Skip to content

Overview

Using the Access on Hire2Retire you can provision and deprovision users on Auth0. Read the official documentation of Auth0 here.

Auth0 Application on Hire2Retire

Figure 1. Auth0 Application on Hire2Retire

Define Provisioning Criteria

Provisioning Type

Provision Employee by Role

You can assign a Role to any user based on their AD attributes. You can define complex conditions using AND and OR logic. You can also use the Group memberships in AD to define Roles. The Roles are used to assign roles in Auth0. For Example, in Figure 2, the rules are defined on the basis of Department (Equals). If the rules are passed then only user(s) will get provisioned. If no rule passes and the user(s) is present in Auth0 then deprovisioning is performed for the user(s).

Auth0 ScimManager Table1

Figure 2. Provision users with following rule definitions

Map the rules defined in the first table with the Role(s) provided by Auth0.

  • Roles in Auth0 are a way to group together users who have similar responsibilities. Roles can be assigned to user(s) to control their access on Auth0. It offers a simple, manageable approach to access management that is less prone to error than assigning permissions to users individually.

You can also select the default roles in Auth0. For if and only if 'HR Manager' Role is passed and it is not mapped in the second table then the selected default Role(s) in Auth0 will be assigned to the user(s).

Auth0 ScimManager Table2

Figure 3. Role to License Mapping

You can enable the "Do not deprovision app access upon Change of Profile or Role" checkbox to prevent users from being deprovisioned on Auth0 due to a role mismatch.

Auth0 ScimManager checkbox

Figure 4. Do not deprovision users upon change of profile or role

Process All Employees

All user(s) will be provisioned on Auth0 with selected Auth0 role.

Auth0 Process All Employees

Figure 5. Process All Employees

Provision User

You can decide to either provision or deprovision user(s) using Access.

  • Provisioning - You can provision one or more user(s) to Auth0 according to the requirement. User(s) can be created, updated, or reactivated in provisioning operation.

  • Deprovisioning - You can deprovision one or more user(s) according to the requirement. User accounts will be deactivated on Auth0 upon deprovisioning.

Auth0 Form Operations

Figure 6. Configure lifecycle operations for Auth0

Map Attributes on Auth0

You can select the attributes provided by Auth0 that you want to populate. You can map values from AD/Entra ID/Hybrid to populate these attributes. You can also use Hire2Retire's powerful data transformation capabilities using Excel Style functions.

Auth0 Form Attributes

Figure 7. Select Auth0 attributes