Contact Menu

User Provisioning

Firstbird user provisioning 


To simplify Talent Scout management in Firstbird, the registration and login process for all user groups, Firstbird provides the API that enables the integration with Single Sign On (SSO) and User Provisioning.

 

 

User management automation

User_management_Eng.PNG

 

 

Automated user management

SSO and user pre-/de-provisioning

Employee_database.png

 

 

Why user provisioning?

  • Facilitation of the registration process (user information is already prefilled) → User Pre-Provisioning
  • Automation of the user management flow
    • Automated update of the user profiles
    • Automated deactivation and deletion of user profiles → User De-Provisioning

 

 

User pre-provisioning

Firstbird provides an API that allows third party providers the automated pre-provision of user profiles.

Before registering in Firstbird, the following information can be added additionally via the API (if available):

  • First name
  • Last name
  • Employee ID
  • Location (only if the values match with the settings in Firstbird)
  • Department (only if the values match with the settings in Firstbird)


This information does not have to be provided necessarily. If any information is missing, Talent Scout must add it manually during the registration process.

Selecting the user role is not included in the integration. Users will be pre-provisioned by default with the user role "Talent Scout". The admin user can adapt the role of any user in the user management.

Disclaimer_ENG.png

 

 

User de-provisioning

Firstbird provides an endpoint that allows the automated de-provision (deactivation and deletion) of user profiles.

Example: A third-party provider (e.g. HCM) sends a request for de-provision to Firstbird when an employee is no longer present in the customer’s system. The user is automatically deactivated in Firstbird and, in a further step, deleted with all related personal data. 

 

 

Technical implementation

Firstbird provides an endpoint where user profiles can be pre-provisioned, updated, deactivated and deleted. User profiles in Firstbird consist of first name, last name, email, employee ID, status, department and location. The pre-provisioned information is prefilled during the registration process and updated in the user's personal profile if the registration has been completed before integration.

The deactivation process consists of 2 steps within the Firstbird application:

Step 1: The deactivation of the user profiles (the user is still existing in Firstbird but not able to log in anymore)

Step 2: The deletion of deactivated user profiles (the user profile and its related information* are not available anymore)

*e.g. generated points and coins

 

 

Important notes

 

 


User Pre-Provisioning via SFTP Server

Endpoint: sftp.services.1brd.com

File Format: .csv

Separator: comma

Columns: first_name, last_name, email_address, personnel_number, location(optional), department(optional)

Authentication: SSH Public Key Authentication

Update Schedule: Hourly

 

How it works

  1. Contact pm-integrations@firstbird.com with your request about the user provisioning integration.
  2. You create an SSH Key Pair and send us the public key that you are planning to use for authentication.
  3. You also send us a preferred user name for the server in order for us to attach the public key to that user, and a folder name (preferably your company name).
  4. After our confirmation we will hourly check for new updates/files.
  5. You send us a dump of all user profiles according to the defined format (see above).
  6. If we determine any changes in a user profile we will automatically update the profile in Firstbird as well.
  7. If the user is no longer present in the file for a day, we will deactivate the user in Firstbird and delete the user after a week.

 

 

User De-Provisioning via SFTP Server

Endpoint: sftp.services.1brd.com

File Format: .csv

Separator: comma

Columns: email, date (yyyy-mm-dd)

Authentication: SSH Public Key Authentication

Update Schedule: Hourly

 

How it works

  1. Contact pm-integrations@firstbird.com with your request about the user provisioning integration.
  2. You create an SSH Key Pair and send us the public key that you are planning to use for authentication.
  3. You also send us a preferred user name for the server in order for us to attach the public key to that user, and a folder name (preferably your company name).
  4. You send us all users that you want to deprovision from Firstbird’s systems according to the defined format (see above).
  5. We will deprovision (deactivate and delete) all users you sent from Firstbird’s systems hourly.

 

 

User Provisioning via Microsoft Azure AD

We also offer the possibility to provision users via Azure.

Contact pm-integrations@firstbird.com with your request and we will send you further instructions.

Please note that the configuration on Firstbird's end needs to be planned in advance and cannot be provided within a few days.

Currently, Firstbird does not support SCIM 2.0