Help & Support
Follow

User Provisioning Overview

LeanKit's guide to understanding and choosing the proper user management solution to suit your company's needs.

 

User Provisioning in LeanKit

Account Administrators can create, update, delete, and disable users in LeanKit’s web application. As the number of users in their account increases, Account Administrators may find themselves:

  • Spending large amounts of time maintaining users
  • Becoming a bottleneck to business units wishing to adopt Lean
  • Wishing for a faster way to disable users who have left the company

We are currently in pilot phase for a new user provisioning capability that helps Account Administrators solve these problems. This capability is included with the Premium edition of LeanKit. If you are not on the Premium edition, please contact your LeanKit representative to learn how you can access user provisioning.

 

How it Works

User provisioning is implemented by connecting LeanKit with your identity management system, such as Okta. This connection enables user data to flow from your system into LeanKit. We offer two options for building this connection:

  1. A configurable integration between your identity provider and LeanKit using the SCIM 1.1 (System for Cross-domain Identity Management) standard -- learn more here.
  2. A completely customized integration between your system and LeanKit by interacting directly with LeanKit’s user provisioning APIs

 

1. Configurable SCIM 1.1 Integration

The SCIM-based integration option removes the need for Account Administrators to manage users manually in LeanKit. Instead, users are stored centrally in your identity system and assigned access to LeanKit by performing simple workflows, like adding or removing a user from a group.

Account Administrators without deep technical experience may be able to configure this type of integration on their own, but it is worth exploring both options with a technical team member to ensure your needs are met.

LeanKit’s user provisioning solution is compatible with these identity providers and others that support SCIM 1.1:

  • Okta
  • OneLogin
  • PingOne

Example use case - If you have hundreds, or even thousands, of users, managing their access to LeanKit can be simple with a SCIM-based integration. Let’s assume your IT group has invested in the identity provider Okta, and all of your enterprise’s users are included in Okta’s user directory. Connecting Okta to LeanKit is simple process, and you can configure which fields flow between the two systems. Then, user management is easy. Here are some examples of how you can use the Okta-LeanKit integration, without ever leaving your Okta interface:

  • Add users to LeanKit by selecting a subset of users from the Okta directory and adding them to the LeanKit group in Okta. New users will have instant access to LeanKit and receive a welcome email.
  • Deactivate users in LeanKit by removing them from the LeanKit group in Okta.
  • When employees leave your enterprise, they will be removed or disabled in the Okta directory, which will also instantly disabled them in LeanKit.

 

2. Customizable API Integration

You may opt to integrate directly with LeanKit’s user provisioning API when your identity provider does not support SCIM 1.1, or when you need maximum flexibility to overcome a specific challenge.

Because this option requires building and maintaining an integration from scratch, we recommend you pull in a technical team member with programming ability to fully assess this option.

The user provisioning API consists of building blocks that can be used to create a custom solution, which include the ability to:

  • Add a user
  • Get a user's information
  • Search for users that match criteria
  • Modify a user's information
  • Deactivate a user
  • Change a user's password
  • Delete a user

Example use case - Let’s suppose you want to deactivate all users who have been inactive in LeanKit for more than 90 days to optimize license utilization. Using the API, you could write a software application to:

  1. Ask LeanKit for a list of users, filtering for users who have a Last Access date greater than 90 days ago.
  2. For each user returned ...
  3. Ask LeanKit to update the user’s Enabled field to ‘false,’ which will disable the user’s account in LeanKit.

 

Use the Solution that Fits Your User Management Needs

Both user provisioning options give Account Administrators a tool to solve user management issues that occur when adoption grows rapidly within an organization. User provisioning allows for seamless integration with your identity provider of choice and the flexibility to create custom solutions when necessary.

Please contact your LeanKit Enterprise Account Rep or Customer Success Manager to see if user provisioning can help you.

 
Have more questions? Submit a request