User provisioning considerations

This section discusses WFO-specific considerations for identity provisioning.

Maximum supported email address length

As the email address value is inserted into the username attribute, the maximum supported email address length is 50 characters.

Characters not supported in First Name and Last Name attributes

The following characters are not supported in the First Name and Last Name attributes [ ] < > " & ! ? ,

Do not add users from the WFO user interface

Once employees and users have been provisioned from the identity provider, do not add users from the WFO user interface.

Authentication flow will change

Once the users have been provisioned and the system is integrated into the cloud platform Predefined logical group of server roles installed together on a physical server., the authentication flow will change. There will now be two hops in the SAML authentication process.

You cannot edit these fields in the User Management Module that an administrator uses to create a profile for each employee in their organization., Security, Usernames page in WFO (These fields are managed on the IDP server and are read-only on the WFO server.)

  • Username

  • Status

You cannot edit these fields in the User Management, Employees, Profiles page in WFO. (These fields are managed on the IDP server and are read-only on the WFO server.)

  • Last Name

  • First Name

  • Employee Number

  • Email Address

  • Work Phone

  • Cell Phone

  • Address Line 1

  • City

  • State

  • Zip Code

  • Country

Blank entries in the IDP server are not pushed to the WFO server

There are 14 fields that are managed in the IDP server and have read-only values in the WFO Usernames and Profiles page. If any of these fields are changed to blank (empty) entries in the IDP server, no change is pushed to the WFO server. In such a case, the value for the field in the WFO Usernames or Profiles page does not change. The field in WFO will continue to have the same value that it had before the field was changed to blank in the IDP server. So, it is not possible to change a field in the IDP server to a blank entry and have that field also be blank in the WFO Usernames or Profiles page.

Workaround

Instead of entering a blank value for a field in the IDP server, enter a convention such as "NA" or "Not applicable." Then "NA" or "Not applicable" will appear for the field in the WFO Usernames or Profiles page.

Adding a new user who has the same email address (Username) as a user deleted from Azure Active Directory One of the main user authentication methods supported in the system, allowing customers to leverage Windows Authentication as the authentication mechanism in the system.

When provisioning users from AAD to WFO, a user’s email address is specified as the Username for the user. If a user is deleted from the Azure Active Directory (AAD), the user is not deleted from WFO. The deleted user has an inactive status in WFO. If you later try to add a new user with the same email address as the deleted user in the customer IDP, the new user is not added to WFO. Instead, the system updates the deleted user with the new user’s information in WFO. Also, all of the employee attributes for the deleted user are editable in WFO. To fix this issue, follow the steps in the Workaround below.

Workaround

To add a new user who has the same email address as a user who has been deleted from the AAD:

  1. From WFO, manually delete the user who was deleted from the AAD.

    1. Go to User Management. Under Employees, select Profiles.

    2. In the Name column (left panel), select the user who was deleted from the AAD.

    3. Click the Delete button.

  2. Create the new user in the IDP (with the same email address Username as the user that was deleted from AAD). The new user will be synced from the IDP to WFO.

Auditing of provisioning activity Core component of both schedules and time records in Workforce Management (WFM). When an employee performs any kind of work, activities specify the scheduled work and capture employee adherence to their schedule. not available

You cannot view provisioning activities in the Audit Viewer Tool that displays the list of audited actions that have occurred in the system..