Auto Creation Update and Login

The Auto Creation/Update and Login features apply to the LDAP Login and Single Sign-On modules.

• Auto creation of user during first login is supported. This can be configured using the Configurator or ConfigValues.xml. If configured:
  • If user does not exist, user is created.
  • The information configured to be extracted from LDAP or HTTP headers and mapped to user attributes. The mappings are configured using the Configurator. For information about the list of attributes, which can be extracted from LDAP, see the table "LDAP Properties for Mapping" of the Default LDAP Properties topic and from HTTP headers, see the table "Single Sign-On Properties for Mapping" of the Single Sign-On Properties topic.
  • The information extracted from LDAP or HTTP headers can be mapped to TIBCO MDM roles. If role mapping does not result in at least one role for the user, user creation is not allowed.
• Auto update of user during any login is supported. This can be configured using the Configurator or ConfigValues.xml. If configured:
  • If user exists, user is modified if any of the mapped user information has changed.
  • The information configured to be extracted from LDAP or HTTP headers can be mapped to user attributes. The mappings are configured using the Configurator or ConfigValues.xml.
  • The information extracted from LDAP or HTTP headers can be mapped to TIBCO MDM roles. If no roles are specified, existing assigned roles are not modified.
  • If any information mapped to user attributes is null or empty, it is not updated during update.
• Auto creation and update works for login by UI or web services.
• Login can be configured to imitate single sign-on - that is password is not needed. However, if TIBCO MDM out of box UI is used, password must always be provided.