Automated Provisioning of User Accounts in Clarity

Data exchange in accordance with the SCIM standard: Use your existing identity directory as a basis for automated user and resource administration in Clarity and save yourself unnecessary additional effort.

Business Case

Administration of User Accounts and Access Rights

A new tool is deployed, your company grows, or employees leave the company. When these events happen, it requires an initial amount of effort by your IT department to add and delete user accounts, manage permissions, and create completely new account types. While it is important to keep the number of user accounts in various applications in check for cost and security reasons, it also represents valuable time that your IT could certainly invest more efficiently!  

Your company usually already has a central database, the so-called identity provider, which lists all active employees with the most important master data (e.g., department, e-mail address, national company). This is often where it is defined which user identity is assigned which rights. So why not use existing information as a basis for creating user accounts and assigning access rights in third-party systems, such as Clarity 

In many companies, the solution approach is to develop custom interfaces or import the data using CSV files. But this way is usually complex, expensive, inflexible, and prone to errors and security loopholes.  

Our Solution

Automated User Provisioning in Clarity

That is why we offer a more efficient solution for our itdesign Clarity SaaS customers: the automated provision of user accounts in Clarity based on your employee directory. We rely on an interface that complies with the SCIM¹ standard, which transfers the data between your identity provider (e.g., Microsoft Active Directory, SAP, or One Identity) and Clarity. This is not a bespoke feature that we have to develop individually for you. Rather, it is a standard solution that can be easily configured.  

The ability to centrally administer users, resources, and access rights represents a great added value for you. Permission structures can also be controlled via this interface: If a person is stored in your employee directory as a member of group A, they will also appear in rights group A in Clarity and be assigned the corresponding rights.  

Added Value for Your Company

  • Easily manage user accounts and permissions from a central location.
  • Reduce the amount of manual effort by your IT department.
  • Minimize susceptibility to errors and close security loopholes.
  • Achieve cost savings and flexibility due to configuration instead of relying on custom development.
  • Use a standard instead of a special solution for release security and support.
  • Automatically manage the lifecycles of user identities.

Operating Principle

Data Exchange Based on the SCIM Standard

itdesign SCIM interface

SCIM¹ is a protocol based on REST² and JSON³ that enables communication between the identity server (= your company directory) and the service provider Clarity. Think of it like a standard language that allows for mutual communication.

This determines the format and associated attributes (e.g., rows) that will be used for data exchange. User identities are stored in a consistent way so that they can be read by different tools.   

We only need basic information from you about your identity server to complete the initial configuration. We will then activate and test the service together with you.  

¹ SCIM = System for Cross-domain Identity Management  
² REST stands for Representational State Transfer, a programming paradigm that is intended for creating machine-readable web-based applications. 
³ JSON stands for JavaScript Object Notation. It is a text-based format that allows for data exchange between client and web server based on structured data.  

View into the Tool

These Functions Add Value for You

Initiate the transfer of user accounts to Clarity in your identity provider (depicted here: Azure AD).
Decide which attributes should be represented in Clarity.
View user accounts transferred via the SCIM protocol to Clarity.
  • Manage user accounts in Clarity based on the identity directory.
  • Automatically assign and revoke global rights.
  • Automatically sync data in Clarity when changes are made to your identity directory.
  • Optional: Use single sign-on.
  • Optional: Use data as a basis for mapping the organizational chart in Clarity in the “Hierarchies” module.

Saving time with automation?

We are happy to support you with the automated provisioning of your user accounts in Clarity. Our service team is ready to activate the SCIM service for your Clarity system.

Jetzt Kontakt aufnehmen

Anton Tallafuss
Head of Services Clarity

+49 7071 3667 60

ppm@itdesign.de