Provisioning users to other systems

User provisioning is the integration flow designed to ensure consistent user data across all connected systems. It’s typically part of an organization’s Identity Management (IDM) landscape, where one master system acts as the single source of truth for user information, and other systems synchronize their user data with it.

The HR master data system is particularly suited for this purpose, as it’s where employee records first originate. HR is usually the first to know about new hires and maintains up-to-date information throughout the employment lifecycle.

Integrating the HR system early in your IDM landscape (commonly represented by Azure AD/Entra ID or similar) enables two provisioning scenarios, where one must occur before the other.

HR Driven Provisioning

In HR-driven provisioning, user data originates in the HR master data system. However, the IDM system typically manages usernames and email addresses. This is handled by making HR data available for integration, transferring it to the IDM for username and email generation, and then updating those values back to the HR master data system.

General user provisioning

General provisioning with other systems occurs after HR-driven provisioning, since it requires the username attribute to be present and unique. Before this attribute exists in the HR master data system, users cannot be provisioned to other systems.

Apart from this prerequisite, general user provisioning follows a similar pattern to HR-driven provisioning, except that data flows one way, from CatalystOne to consuming systems. CatalystOne supports general user provisioning through a SCIM-compliant API, allowing clients to request user data.