Difference between revisions of "Select the Best Method to Create Users"

Latest revision as of 23:10, 10 April 2019

Introduction

This How To looks at the different options and methods for adding Users to Hornbill. Depending on your environment and requirements, there are a number of different approaches for adding users to your Hornbill Instance which can be anything from the manual creation of a single user to the automated provisioning of users from a scheduled import.

Quick Check

I just need to create one user

I need to do a one-time import from CSV

I want to schedule an import of users from Microsoft Active Directory

I want to schedule an import of users from an external data source

I want accounts to be automatically created when users login using SAML authentication

Create an Individual User Account

When either a single user or a small handful of accounts that are needed, manually adding these can be the most practical option when you are dealing with a small number.

Often used to create the first few accounts that will be used when initially setting up a Hornbill instance
Use to add an individual user that is not automatically added as part of a scheduled import
Manually adding accounts does not include any configuration options for automatic updates to the account
Done using the Administration Portal. No additional configuration required

How To:Create an Individual User Account

Create Multiple User Accounts using CSV Upload

When a large number of user accounts need to be created, a CSV file can be a quick and simple way to achieve this. A CSV template is provided which includes some of the standard fields that are required to create a new user account.

A user account is created when the upload is initiated via Hornbill Administration
The account is created using the contents of the CSV template selected
The CSV upload is designed only for the creation of new accounts. It is not capable of updating existing user accounts
This particular CSV import cannot be scheduled

How To:Create Multiple User Accounts using CSV Upload

Hornbill User Import Utilities

Application User and Basic User accounts can be created based on the content of another data source such as your Directory Service or an MSSQL database using one of Hornbill's Open integration Utilities. A user import utility is the preferred choice for an implementation involving Service Manager. All Hornbill user import utilities can be scheduled to create new, and update existing, end user accounts.

These can be scheduled using Windows Scheduler
Options to allow for both create and update of users
Installed within your environment and securely connects to your Hornbill instance
Ability to maintain a greater range of user account properties
Ability to make associations between user accounts and site records and also department (group) membership based on the contents that exist in your directory services
A user account is created at the time the chosen utility is scheduled to run

The available User Import tools include:

LDAP User Import

This utility provides a simple, safe and secure way to create new Hornbill User Accounts and update existing ones by synchronizing with accounts held in your Active Directory or other industry standard LDAP capable directory service.

SQL User Import

This utility provides a simple, safe and secure way to create user accounts on the Hornbill platform by synchronizing with accounts held in your Database.

Azure User Import

The utility provides a simple, safe and secure way to create user accounts on the Hornbill platform by synchronizing with accounts held in your Azure AD

Auto Provisioning via SSO

In a Collaboration only environment this is a very effective approach. The creation of user accounts can be automated as part of the Single Sign-on (SSO) configuration meaning no physical import is required if SAML is available. Your users are self-provisioned automatically when they first navigate to your Hornbill instance.

No Import of users required. Accounts are created as they login
Site associations are limited to a single site specified in the Auto-Provisioning template.
Only a single user template can be used in conjunction with a Hornbill Security profile (Single sign on configuration).
Updates to existing user accounts are supported
The account is created based on the contents of your directory services transported through the attributes specified in the outgoing claim of your Identity Provider. The directory attribute-to-Hornbill mappings are stored in the Hornbill SSO Profile.

Information regarding the configuration of Hornbill for use with Single Sign On can be found here: Single Sign On with SAML 2.0

@@ Line 60: / Line 60: @@
 :* Options to allow for both create and update of users
 :* Installed within your environment and securely connects to your Hornbill instance
+:* Ability to maintain a greater range of user account properties
+:* Ability to make associations between user accounts and site records and also department (group) membership based on the contents that exist in your directory services
+:* A user account is created at the time the chosen utility is scheduled to run
 <br>
-The available User Import tools include
+The available User Import tools include:
 :* '''[[LDAP User Import]]'''
 :: This utility provides a simple, safe and secure way to create new Hornbill User Accounts and update existing ones by synchronizing with accounts held in your Active Directory or other industry standard LDAP capable directory service.
@@ Line 68: / Line 71: @@
 :* '''[[Azure User Import]]'''
 :: The utility provides a simple, safe and secure way to create user accounts on the Hornbill platform by synchronizing with accounts held in your Azure AD
-<br><br>
+<br>
 ==Auto Provisioning via SSO==
 In a Collaboration only environment this is a very effective approach. The creation of user accounts can be automated as part of the Single Sign-on (SSO) configuration meaning no physical import is required if SAML is available. Your users are self-provisioned automatically when they first navigate to your Hornbill instance.
-:# Create User Template
-:# Configure Single Sign-on
-:# Define Auto Provisioning settings
+:* No Import of users required.  Accounts are created as they login
+:* Site associations are limited to a single site specified in the Auto-Provisioning template.
+:* Only a single user template can be used in conjunction with a Hornbill Security profile (Single sign on configuration).
+:* Updates to existing user accounts are supported
+:* The account is created based on the contents of your directory services transported through the attributes specified in the outgoing claim of your Identity Provider. The directory attribute-to-Hornbill mappings are stored in the Hornbill SSO Profile.
+<br>
 Information regarding the configuration of Hornbill for use with Single Sign On can be found here: [[Single Sign On with SAML 2.0|'''Single Sign On with SAML 2.0''']]
-<br><br>
-:* Does not maintain Site association
-==What Method of User Account Creation Should I use?==
-Hornbill offers a range of mechanisms that can be used to create user accounts. The one that is right for you will typically depend on the size of your organisation and staff turnover. Below you will find some frequently asked questions in relation to the import mechanisms that were outlined above.
-<br><br>
-====When is an account created?====
-'''CSV Upload:''' A user account is created when the upload is initiated via Hornbill Administration.
-'''Auto-Provisioning:''' A user account is created when a user navigates to live.hornbill.com/[your_instance_name]/ or service.hornbill.com/[your_instance_name]/ for the first time.
-'''Import Utility:''' A user account is created at the time the chosen utility is scheduled to run. All the Hornbill utilities are scheduled using windows task scheduler. The time the utility is scheduled is dependent on your organisations requirements (i.e. when you need user accounts to be available in Hornbill).
-<br>
-<br>
-====What Information is used when creating the account?====
-'''CSV Upload:''' The account is created using the contents of the CSV template selected.
-'''Auto-Provisioning:''' The account is created based on the contents of your directory services transported through the attributes specified in the outgoing claim of your Identity Provider. The directory attribute-to-Hornbill mappings are stored in the Hornbill SSO Profile.
-'''Import Utility:''' The account is created based on the contents of your directory services transported via the import utility. The directory attribute to Hornbill mappings are stored in the conf.json file.
-<br>
-<br>
-====Do all methods update existing Hornbill user accounts when user information changes?====
-'''CSV Upload:''' No. The CSV upload is designed only for the creation of new accounts. It is not capable of updating existing user accounts.
-'''Auto-Provisioning:''' Yes. Updates to existing user accounts are supported via auto-provisioning.
-'''Import Utility:''' Yes. Updates to existing user accounts are supported by all the user import utilities.
-<br>
-<br>
-====Is there a difference in the user account information that can be maintained by each method?====
-Auto-provisioning does not maintain department (Group) associations and the site associations are limited to a single site specified in the Auto-Provisioning template. Only a single user template can be used in conjunction with a Hornbill Security profile (Single sign on configuration).
-The import utilities have the ability to maintain a greater range of user account properties. They also have the ability to make associations between user accounts and site records and also department (group) membership based on the contents that exist in your directory services.
 <br>
 [[Category: How To]]