SSO User onboarding and offboarding
Author:
Fluent Commerce
Changed on:
5 Aug 2024
Overview
The document describes the best practice for onboarding and offboarding users.
Key points
- A common practice on how to manage SSO user for the following process:
- User Onboarding
- User Off-boarding
User onboarding
Fluent Web Apps users can be created via Fluent OMS and GraphQL creates user mutation. We recommend creating users via API to speed up the process if you need to add many users.
As part of bringing Fluent Commerce into your organization, we usually see two waves of user creation. First, an initial bulk load of users, such as administrators, warehouse and store staff are part of the first wave. Then subsequently, users in Fluent OMS are created ad-hoc as they join the team.
To ensure the bulk creation of users is efficient and repeatable across environments, we strongly recommend to create a script that calls the GraphQL create user mutation and reads the users and their roles from a configuration file.
Any subsequent user creation should be integrated into the broader process to onboard users within your organization.
Corporate IdP
If you use a Corporate IdP, please supply the password during user creation. However, this password won’t be used in the future. You can provide a ‘dummy’ password. Ensure the password adheres to your organization’s password policies and is stored in a secure location.
Fluent IdP
If you are using Fluent IdP, please supply the password during user creation. A user will be required to change the password on the first login.
User Off-boarding
Corporate IdP
If you are using Corporate IdP, disable users in your IdP. Users will lose access to Fluent Web Apps once the token is expired and can no longer login via your IdP.
Fluent IdP
If you are using Fluent IdP, log in to the SSO Vendor Environment and disable the user you would like to prevent from logging into Fluent Web Apps.