Skip to main content

User management

Import users

Overview

There are many ways to maintain and manage the user list in Flexopus. Read this article to learn which ways are supported by Flexopus to import the users into the system, which are:

  • Create users with SAML2 SSO
  • Create users with OAuth SSO
  • Provision users via the SCIM API
  • Provision users with Google Groups
  • Import users via REST API
  • Import users manually
  • Create users manually

Create users with SAML2 SSO

You can connect your preferred identity provider with Flexopus via SAML2 for single sign on. The users in your identity provider (such as Microsoft Azure, AD FS, Google, Okta, Ping etc.) can log in via SSO using their already existing credentials for the authentication.

After connecting Flexopus with SAML2, you can decide in your identity provider which user is allowed to log in. After the first successful login attempt, the user profiles will be created in Flexopus using the connected attributes such as the upn, email and name. This way you don't need to add the user into Flexopus on by one.

You can also disable the email and password based login. This way, you can force the user to login via SSO. You can also revoke access rights to Flexopus in your preferred identity provider. Learn more about the SAML2 integrations:

SAML2 for a custom provider
Which Identity Providers are supported for SAML2? Flexopus implemented the standard SAML2 Single Sign On protocol, which suppose to work with any Identity Providers that follows the SAML2 standard. Flexopus acts as a Service Provider. Therefore, you can try to connect your Identity Provider, even if we do not provide
Help CenterDaniel Fafula

We created for the most commonly used Identity Providers a step-by-step instruction manual as well:

Azure Active Directory SAML2 SSO
Introduction Connect Flexopus with your Entra Active Directory (formerly known as Azure Active Directory) via a SAML2 Single Sign On integration. With the integration, you can manage through your Active Directory which users should have access to Flexopus and force them to use their Microsoft AD credentials for the login.
Help CenterDaniel Fafula
Microsoft AD FS SAML2 SSO
Introduction The Microsoft AD FS (Active Directory Federation Services) is an Identity Provider (IdP) developed by Microsoft to provide a Windows based self-hosted (on premise) version. You can connect an enterprise application over SAML2 to AD FS and manager, who can log in to view Single Sign On in the
Help CenterDaniel Fafula
Google SAML2 SSO
Introduction Connect Flexopus with your Google Workspace Directory (formerly known as Google G-Suite) via a SAML2 Single Sign On integration. With the integration, you can manage which Google Workspace users should have access to Flexopus and force them to use their Google credentials for the login. Based on a SAML2
Help CenterDaniel Fafula
Keycloak SAML2 SSO
Introduction Connect Flexopus with Keycloak via a SAML2 for single sign on (SSO). With the integration, you can manage through your KeyCloak Directory which users should have access to Flexopus and force them to use their KeyCloak credentials for the login. Based on a SAML2 settings in Flexopus you can
Help CenterDaniel Fafula
Okta SAML2 + SCIM
Introduction Connect Flexopus with Okta via SAML2 for Single Sign On. With the integration, you can manage which Okta user should have access to Flexopus and force them to use their Okta credentials for the login. Based on a SAML2 Setting in Flexopus you can let the user profiles be
Help CenterDaniel Fafula
Akamai SAML SSO
Introduction Connect Flexopus with Akamai via a SAML2 for single sign on (SSO). With the integration, you can manage through Akamai which users should have access to Flexopus and force them to use their Akamai credentials for the login. Based on a SAML2 settings in Flexopus you can let the
Help CenterDaniel Fafula
Ping Identity SAML2 + SCIM
Introduction Connect Flexopus with Ping Identity via a SAML2 for single sign on (SSO). With the integration, you can manage through your Ping Identity which users should have access to Flexopus and force them to use their Ping credentials for the login. Based on a SAML2 settings in Flexopus you
Help CenterDaniel Fafula
💡
Note: Connecting your identity provider for single sign on is a highly recommended way of handling your users in Flexopus.

Create users with OAuth SSO

You can connect Flexopus via OAuth SSO with Google, Microsoft 365 and Webex. This is a more open solution to use single sign on for the login and automated user profile creation.

💡
Note: Please check if you can use SAML2, instead of the OAuth options, for the SSO login. With the SAML2 connection, you have more control over the users that suppose to log in with the OAuth SSO you can control only on the domain level.

Let's say you connect Flexopus with the Google OAuth single sign on. This way you allow all Google users in the world to login in your Flexopus instance, however you can set a domain based filter to limit the login only to the user that ave a specific domain. For example: you enable the login only for the Google users with a ..@flexopus.com email address.

Learn more about the supported OAuth connections:

Microsoft Office 365 OAuth SSO
Introduction You can activate an OAuth2.0 based Microsoft O365 Single Sign On at Flexopus. With the Microsoft OAuth SSO, you basically allow login for all users in the world who have a Microsoft O365 accounts, and you can restrict based on their domain settings which emails can or can
Help CenterDaniel Fafula
Google OAuth SSO
Introduction You can activate an OAuth2.0 based Google Single Sign On at Flexopus. With this single sign on configuration, you basically allow login for all users in the world who have a Google account, and you can restrict based on their domain settings which emails can or can not
Help CenterDaniel Fafula
Webex OAuth SSO
Introduction You can activate an OAuth2.0 based Webex Single Sign On at Flexopus. With the Webex OAuth SSO, you basically allow login for all users in the world who have a Webex account, and you can restrict based on their domain settings which emails can or can not log
Help CenterDaniel Fafula

Provision users via the SCIM API

Some identity providers offer an option to provision users via the SCIM API. This way, you can import users and groups into Flexopus automatically (so called provisioning), independent of the login attempts. You can also create the profile before the first login. We implemented here the SCIM API v2, which suppose to work with any identity provider that supports it as well.

💡
Note: The SCIM API is usually used in a combination with the SAML2 single sign on.

Due to our current knowledge, the following identity providers are supporting SCIM: Azure Active Directory, Okta, Ping Identity. We also created a step-by-step instruction manual on how to configure them:

Azure Active Directory SCIM API
Introduction You can integrate with Microsoft Azure Active Directory (Azure AD) via federated authentication or using SCIM (System for Cross-domain Identity Management), allowing users to log in to Flexopus using their existing Azure AD credentials. Flexopus can be linked to an instance of Microsoft Azure Active Directory (Azure AD) via
Help Centerghost user
Okta SAML2 + SCIM
Introduction Connect Flexopus with Okta via SAML2 for Single Sign On. With the integration, you can manage which Okta user should have access to Flexopus and force them to use their Okta credentials for the login. Based on a SAML2 Setting in Flexopus you can let the user profiles be
Help CenterDaniel Fafula
Ping Identity SAML2 + SCIM
Introduction Connect Flexopus with Ping Identity via a SAML2 for single sign on (SSO). With the integration, you can manage through your Ping Identity which users should have access to Flexopus and force them to use their Ping credentials for the login. Based on a SAML2 settings in Flexopus you
Help CenterDaniel Fafula

Provision users with Google Groups

💡
Note: Only for companies using Google Workspace as user directory.

To create users automatically, you can use the Google Group integration of Flexopus. With the integration, you can synchronize a set of groups and the associated users with the Google API. Unfortunately, Google does not provide the SCIM API, however this is an equally good alternative to provision users independent of their login attempts. Learn more here:

Google Groups Sync
Why synchronizing Google Groups? The integration is recommended for customers using Google Workspace internally as Identity Provider (IdP). User groups on the organizational level are often already defined and managed within Google. You can synchronize these groups to Flexopus using the Google Directory API with domain-wide delegation. The synchronized groups
Help CenterDaniel Fafula

Import users via REST API

As an alternative solution, you can also import users into Flexopus using our REST API. Through a dedicated endpoint you can send the users in a list like csv, txt, ods, xls or xlsx

In this article, you can find how to generate an API token for this:

FLEXOPUS REST API
Introduction Flexopus provides a REST API for each customer tenant secretly. You can access your data and create a custom integration for your use case based on your custom needs. You can generate an API token in your dashboard. Your customized API documentation can be found here: https://{your-flexopus-domain}.flexopus.
Flexopus Help CenterDaniel Fafula

Here is the Flexopus API documentation:

Flexopus API Documentation

Use the following endpoint:

POST /api/v1/users/import

The endpoint uses the Bearer Token generated above for authentication and accepts multipart data as input:

file <file> required;
accepted file formats: csv, txt, ods, xls and xlsx should contain the user list to be imported

update <boolean> default false;
determines whether existing users should be updated

deactivate <boolean> default false
determines whether users not present in the list should be deactivated

restore <boolean> default false;
determines whether deactivated users present in the list should be re-activated

dry_run <boolean> default false;
in case this flag is true, the actions are not carried out for real but simulated so the user can check the results without making modifications

💡
Note: Expected file structure and example file is described in more details directly in the application. Visit Dashboard > Users > Import / Export

Here is an example using the curl program. This example will..

  • deactivate every user not present in the users.csv file
  • create every user present in the users.csv file but not present in the system
  • update and (if deactivated) re-activate every user present both in the users.csv file and the system
curl https://<your-domain>.flexopus.com/api/v1/users/import \
    -H "Accept: application/json" \
    -H "Authorization: Bearer <your-token>" \
    -F "file=@./users.csv" \
    -F "update=1" \
    -F "deactivate=1" \
    -F "restore=1" \
    -F "dry_run=0"

The endpoint return JSON data in the following format:

{
  "dryRun": false,         // dry_run flag from the request
  "created": [2, 3],       // row indices for freshly created users
  "updated": [4, 6],       // row indices for updated users
  "deleted": 0,            // the number of deleted users
  "skipped": [5, 8],       // row indices for unchanged users
  "errors": [7],           // indices for rows with errors
  "errorMessages": {       // object with messages for every error
    "7": {                     // row index of error
      "email": [                   // column with error
        "The email must be a valid email address." // error message
      ]
    }
  },
  "rows": 7,              // total number of processed rows
  "filename": "users.csv" // name of the uploaded file
}

Import users manually

You can also upload the users into Flexopus manually on the dashboard as an administrator. Navigate to Dashboard > Users > Import / Export.

First, download one of the provided import templates as an Excel file XLSX or as a CSV file. Alternatively, you can also export all existing users and edit them by using the export.

Download example file

To import the updated file, a file upload can be found at the bottom of the page.

Upload file and set upload parameters
💡
Note: If you have updated attributes of existing users, also activate the Update existing users option. This will overwrite the data of existing users and not skip them.

The following file formats are accepted: CSV, ODS, XLSX, XLS. After the upload and the application will validate the file. In case the file or the file entries are invalid, you will get the errors.

Upload errors

Create users manually

You can also create and invite users manually into Flexopus. This is the least recommended solution, since this requires the most efforts and it's not optimized. Before doing so, please check out if you are able to do any other above-mentioned option to maintain the user base.

To create a user manually, navigate in Flexopus as an administrator to Dashboard > Users > All users and click on the Add user button. Here, you need to enter the name and the email address of the user. You can optionally send an invitation message to the user.

Create user manually
💡
Note: In case you disabled the email and password based authentication for your instance, this manually created user will need to use the SSO for login, which makes the manual user creation to an unnecessary step.

Once you created a user, it will have an unverified email address. The user can set a password via the welcome mail or by going to the login page and request a password reset email.