Typically, users are required to verify their account with a confirmation code sent via email, before using Parsec. In some organizations, certain users may not have a routable email inbox to receive this confirmation email.
For such cases, Enterprise admins using select 3rd party identity providers may use a parameter during SCIM user creation to bypass our standard process. This additional parameter (autoConfirm), effectively allows admins to verify with their IdP.
How auto-confirmation works
Auto-confirmation allows newly provisioned users to bypass email confirmation. It uses a custom parameter, configured in your Identity provider, that is sent along with the new user. When configured properly, this value (true or false) is recognized by our systems and determines whether or not the user will be automatically marked as confirmed during the user creation process.
The value definitions are as follows
- If the value is set to true, then the user’s Parsec account is confirmed and no confirmation email is sent.
- If the value is set to false or is undefined, then the user’s Parsec account is not confirmed and a confirmation email is sent.
Supported identity providers
This feature is currently supported for use with two 3rd party identity providers. Setup guides for each are below.
- Okta
- Azure
Setup for Okta
Setting up a custom attribute
- In the Okta Admin Portal, navigate to ‘Profile Editor’ and select your Parsec application.
- Click the ‘+ Add Attribute’ button.
- Set ‘Data type’ to ‘boolean’.
- Set ‘Display name’ to ‘AutoConfirm’.
- Set ‘Variable name’ and ‘External name’ to ‘autoConfirm’.
- Set ‘External namespace’ to ‘urn:ietf:params:scim:schemas:extension:enterprise:2.0:User’
- Please note that the ‘External name’ must be ‘autoConfirm’, and the ‘External namespace’ must be ‘urn:ietf:params:scim:schemas:extension:enterprise:2.0:User’ or it will not work.
- Set ‘Attribute type’ to ‘personal’.
- Click ‘Save’.
Now that the custom property is created, you need to update the mapping. You can use the Okta Expression Language to dynamically set the field based on other properties.
Example: Using group membership to dynamically set the autoConfirm property
- First, you need to create a new group in the Okta Admin Portal by navigating to ‘Groups’ and clicking the ‘Add group’ button.
- Set the name of your group and click ‘Save’.
- Then navigate to the ‘Profile Editor’ and select your ‘Parsec’ application.
- Click the ‘Mappings’ button.
- Select ‘Okta User to Parsec’.
- In front of the ‘autoConfirm’ attribute, set ‘isMemberOfGroupName(“NAME_OF_YOUR_GROUP”)’.
- Click ‘Save Mappings’ and then ‘Apply updates now’.
Now you can add members to your “auto confirmed users” group and they will have their Parsec accounts automatically confirmed.
Setup for Azure
Adding a custom attribute to your application schema
- In the appropriate SAML/Enterprise Application, select ‘Provisioning’, then ‘Edit provisioning’.
- In the ‘Mappings’ section, select ‘Provision Microsoft Entra ID Users’ or ‘Provision Azure Active Directory Users’.
- Under ‘Attribute Mappings’, click ‘Show advanced options’ and then ‘Edit attribute list for customappsso’.
- At the bottom of the list, add the custom attribute using this name ‘urn:ietf:params:scim:schemas:extension:autoConfirmation:2.0:User:autoConfirm’.
- Please note that the name of the attribute must be ‘urn:ietf:params:scim:schemas:extension:autoConfirmation:2.0:User:autoConfirm’ or it will not work.
- Select ‘Boolean’ as data type, then ‘Save’.
Now that the custom attribute is added to your application schema, you need to include it in the mapping. In the next section, we will provide an example of setting the autoConfirm property dynamically. However, there are other methods available that you can find in this documentation.
Example: Using App Roles to dynamically set the autoConfirm property
Creating a new App Role
- In the Microsoft Azure Portal search for ‘App Registration’.
- Filter by ‘All applications’ and select the appropriate SAML/Enterprise Application.
- Click ‘App roles’ and then ‘+ Create app role’.
- Set the ‘Display name’ of your role.
- Set ‘Allowed member types’ to ‘Users/Groups’.
- Set ‘Value’ to ‘true’.
- Set a ‘Description’ for your role.
- Click ‘Apply’.
Updating the attribute mappings of your application
- In the appropriate SAML/Enterprise Application, select ‘Provisioning’, then ‘Edit provisioning’.
- In the ‘Mappings’ section, select ‘Provision Microsoft Entra ID Users’ or ‘Provision Azure Active Directory Users’.
- Click ‘Add New Mapping’.
- Set ‘Mapping type’ to ‘Expression’.
- Set ‘Expression’ to ‘IIF(SingleAppRoleAssignment([appRoleAssignments])="NAME_OF_YOUR_ROLE", "TRUE", "FALSE")’.
- Set ‘Target attribute’ to ‘urn:ietf:params:scim:schemas:extension:autoConfirmation:2.0:User:autoConfirm’.
- If you do not see the attribute above as an available attribute in the target application schema, double-check that it exists in the attribute list for your application configured in the Adding a custom attribute to your application schema step.
- Click ‘Ok’.
- The attribute mapping should look like the following. Click ‘Save’.
Provisioning auto-confirmed users
- Open the ‘Users and Groups’ menu in your application, then click ‘+ Add user/group’.
- Open the ‘Users’ or ‘Groups’ menu, select the appropriate objects and click ‘Select’.
- Open the ‘Select a role’ menu, select the role you created earlier and click ‘Select’.
- Click ‘Assign’.
- Users and groups that are assigned your ‘AutoConfirmation’ role should be automatically confirmed upon the next provisioning cycle.
As an example, the provisioning object should look like this: