Federation Manager Guide › Federation Partnerships › Application Integration › Dynamic Provisioning of a User Identity at the Relying Party › Remote Provisioning Configuration

Remote Provisioning Configuration

Configuring remote provisioning requires that you determine a delivery option of the assertion data and supply the URL of the provisioning server.

In addition to configuring remote provisioning, you can select the Allow IdP to create User Identifier option. This option enables the IdP to create a persistent identifier if no identifier for the user exists. This Allow/Create feature is not exclusively for provisioning using local account linking, though it is required for the local method.

You can enable the Allow/Create feature together with remote provisioning, if you want the IdP to generate a user identifier that is sent with other attributes to the remote provisioning server. The application at the remote provisioning server determines how it uses the generated identifier. The application can perform local account linking; however, this is not Federation Manager local account linking.

To configure remote provisioning

1. Begin at the Application Integration step of the Partnership wizard.
2. Select the provisioning type in the User Provisioning group box.

   Note: You can click Help for a description of fields, controls, and their respective requirements.

3. If you select Remote as the provisioning type, complete the following additional fields:
   • Delivery Option
   • Provisioning Server URL
4. If you specify open format cookie as the delivery option, you must complete the additional settings in the Open-format Cookie group box.

   These settings include the name of the cookie, the algorithm that encrypts the cookie and the encryption password. Optionally, you can enable an HMAC function to verify the integrity of the cookie.

5. Select the Confirm step in the wizard and click Finish to save your changes.

You have completed remote provisioning configuration.