The provisioning-configuration.json file

The provisioning-configuration.json file comprises sections that enable you to configure the users and groups that are allowed to access the i2 Analyze system, and how the system responds to new users and groups.

The file has three possible sections, and you must always include two of them. The sections are:

  • registryConfig

  • identityProviderConfig

  • settings

Registry configuration

If your deployment of i2 Analyze authenticates users through a registry, you can use custom provisioning to control which users and groups from the registry can access the system.

For details, see Custom provisioning with a user registry. If you're using an identity provider, you don't need to include the registryConfig object.

Identity provider configuration

If your deployment of i2 Analyze authenticates users through an identity provider, you can use custom provisioning to tell the system about the users and groups who will use the system before they log in.

If you don't use custom provisioning in these circumstances, the system provisions users based on the claims in the token that the identity provider sends to i2 Analyze.

For details, see Custom provisioning with an identity provider. If you're using a user registry, you don't need to include the identityProviderConfig object.

Settings

The settings object contains properties that define how changes in the user registry or identity provider are handled in i2 Analyze.

For example, if a user is added to the registry and the value of processAddedUsers is true, the user is provisioned for access when the system next reloads the registry, unless they don't pass the filters that you've defined. If the value is false, the user is not provisioned until you set it to true and update the system.

Note: If you're using an identity provider for authentication, most of these settings apply only when provisionUsing is set to FILE. For other values of provisionUsing, only the defaultValuesForAddedGroups setting has any effect.

processAddedUsers

A Boolean value that specifies whether to process new users that are added to the user registry or identity provider. The default value is true.

processAddedGroups

A Boolean value that specifies whether to process new groups that are added to the user registry or identity provider. The default value is true.

processChangedUsers

A Boolean value that specifies whether to process changed users in the user registry or identity provider. The default value is true.

processChangedGroups

A Boolean value that specifies whether to process changed groups in the user registry or identity provider. The default value is true.

processRemovedUsers

A Boolean value that specifies whether to process removed users from the user registry or identity provider. The default value is true.

processRemovedGroups

A Boolean value that specifies whether to process removed groups from the user registry or identity provider. The default value is true.

processEmptyGroups

A Boolean value that specifies whether to process empty groups in the user registry or identity provider. The default value is true.

defaultValuesForAddedGroups

An object that contains default settings for added groups. The object contains the following properties:

visibleToAllUsers

A Boolean value that specifies whether the group is visible to all users. The default value is false.

availableInSharing

A Boolean value that specifies whether the group is available in sharing. The default value is false.

reloadInterval

An object that contains settings that define how often the system reloads the user registry or identity provider to get the latest user and group information. The object contains the following properties:

value

An integer that specifies the reload interval. The default value is 30.

units

A string that specifies the units of the reload interval. The default value is MINUTES.

enabled

A Boolean value that specifies whether the reload interval is enabled. The default value is true.

Examples

Example provisioning-configuration.json file for an identity provider:

{
  "identityProviderConfig": {
    "provisionUsing": "CLAIMS",
    "displayNameClaim": "name"
  },
  "settings": {
    "defaultValuesForAddedGroups": {
      "visibleToAllUsers": false,
      "availableInSharing": false
    }
  }
}

Example provisioning-configuration.json file for a user registry:

{
  "registryConfig": {
    "userFilters": [
      "*,ou=cambridge,*",
      "*,ou=administrators"
    ],
    "groupFilters": [
      "*"
    ],
    "userDisplayNameMappings": [
      {
        "fromSecurityName": "Jenny",
        "toDisplayName": "Jenny Jones"
      },
      {
        "from": "(.+)\\.(.+)@example.com",
        "to": "$1 $2"
      }
    ],
    "groupDisplayNameMappings": []
  },
  "settings": {
    "processAddedUsers": true,
    "processAddedGroups": true,
    "processChangedUsers": true,
    "processChangedGroups": true,
    "processRemovedUsers": true,
    "processRemovedGroups": true,
    "processEmptyGroups": true,
    "defaultValuesForAddedGroups": {
      "visibleToAllUsers": false,
      "availableInSharing": false
    },
    "reloadInterval": {
      "value": 30,
      "units": "MINUTES",
      "enabled": true
    }
  }
}