Skip to content

Set up outbound provisioning

To start provisioning users, you must first create a provisioning connection and configure an outbound connector, then enable it at the organization or application level.

Step 1: Create a provisioning connection

  1. On the Asgardeo Console, go to Connections and click New Connection.

  2. Click Create Connection and select Outbound Provisioning Connection.

    Create an outbound provisioning connection

  3. Select a provisioning connector (e.g., SCIM2).

    Select a provisioning connector

  4. Provide the required properties for the selected connector and click Finish.

    Note

    Learn about the required properties for each connector:

Step 2: Enable outbound provisioning

Once the connection is created, enable outbound provisioning at the required level. Organization-level provisioning acts as the default for all applications, while application-level provisioning applies only to a specific application and overrides the organization-level configuration for that application.

Organization-level outbound provisioning acts as the default provisioner for all applications. Users are automatically provisioned to the external system when:

  • a user is provisioned in Asgardeo over an API.
  • an administrator onboards a user from the Asgardeo Console.
  • a user self-signs up from a Asgardeo sign-in page.
  • a user is JIT (Just-In-Time) provisioned in Asgardeo.

To enable organization-level outbound provisioning in Asgardeo:

  1. On the Asgardeo Console, go to Login & Registration.

  2. Under Provisioning Settings, click Outbound Provisioning Configuration and click New Provisioner.

  3. Select the connection in which you have configured outbound provisioning as the Connection and the relevant outbound connector as the Provisioning Connector.

    Configure the org-wide outbound provisioner

  4. Enable any of the following.

    Option Description
    JIT Outbound Enables outbound provisioning for JIT provisioned users during authentication.

  5. Click Finish.

Try it out

  1. On the Asgardeo Console, do one of the following.

    Note

    Onboarding a user with any of the above methods automatically triggers outbound provisioning to the external system.

  2. Delete the user. The user will be removed from the external system.

Application-level outbound provisioning is specific to an individual application. If an application does not have its own outbound provisioner configured, it defaults to the organization-level configuration.

To configure an application in Asgardeo:

  1. On the Asgardeo Console, go to Applications.

  2. Select your application from the list and navigate to its Provisioning tab.

  3. Under Outbound Provisioning Configuration, click New Provisioner.

    Configure application-level outbound provisioning

  4. Select the connection in which you have configured outbound provisioning as the Connection and the relevant outbound connector as the Provisioning Connector.

  5. Optionally, enable any of the following options.

    Option Description
    JIT Outbound Enables outbound provisioning for JIT-provisioned users during authentication.

  6. Click Add.

Try it out

Application-level outbound provisioning is triggered when a user is provisioned through the application. This can happen in the following ways:

  • JIT provisioning: Configure JIT user provisioning for the application. When a user signs in through a federated identity provider, the user is JIT provisioned in Asgardeo, which triggers outbound provisioning to the external system.

  • User creation via API: Use a SCIM API with an access token obtained for the application to create a user. This triggers outbound provisioning to the external system.