User Provisioning and Enrollment Automation

User Directory Synchronization  

Traditionally, MFA has been little automated: hardware tokens contained a battery so they had to be ordered in small volumes. Allocating tokens and pairing them with user accounts, managing broken and lost tokens, resetting passwords etc. were manual tasks requiring significant staff in medium and large organizations. Moving from hardware tokens to software ones has not much changed the management of MFA in organizations. Along with costs and a poor user experience, the lack of automation has been a major reason for the slow adoption of MFA. It has to change, since MFA is now in huge demand.

User Provisioning and User Enrollment

As for any other application, provisioning a user for MFA means creating a profile for that user in the MFA validation service. However, this is not the only action required, since the user’s “what I own factor” needs to be paired with that profile. That user will be able to authenticate only when this second step – the enrollment – has been completed.

To automate user provisioning, inWebo provides:

  • A provisioning API: you would typically use it to automate user provisioning if you have a third-party identity management product or if you’re building the application needing MFA (this is the case for ISVs and Service Providers).
  • A synchronization tool (IWDS): if your users “live” in Active Directory, AAD, or other directories, you can use IWDS to provision user accounts in your inWebo tenant, without any integration. IWDS is available as an option of your inWebo account.

To automate user enrollment, inWebo provides a built-in customizable workflow. It is available from the administration webconsole of your inWebo account. For instance, you can use it to customize an email template that will be sent to any newly provisioned user and specify that this email should contain a link to activate specifically a browser (respectively an app, or both) as a trusted authentication device. inWebo provides similar workflows to automate all other MFA-related management tasks (they are there to use but, if you prefer, you can still build your own with our API).

inWebo Directory Sync (IWDS)

IWDS is a user synchronization tool. It synchronizes identities between your user directory(ies) and your inWebo tenant. There are a few things to configure, such as sources (i.e., directories), connections (how to access the sources), groups, rules (what to do with new users, deleted users, duplicates etc.). IWDS doesn’t write to your directories, it only reads. You can find a complete documentation for it on inWebo developer website.

How to automate your inWebo MFA account

The IWDS option can be requested by checking a box when you create an evaluation account (here), or when you upgrade a basic plan to a premium one (there). IWDS, as well as the other topics presented in this tutorial (automation workflows, inWebo API) are documented on inWebo developer website. You can also ask our solutions experts.

Try it now       Request a demo       See other tutorials