Articles in this section

Authentication and User Management FAQ

This article contains questions and answers covering the functionality of Authentication into and User Management within Templafy.

Can an email address be changed in Active Directory and updated in Templafy?
No. Email address is a unique identifier in Templafy. If the email address of an existing user is changed, a new user will be created. The old user must then be deleted manually from Templafy.
Does Templafy support soft-deletion in Active Directory?
No. If SCIM is enabled and a user is soft-deleted in Active Directory, the user will be hard deleted by Templafy.
Does enabling SCIM delete users that have been removed from Active Directory?
If a user has been removed from Active Directory before SCIM was enabled, the user has to be manually deleted in Templafy. However, if SCIM syncs to Templafy at least once before the user is removed from Active Directory, the user will be automatically deprovisioned in Templafy.
How can I provision and onboard users?

Users are provisioned and onboarded depending on the authentication method used and the setup of the User Profile. The diagram below shows the user interaction required for every scenario.

provisioningandonboarding.png

How can I deprovision and offboard users?
Deleting a user from Active Directory or revoking their access to the Templafy application will deprovision a user from Templafy. If SCIM is enabled, the user will be automatically deleted from Templafy on the next run (every 40 minutes). If SCIM is not enabled, the user must be deleted manually from the Templafy tenant.
Why does Templafy Desktop send MFA Prompts at Midnight?
This article contains information and solutions to Templafy Desktop MFA prompts being triggered at midnight.
What is the Difference Between OpenID Connect and SAML2 Authentication?
Attribute OpenID Connect SAML2
Custom Claims Only the standard set of claims are supported (mappings are pre-configured and cannot be edited) ✔ 15 additional claims may be configured
Group Claims Capped at 999 Capped at 149
Multi-Factor Authentication with Duo Security  
Permissions through app
  • Read directory data (Application level)
  • Sign in and read user profile (Delegation level)
N/A
If UPN and Email Address differ in Azure AD, what SSO methods can be utilized?
Only SAML2 should be used if UPN and Email Address differ in Azure AD. This is because claims can be reconfigured so that the unique identifier within Templafy can be changed to point to the Email Address instead of the UPN. UPN as the unique identifier is the default configuration for SAML2 and OpenID Connect, but it cannot be updated within OpenID Connect.
Can User Profiles be Automatically Updated with AD Claims?
authentication faq platform user management
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.