This article contains questions and answers covering the functionality of Authentication into and User Management within Templafy.
Can an email address be changed in Active Directory and updated in Templafy?
No. Email address is a unique identifier in Templafy. If the email address of an existing user is changed, a new user will be created. The old user must then be deleted manually from Templafy.
Does Templafy support soft-deletion in Active Directory?
No. If SCIM is enabled and a user is soft-deleted in Active Directory, the user will be hard deleted by Templafy.
Does enabling SCIM delete users that have been removed from Active Directory?
If a user has been removed from Active Directory before SCIM was enabled, the user has to be manually deleted in Templafy. However, if SCIM syncs to Templafy at least once before the user is removed from Active Directory, the user will be automatically deprovisioned in Templafy.
How can I provision and onboard users?
Users are provisioned and onboarded depending on the authentication method used and the setup of the User Profile. The diagram below shows the user interaction required for every scenario.
How can I deprovision and offboard users?
Deleting a user from Active Directory or revoking their access to the Templafy application will deprovision a user from Templafy. If SCIM is enabled, the user will be automatically deleted from Templafy on the next run (every 40 minutes). If SCIM is not enabled, the user must be deleted manually from the Templafy tenant.
Why does Templafy Desktop send MFA Prompts at Midnight?
This article contains information and solutions to Templafy Desktop MFA prompts being triggered at midnight.
What is the Difference Between OpenID Connect and SAML2 Authentication?
Attribute | OpenID Connect | SAML2 |
---|---|---|
Custom Claims | Only the standard set of claims are supported (mappings are pre-configured and cannot be edited) | ✔ 15 additional claims may be configured |
Group Claims | Capped at 999 | Capped at 149 |
Multi-Factor Authentication with Duo Security | ✔ | |
Permissions through app |
|
N/A |
If UPN and Email Address differ in Azure AD, what SSO methods can be utilized?
Only SAML2 should be used if UPN and Email Address differ in Azure AD. This is because claims can be reconfigured so that the unique identifier within Templafy can be changed to point to the Email Address instead of the UPN. UPN as the unique identifier is the default configuration for SAML2 and OpenID Connect, but it cannot be updated within OpenID Connect.
Can User Profiles be Automatically Updated with AD Claims?
Comments
Article is closed for comments.