We are using OpenID connect with User provisioning enabled. When a new (previously unknown) user logs on with OpenID Connect, a user record is created and based on the template, automatically assigned to a guest group. This guest group has a startup object with a task that initiates a registration process. The user has to add some additional information and submit this information to be validated by a backoffice system. The backoffice system validates and if valid, removes the user from the quest group and assigns the user to a member group. The user can now logon and gets the menu and functionality of a member.
What happens however is that the provisioning functionality not only assigns the defined user group on creation of a new user, but also on any subsequent log on. So the guest group, while deleted through the API, is assigned again and with that the registration flow is started as well.
My question: is there a way to have a process started only once based on provisioning?
An additional question could be: in what situation would it be relevent to execute the provisioning logic on a normal log on?
Best answer by Anne Buit
View original
