Auto Creation Update and Login

The Auto Creation/Update and Login features apply to the LDAP Login and Single Sign-On modules.

  • Auto creation of user during first login is supported. This can be configured using Configurator or ConfigValues.xml. If configured:
    • If user does not exist, user is created.
    • The information configured to be extracted from LDAP or HTTP headers and mapped to user attributes. The mappings are configured using Configurator. For information on the list of attributes, which can be extracted from LDAP, refer to LDAP Properties for Mapping and from HTTP headers, refer to Single Sign-On Properties for Mapping.
    • The information extracted from LDAP or HTTP headers can be mapped to TIBCO MDM roles. If role mapping does not result in at least one role for the user, user creation is not allowed.
  • Auto update of user during any login is supported. This can be configured using Configurator or ConfigValues.xml. If configured:
    • If user exists, user is modified if any of the mapped user information has changed.
    • The information configured to be extracted from LDAP or HTTP headers can be mapped to user attributes. The mappings are configured using Configurator or ConfigValues.xml.
    • The information extracted from LDAP or HTTP headers can be mapped to TIBCO MDM roles. If no roles are specified, existing assigned roles are not modified.
    • If any information mapped to user attributes is null or empty, it is not updated during update.
  • Auto creation and update works for login by UI or web services.
  • Login can be configured to imitate single sign-on - that is password is not needed. However, if TIBCO MDM out of box UI is used, password must always be provided.