the contents of the CSV template selected
-:* '''name''' - This field will form the "Handle" for the User. This is what will be visible when posting to a Workspace or Request Timeline eg: "'''Harry Hornbill''' posted on Workspace '''Hornbill Collaboration Discussion'''". In this example, Harry Hornbill would be the Handle. This field can be amended at any time. This is a mandatory field so a value must be provided for the upload.
+:* The CSV upload is designed only for the creation of new accounts. It is not capable of updating existing user accounts
-:* '''password'''
+:* This particular CSV import cannot be scheduled
-:: The password which the User will use to log on to the Hornbill Platform. This is a mandatory field.
-:* '''firstName'''
-:: The first name of the User. This is a mandatory field.
-:* '''lastName'''
-:: The last name of the User. This is a mandatory field.
-:* '''jobTitle'''
-:: The Users Job Title. This field is optional, and can be left blank.
-:* '''phone'''
-:: The Users telephone number. This field is optional, and can be left blank.
-:* '''email'''
-:: The email address of the User.This is a mandatory field.
-:* '''mobile'''
-:: The mobile number of the User. This field is optional, and can be left blank.
-:* '''role'''
-:: The Hornbill roles that this User requires to perform their day to day duties within Hornbill should be specified here. All those who will access the Platform require the "Collaboration Role" as a minimum. In addition, if they are a Support Desk Analyst, then they may also require the "Incident Management User" role. When specifying multiple roles in this field they should be separated by a colon (''':'''). e.g. to associate the two roles mentioned here, the contents of the role field will look like:  '''Collaboration Role:Incident Management User'''. The following wiki page will help provide background to the various [[Roles|'''Platform and Application Roles''']] available.
-:* '''userType'''
-:: The User Type is used to specify whether the User will be an Application User (full platform access based on the Subscriptions) or a Basic User (access is restricted to the Hornbill Service Portal). This field should contain either "'''user'''" or "'''basic'''" which is case-sensitive. If nothing is specified in this field, the User account created will default to that of an Application User.
-:* '''site'''
-:: While a "Site" column doesn't appear in the downloaded template, the CSV mechanism is aware of this concept. An additional column can be added after "userType" (titled "site") and where a valid site ID is specified the CSV upload mechanism will make the site association successfully to the user. Of course, a list of sites must exist in your instance in order for you to identify and use the appropriate ID which can be found in the URL when viewing a site record. See [[sites|'''Sites''']] for more information on importing a list of sites.
 <br>
-[[File:User Upload Template.PNG|1000px|center|Example of a prepared CSV Template]]
+:: '''''How To''''':[[Create Multiple User Accounts using CSV Upload]]
 <br>
-If you plan on using a third party automation tool to generate the CSV, the case of the field headings is important. The CSV upload function is expecting the field headings in the following order and format:
-'''userId, name, password, firstName, lastName, jobTitle, phone, email, mobile, role, userType'''. If the headings are in any other form, out of sequence, or missing, the Upload will be unsuccessful.
-<br>
-<br>
-The result of a successful upload is shown below:
-[[File:User Upload Success.PNG|1000px|center|Example of a prepared CSV Template]]
-<br>
-==Auto Provisioning via SSO==
-In a Collaboration only environment this is a very effective approach. The creation of user accounts can be automated as part of the Single Sign-on (SSO) configuration meaning no physical import is required if SAML is available. Your users are self-provisioned automatically when they first navigate to your Hornbill instance.
-:# Create User Template
-:# Configure Single Sign-on
-:# Define Auto Provisioning settings
-Information regarding the configuration of Hornbill for use with Single Sign On can be found here: [[Single Sign On with SAML 2.0|'''Single Sign On with SAML 2.0''']]
 ==Hornbill User Import Utilities==
@@ Line 99: / Line 57: @@
 Application User and Basic User accounts can be created based on the content of another data source such as your Directory Service or an MSSQL database using one of [[Hornbill_Open_Integration_Tools|'''Hornbill's Open integration Utilities''']]. A user import utility is the preferred choice for an implementation involving Service Manager. All Hornbill user import utilities can be scheduled to create new, and update existing, end user accounts.
-==What Method of User Account Creation Should I use?==
+:* These can be scheduled using Windows Scheduler
-Hornbill offers a range of mechanisms that can be used to create user accounts. The one that is right for you will typically depend on the size of your organisation and staff turnover. Below you will find some frequently asked questions in relation to the import mechanisms that were outlined above.
+:* Options to allow for both create and update of users
-<br>
+:* Installed within your environment and securely connects to your Hornbill instance
-====When is an account created?====
+:* Ability to maintain a greater range of user account properties
-'''CSV Upload:''' A user account is created when the upload is initiated via Hornbill Administration.
+:* Ability to make associations between user accounts and site records and also department (group) membership based on the contents that exist in your directory services
+:* A user account is created at the time the chosen utility is scheduled to run
-'''Auto-Provisioning:''' A user account is created when a user navigates to live.hornbill.com/[your_instance_name]/ or service.hornbill.com/[your_instance_name]/ for the first time.
-'''Import Utility:''' A user account is created at the time the chosen utility is scheduled to run. All the Hornbill utilities are scheduled using windows task scheduler. The time the utility is scheduled is dependent on your organisations requirements (i.e. when you need user accounts to be available in Hornbill).
 <br>
+The available User Import tools include:
+:* '''[[LDAP User Import]]'''
+:: This utility provides a simple, safe and secure way to create new Hornbill User Accounts and update existing ones by synchronizing with accounts held in your Active Directory or other industry standard LDAP capable directory service.
+:* '''[[SQL User Import]]'''
+:: This utility provides a simple, safe and secure way to create user accounts on the Hornbill platform by synchronizing with accounts held in your Database.
+:* '''[[Azure User Import]]'''
+:: The utility provides a simple, safe and secure way to create user accounts on the Hornbill platform by synchronizing with accounts held in your Azure AD
 <br>
-====What Information is used when creating the account?====
-'''CSV Upload:''' The account is created using the contents of the CSV template selected.
-'''Auto-Provisioning:''' The account is created based on the contents of your directory services transported through the attributes specified in the outgoing claim of your Identity Provider. The directory attribute-to-Hornbill mappings are stored in the Hornbill SSO Profile.
+==Auto Provisioning via SSO==
+In a Collaboration only environment this is a very effective approach. The creation of user accounts can be automated as part of the Single Sign-on (SSO) configuration meaning no physical import is required if SAML is available. Your users are self-provisioned automatically when they first navigate to your Hornbill instance.
-'''Import Utility:''' The account is created based on the contents of your directory services transported via the import utility. The directory attribute to Hornbill mappings are stored in the conf.json file.
+:* No Import of users required.  Accounts are created as they login
+:* Site associations are limited to a single site specified in the Auto-Provisioning template.
+:* Only a single user template can be used in conjunction with a Hornbill Security profile (Single sign on configuration).
+:* Updates to existing user accounts are supported
+:* The account is created based on the contents of your directory services transported through the attributes specified in the outgoing claim of your Identity Provider. The directory attribute-to-Hornbill mappings are stored in the Hornbill SSO Profile.
 <br>
-<br>
+Information regarding the configuration of Hornbill for use with Single Sign On can be found here: [[Single Sign On with SAML 2.0|'''Single Sign On with SAML 2.0''']]
-====Do all methods update existing Hornbill user accounts when user information changes?====
-'''CSV Upload:''' No. The CSV upload is designed only for the creation of new accounts. It is not capable of updating existing user accounts.
-'''Auto-Provisioning:''' Yes. Updates to existing user accounts are supported via auto-provisioning.
-'''Import Utility:''' Yes. Updates to existing user accounts are supported by all the user import utilities.
-<br>
-<br>
-====Is there a difference in the user account information that can be maintained by each method?====
-Auto-provisioning does not maintain department (Group) associations and the site associations are limited to a single site specified in the Auto-Provisioning template. Only a single user template can be used in conjunction with a Hornbill Security profile (Single sign on configuration).
-The import utilities have the ability to maintain a greater range of user account properties. They also have the ability to make associations between user accounts and site records and also department (group) membership based on the contents that exist in your directory services.
 <br>
 [[Category: How To]]