/
User Account, Source System User Mapping and Single-Sign-On

User Account, Source System User Mapping and Single-Sign-On

Owned by Alex Xie
Last updated: Sept 18, 2020
3 min read

OneList maintains its own user accounts which include the following information:

  • UserName - a unique key for every user. This is mapped to the common user ID of the organization;

  • Profile - user profile, e.g. first name, last name, email;

  • Manager - optional, the user's reporting manager;

Linking OneList User with Identity Provider (IDP) and Source System User

For OneList to automatically surface tasks to the user, it needs to establish the above link between the user’s IDP login and his/her source system user id. The OneList username is the key in this link. The general process of identifying the value for the OneList username is:

  • Identify and agree on the common user identifier in the organisation. Most organisations use SAMAccountName or Email as the common user id;

  • Identify the claim from the Identify Provider that holds the common user id;

  • Verify each source system if it can map its user account to the common user id. The adapter is responsible for producing the user mapping for OneList.

If a source system is unable to provide the user mapping then OneList will prompt the user to log on to that source system once before tasks are surfaced from that source system.

Where is the user linkage saved and how it is used

The linking between the OneList user and the external user is saved in the ExternalLogin table in the RoleManager database. 

  • When the user logs on via external IDP, OneList uses the IDP's user id to find the OneList user id in the ExternalLogin table and grants access to the user;

  • When OneList receives a task from Source System, it uses the source system user id to find the OneList user id in the ExternalLogin table, then assigns the task to the OneList user. The reverse lookup process is used to identify the source system user id when user actions a task.

OneList user account creation

OneList creates user account in the following two scenarios:

  1. When a user gets his/her first task from a source system. In this case, the OneList Adapter queries OneList for the list of users who requires mapping to OneList user. The Adapter then posts the user details to OneList and it creates the new user account and links it with the source system user id. The prerequisite of this scenario is that the OneList adapter has full information of the use account including the UserName and Email.

  2. When a user logs on to OneList for the first time. In this case, after the user is authenticated by the organisation's IDP, OneList creates the new user account.

Claims required from source system to setup OneList user profile

Claim Type

Source System Value

OneList User 

Claim Type

Source System Value

OneList User 

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier

Source system user id

UserName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

First name

FirstName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Surname

LastName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Email

Email



 

Related content