Skip to main content

Automated User Provisioning

Last updated: Wed, 28 Nov 2018 20:45:32 GMT
iOFFICE Knowledge Center

Automated User Provisioning


This section describes options for importing users into the application from a corporate directory. An iOffice representative will work with the customer to understand needs and requirements, as each process varies based on module, customer and business requirements.

Import Via SFTP

The customer uploads a file to iOFFICE's SFTP server on an interval determined at their discretion. The SFTP account is exclusive to the customer, securely isolated from other customer accounts. The customer’s developer has the option of using either a password- or key-based authentication.

Inbound connections to iOFFICE's SFTP server are restricted to specific IP address ranges for additional security. Consequently, the customer is required to provide a publicly routable range of addresses before establishing a connection. After the IP addresses are whitelisted and credentials are exchanged the customer may connect to

Once the process is in place, the customer will upload a file. When complete, iOFFICE's directory watcher process will pick up the file and begin processing automatically.

Additional Encryption Using PGP

Files sent to our SFTP server are fully encrypted in transit and are only accessible to employees who require access for business purposes, with access granted using the principle of least privilege; however, if your security team requires encryption at rest for SFTP import files, iOFFICE can, for an additional fee, support PGP encryption using the RSA protocol.

Note: In addition to requiring an additional fee, PGP encryption has the potential to slow down our ability to process files received from the client. We recommend that you use the standard SFTP process and do not believe PGP encryption is necessary to secure your data. 

File Format and Requirements

File format options are flexible, allowing delimiter separated values (comma, tab, pipe) or XML. Delimited files must have a header row and fields should be qualified with double quotes. It is iOFFICEʼs experience that XML is the most reliable file format, as a closing element confirms a complete file has been received.

iOFFICE requires a field with a unique key (such as an employee id). This key maps existing user records with data in the customer’s file. Users in the file without a matching record in the application will have an account created for them. Accordingly, users in the application without a matching record in the file are deactivated. Matching user records are updated if required.

Standard required fields are: employee ID (any unique identifier may be used as a substitute), first name, last name and email. Depending on use case, other fields may be needed. 



Related Topics


Common Logon, Single Sign On, or Federated Identity

Local File Repository

Space Pinger

  • Was this article helpful?