Skip to content

Overview

Using the Provisioning on Hire2Retire you can provision and deprovision users on BeyondTrust. Read the official documentation of BeyondTrust here.

BeyondTrust Application on Hire2Retire

Figure 1. BeyondTrust Application on Hire2Retire

Define Role Definition

Provisioning Type

DefineRole(s)

You can assign a Role to any user based on their AD attributes. You can define complex conditions using AND and OR logic. You can also use thee Group memberships in AD to define Roles. The Roles are used to assign roles in BeyondTrust. For Example: In Figure 2, the rules are defined on the basis of Department (Equals). If the rules are passed then only user(s) will get provisioned. If no rule passes and the user(s) is present in BeyondTrust then deprovisioning is performed for the user(s).

BeyondTrust ScimManager Table1

Figure 2. Provision users with following rule definitions

You can enable the "Do not deprovision upon change of role" checkbox to prevent users from being deprovisioned on BeyondTrust due to a role mismatch.

BeyondTrust ScimManager checkbox

Figure 3. Do not deprovision users upon change of role

Map the rules defined in first table with the Role(s) provided by BeyondTrust.

  • Roles in BeyondTrust are a way to group together users who have similar responsibilities. They are typically used to define the permissions and responsibilities of a specific role in an organization, rather than the permissions and settings of a specific group of users.

BeyondTrust ScimManager Table2

Figure 3. Role to License Mapping

You can also select default roles in BeyondTrust. For if and only if 'SALES' Role is passed and it is not mapped in the second table then the selected default Role(s) in BeyondTrust will be assigned to the user(s).

BeyondTrust ScimManager Default Roles

Figure 4. Default Role(s) to add to rest roles

Process All Employees

All user(s) will be provisioned on BeyondTrust.

BeyondTrust Process All Employees

Figure 5. Process All Employees

Provision User

You can decide to either provision or deprovision user(s) using Access.

  • Provisioning - You can provision one or more user(s) to the Asgardeo according to the requirement. User(s) can be created, updated or reactivated in provisioning operation.

  • Deprovisioning - You can deprovision one or more user(s) according to the requirement. User accounts will be deactivated on Asgardeo upon deprovisioning.

BeyondTrust Form Operations

Figure 6. Configure lifecycle operations for BeyondTrust

Map attributes on BeyondTrust

You can select the attributes provided by BeyondTrust that you want to populate. You can map values from AD/Entra ID/Hybrid to populate these attributes. You can also use Hire2Retire's powerful data transformation capabilities using Excel Style functions.

BeyondTrust Form Attributes

Figure 7. Select BeyondTrust attributes