You can provision users from your user directory server, in addition to manually adding users in SafeNet Trusted Access (STA).

SafeNet Synchronization Agent

SafeNet Synchronization Agent enables you to synchronize users from your Lightweight Directory Access Protocol (LDAP) or Structured Query Language (SQL) directory server. The agent monitors user groups for membership changes, and automatically updates user properties and Active Directory passwords in STA.

User Provisioning through Identity Management Framework

The Identity Management Framework enables user and group provisioning between SafeNet Trusted Access and other third-party applications and directories. It utilizes an open-source identity management and governance platform, midPoint, underneath.

User provisioning through Microsoft Entra ID

To be able to federate Microsoft Entra ID users with an external identity provider, STA needs the immutable ID. Microsoft Entra ID (AD) uses the immutable ID attribute to identify users and their virtual server (tenant) in the Microsoft Entra ID infrastructure. Microsoft Entra ID expects the immutable ID in the authentication request response, to uniquely identify a user. Therefore, the immutable ID needs to be synchronized between Microsoft Entra ID and STA.

The following diagram illustrates how STA can obtain the immutable ID:

There are two ways to set an immutable ID on a user in Microsoft Entra ID: 

• Synchronization with Microsoft Entra ID Connect: With Microsoft Entra ID Connect, the ID is converted to the immutableID. Use the Microsoft Entra ID Provisioning Service to provision users and groups from Microsoft Entra ID to STA. It is based on the System for Cross-Domain Identity Management (SCIM) 2.0 protocol. It can connect to the SCIM API  for STA user management endpoint, to automatically create, update, and remove users and groups.

• Microsoft Entra ID immutable ID management solution: The Microsoft Entra ID immutable ID management solution automatically sets an immutableID on users in Microsoft Entra ID that don't already have one. This solution is typically used for Microsoft Entra ID synchronization when you need to synchronize non-hybrid Microsoft Entra ID users to STA. It runs periodically in your Microsoft Entra ID environment. It finds users that are missing the immutableId attribute, and patches them with a new, generated immutableId value.

There are two ways that STA can obtain the immutable ID:

• Use the Microsoft Entra ID provisioning service to synchronize the immutable ID between STA and Microsoft Entra ID.

• Use SafeNet Synchronization Agent to synchronize with Microsoft Entra ID, which is more complex.

User Provisioning through miniOrange

To provision users from miniOrange to STA, you create a SCIM-based application that represents STA in miniOrange and configures the connection to the SCIM API for STA endpoint. You then create a group for the users that you want to provision to STA, and a policy that maps the SCIM-based application with that user group. Finally, you add the users that you want to provision to the group, and then verify your setup.

User Provisioning through Okta

If you have existing users in Okta, you can use Okta application provisioning to provision users and groups from Okta to STA. Application provisioning in Okta uses the SCIM protocol to synchronize user account information between Okta and external applications. To provision users to STA, you create an application for STA in Okta and connect to the SCIM API for STA user management endpoint to create, update, and remove users and groups.

Provision users manually

You can manually provision users one at a time or import multiple users:

Manually adding one user at a time is a convenient way to accommodate small additions.

Manually importing user records enables you to add multiple users in a single operation.