Employee Referrals User Provisioning
To simplify Talent Scout management in Employee Referrals, the registration and login process for all user groups, Radancy provides the API that enables the integration with Single Sign On (SSO) and User Provisioning.
User management automation
| User Pre- and De-Provisioning | Single Sign-On with Just-In-Time Provisioning | |
|---|---|---|
| Permission to use Employee Referrals | No | YES |
| Deactivation of Users | YES | No |
| Deletion of Users | YES | No |
| Synchronization of first name, last name, and email address | YES | YES |
| Synchronization of the user location and department | YES | YES |
| Synchronization of user roles | No | YES |
Automated user management
SSO and user pre-/de-provisioning
Why user provisioning?
- Facilitation of the registration process (user information is already prefilled) → User Pre-Provisioning
- Automation of the user management flow
- Automated update of the user profiles
- Automated deactivation and deletion of user profiles → User De-Provisioning
User pre-provisioning
Employee Referrals provides an API that allows third-party providers the automated pre-provision of user profiles.
Before registering in Employee Referrals, the following information can be added additionally via the API (if available):
- First name
- Last name
- Employee ID
- Location (only if the values match with the settings in Employee Referrals)
- Department (only if the values match with the settings in Employee Referrals)
This information does not have to be provided necessarily. If any information is missing, Talent Scout must add it manually during the registration process.
Selecting the user role is not included in the integration. Users will be pre-provisioned by default with the user role "Talent Scout". The admin user can adapt the role of any user in the user management.
Disclaimer
Pre-provisioned profiles are only listed in the user list once they have registered themselves in Employee Referrals.
User de-provisioning
Employee Referrals provides an endpoint that allows the automated de-provision (deactivation and deletion) of user profiles.
Example: A third-party provider (e.g. HCM) sends a request for de-provision to Employee Referrals when an employee is no longer present in the customer’s system. The user is automatically deactivated in Employee Referrals and, in a further step, deleted with all related personal data.
Technical implementation
Employee Referrals provides an endpoint where user profiles can be pre-provisioned, updated, deactivated and deleted. User profiles in Employee Referrals consist of first name, last name, email, employee ID, status, department and location. The pre-provisioned information is prefilled during the registration process and updated in the user's personal profile if the registration has been completed before integration.
The deactivation process consists of 2 steps within the Employee Referrals application:
Step 1:The deactivation of the user profiles (the user is still existing in Employee Referrals but not able to log in anymore)
Step 2:The deletion of deactivated user profiles (the user profile and its related information* are not available anymore)
*e.g. generated points and coins
Important notes
- Link to SSO
- Link to Employee Referrals API documentation
User Pre-Provisioning via SFTP Server
Endpoint: sftp.services.1brd.com
File Format: .csv
Separator: comma
Columns: first_name, last_name, email_address, personnel_number, location(optional), department(optional)
Authentication: SSH Public Key Authentication
Update Schedule: Hourly
How it works
- Contact us via our support form with your request about the user provisioning integration.
- You create an SSH Key Pair and send us the public key that you are planning to use for authentication.
- You also send us a preferred user name for the server in order for us to attach the public key to that user, and a folder name (preferably your company name).
- After our confirmation we will hourly check for new updates/files.
- You send us a dump of all user profiles according to the defined format (see above).
- If we determine any changes in a user profile we will automatically update the profile in Employee Referrals as well.
- If the user is no longer present in the file for a day, we will deactivate the user in Employee Referrals and delete the user after a week.
User De-Provisioning via SFTP Server
Endpoint: sftp.services.1brd.com
File Format: .csv
Separator: comma
Columns: email, date (yyyy-mm-dd)
Authentication: SSH Public Key Authentication
Update Schedule: Hourly
How it works
- Contact us via our support form with your request about the user provisioning integration.
- You create an SSH Key Pair and send us the public key that you are planning to use for authentication.
- You also send us a preferred user name for the server in order for us to attach the public key to that user, and a folder name (preferably your company name).
- You send us all users that you want to deprovision from Employee Referrals systems according to the defined format (see above).
- We will deprovision (deactivate and delete) all users you sent from Employee Referrals systems hourly.
User Provisioning via Microsoft Azure AD
We also offer the possibility to provision users via Azure.
Contact us via our support form with your request and we will send you further instructions.
Please note that the configuration on Radancy's end needs to be planned in advance and cannot be provided within a few days.
Currently, Employee Referrals does not support SCIM 2.0