Target
Customers who meet the following conditions are eligible:
- Using HENNGE One Pro or HENNGE One IdP Pro plan.
- Using HENNGE Access Control and Cybozu for SSO integration.
Purpose
Configure user provisioning for HENNGE Access Control and Cybozu.
By performing this setup, you can synchronize user information from HENNGE Access Control to Cybozu.
Notes
- This article is based on product specifications as of July 2024 and is subject to change without notice.
- Actual screen verification and setting changes require administrator privileges in HENNGE Access Control.
- For Cybozu's limitations, please refer to the following page:
cybozu.com Help Provisioning Limitations (External Link) - Implementing single sign-on integration with Cybozu is not mandatory, but if not done, passwords for users created through the user provisioning feature will need to be set separately in Cybozu.
- Users in Cybozu are created without licenses (no selected services).
- Users manually added to Cybozu while [Provisioning Reflection] is enabled will not be subject to provisioning.
To include manually created users in provisioning, disable and re-enable provisioning settings in Cybozu. - It is not possible to activate inactive users in Cybozu through provisioning.
To activate users, manually enable them in Cybozu. - If the value of the attribute mapped to Cybozu's Login Name is changed in HENNGE Access Control, a new user will be created in Cybozu during user synchronization.
The handling of users before the value update will follow the settings for [Handling of Users Deleted in HENNGE Access Control].
For more details, refer to Step 6.
Detailed Explanation / Steps
Preparation
- If Cybozu's single sign-on settings are not configured in HENNGE Access Control's [Connected Services], please set it up in advance.
Add Connected Services - Users who have been granted access to the target service provider will be subject to provisioning.
Adjust access permissions as needed.
Edit User Information
Edit Access Policy Groups - Issue an API token in Cybozu's provisioning settings in advance.
cybozu.com Help Enable Provisioning (External Link) - For the initial synchronization, regardless of the presence of user differences between HENNGE Access Control and Cybozu, the information on the HENNGE Access Control side will overwrite. No difference detection will be performed.
Default Attribute Mapping
If you do not configure attribute mapping, please refer to the table below for the items to be synchronized.
Except for the Login Name, attributes cannot be changed through attribute mapping.
Cybozu |
HENNGE Access Control |
Description |
|
login name | username | user name |
Based on the value set in this field, users are uniquely identified. |
Email Address | |||
Family name | family_name | Family name |
Cannot change attribute mapping. |
Given name | given_name | Given name |
Cannot change attribute mapping. |
Display Name | display_name | Display Name |
Cannot change attribute mapping. |
Email Address |
Cannot change attribute mapping. |
Procedure
1. Open the Provisioning Settings screen
Open the HENNGE Access Control Administration screen, and select [System] - [Provisioning Settings] from the left menu.
2. Open the Settings screen
Click the [Settings] button under [Synchronization from HENNGE Access Control].
If you already have existing services, click the [Add Service] button.
3. Select the Service
On the [Step 1: Select the service to synchronize users] screen, select [Cybozu].
4. Configure HENNGE One Authentication
If you already have HENNGE One authentication settings, proceed to step 5.
On the [Step 2: Confirm the account] screen, click [Generate authentication key].
On the [Authentication settings] screen, click [Add new authentication] for HENNGE One.
Copy the [Client ID] and [Client secret], and enter them in the [HENNGE One Authentication] screen.
Click the [Verify] button.
5. Configure Cybozu Authentication
On the [Authentication settings] screen, click [Add new authentication] under SCIM.
If a connection already exists, click on [Add New Connection].
Enter the [SCIM Endpoint] and [API Token] issued in advance by Cybozu, and click the [Verify] button.
※ For more details, please refer to Preparation Items.
Once again, the [Verify Settings] screen will appear. Click on SCIM to display the list, then click on the pencil icon next to the created connection.
Change the connection name to any name that is easy to manage for each service, then click [Save].
After configuring the verification, click [Next].
6. Configuration of Synchronization Targets
In the [Synchronization Service Provider] field, select Cybozu from the list of service providers registered in HENNGE One in advance.
Select [Handling of Users Deleted in HENNGE Access Control].
The available options are as follows:
・Delete: Delete the target user from Cybozu.
・Disable: Disable the target user in Cybozu. The user will not be deleted.
・Keep as is: Keep the target user in Cybozu as is.
7. Mapping of Synchronization Keys
In the [Mapping of Synchronization Keys] screen, specify the HENNGE Access Control attribute that synchronizes with Cybozu's [Login Name].
Select one attribute to map from either [Standard Attributes] or [Custom User Attributes].
Attributes other than the login name will have default attribute mappings applied.
Default Attribute Mappings
8. Configuration of Users Excluded from Synchronization
Select the users you want to exclude from synchronization.
If there are users you want to exclude from synchronization, please check the box next to Exclude from Synchronization.
If you want to synchronize all users, click [Complete] without selecting anything.
Once the configuration is complete, "Cybozu" will be displayed on the [Provisioning Settings] screen.
Reference
・Executing and Verifying User Provisioning
・Confirming/Deleting User Provisioning Settings