Skip to content

User Management Center

Overview

The User Management Center is a secure, scalable, and standards-compliant platform designed to manage end-user authentication and user provisioning within IFS AI. It enables administrators to configure user provisioning, manage external identity providers, and handle group-level access, all on a per-tenant basis.

Each tenant’s configuration, including users, groups, and tag mappings for user groups, is completely isolated to ensure security and compliance with organizational policies.

Only Customer Admins within your organization have access to the User Management Center.

To navigate to the User Management Center:

  1. Log in to the Lifecycle Experience Center
  2. Go to Access StudioService Authentication.
  3. If your organization has purchased the end-user AI service, a User Management Center link will be visible for each provisioned tenant.

Note: All configurations must be performed per tenant. Each tenant operates independently, and configurations cannot be shared or replicated automatically across tenants.

Core Functionalities

The User Management Center provides a unified interface for managing all user authentication and provisioning aspects. The main functionalities include:

1. Identity Provider Configuration

  • Set up connections with your organization’s Identity Provider (IdP).

  • Supports OpenID Connect (OIDC) protocol: compatible with any OIDC-compliant provider (e.g., Azure AD, Okta, Auth0).

  • Local user management is not supported: all users must authenticate through your configured IdP.
  • Multi-Factor Authentication (MFA) must be enabled on your IdP to ensure secure access.

2. SCIM Configuration (User and Group Provisioning)

  • Automate user and Group creation, updates, and deactivation using the System for Cross-domain Identity Management (SCIM) Protocol.

  • Ensure user data remains synchronized between your IdP and IFS.ai .

  • Provisioning settings must be defined per tenant for accurate user lifecycle management.

3. User Group Management

  • Organize users into logical groups that correspond to access levels or functional roles.

  • Group membership determines which tags (roles) are applied to users.

  • Tags represent role-based permissions defined by IFS.ai services.
  • Tags cannot be assigned directly to individual users. They are only inherited through group memberships.

4. User Management

  • Your organization's Identity Provider (IdP) serves as the primary source for User Management. This simplifies user administration by centralizing user information in a single location.
  • Consolidate all provisioned users in a single location.
  • User deletion, as well as activation and deactivation, can be managed within this platform. Prior to deleting a user, ensure that there are no existing references to the user records.
  • It is essential to maintain synchronization of user status and details with your Identity Provider.

Best Practices and Recommendations

  • Plan your tenant setup before configuring clearly define identity providers, user groups, and roles for each tenant.
  • Enforce MFA on your IdP for enhanced security.
  • Use SCIM automation to ensure consistency and reduce manual administration errors.
  • Regularly review user groups and tag mappings to maintain compliance and access hygiene.
  • Maintain synchronization of user status and details with your Identity Provider