Flexible Provisioning in Lumos

Last updated: October 7, 2024

Background

In the past, Lumos was opinionated on what order your provisioning steps ran. If manual steps were needed on a permission, we always provisioned to the Okta group first. While this worked well enough for most use cases, this unfortunately doesn't work with increasingly complex apps that may require more flexibility in provisioning (and later, deprovisioning!) workflows. 🧘‍♀

Introducing flexible provisioning! This article quickly walks through the UI changes, and will teach you how to configure provisioning in Lumos. 

App-Level UI Changes

When you navigate to the AppStore settings, the Provisioning section will look a little different. 

This is what it used to look like before:

Here's what it looks like now!

Provisioning Method Provisioning Type

We used to have a concept of Provisioning Method, which meant that it would be:

  • N/A

  • Assign Directly to App

  • Assign to App Permission, Defaulted

  • Assign to App Permission, Requester-selected

We've simplified this to Provisioning Type, which can be one of two options:

  • Provisioning to Permission

  • Provisioning to App

This means we are either defining our provisioning steps at the App-level or at the Permission-level.

Provisioning to App

Steps (App-Level)

When you've designated Provisioning to app, you'll see the ability to configure a Provisioning Webhook, Automated Provisioning (which is assigning the user to the Okta app), and Manual Provisioning with optional Provisioning Instructions. The main difference here is that you can reorder these steps if you wish by using drag and drop!

Provisioning to Permission

Assign to App Permission, Defaulted OR Assign to App Permission, Requester-selected Allow Permission Selection

As mentioned we used to have two Provisioning Types - Defaulted or Requester-selected. This was meant to determine whether you wanted users to be able to select the permission when making the request or have it defaulted. 

Now, we've simplified this to "Allow Permission Selection", which allows you to toggle whether you want to allow permission selection by your users. 

Allow Request for Multiple Permissions & Default Permission

Nothing has changed here we just moved these to the provisioning section 😊

Permission-Level UI Changes

When you navigate to the Permission settings, the Provisioning section will look a little different. 

This is what it used to look like before:

Here's what it looks like now!

Steps (Permission-Level)

Within the permissions tab, you used to see the provisioning group, an area for provisioning instructions, a toggle for manual action required, and a place below to optionally configure the provisioning webhook. The main difference here is that you can now reorder these steps & add additional Manual Provisioning steps if you wish by using drag and drop!

You can also update the Group Provisioning if it's not an Okta assignment group (in which case it will be toggled off). Additionally, we've removed the concept of linking Provisioning instructions back to the app level so that you can associate provisioning instructions with a single manual provisioning step.