User provisioning

The process of provisioning users for i2 Analyze involves ensuring that users are members of the correct groups, and that the correct users can access the system. By default, when users are authenticated, they are provisioned from the information that the authentication mechanism holds.

If you're using a registry such as Microsoft Active Directory, then the user's identity, their name, and their group membership all come from that registry. If you're using an identity provider, then the information arrives in the token that the identity provider sends to i2 Analyze.

There are a few reasons why you might not want the default provisioning behavior in your system. For example, when you're using a registry, you might want to restrict the users who can access i2 Analyze to a subset of the users in the registry. When you're using an identity provider, there are advantages to telling i2 Analyze about the users and groups who will use the system before they log in.

To perform custom provisioning, you have to edit the supplied configuration file according to your needs, and then tell i2 Analyze to use it.