ZEBRA MN-004666-02EN Workcloud Communication Identity Provider User Guide

June 1, 2024
ZEBRA

ZEBRA MN-004666-02EN Workcloud Communication Identity Provider

Product Information

Specifications

  • Product Name: Identity Provider
  • Model Number: MN-004666-02EN Rev A
  • Copyright: 2024/04/10
  • Manufacturer: Zebra Technologies Corporation

Product Usage Instructions

Identity Provider Quick Start Guide
The Identity Provider (IDP) service by Workcloud Communication provides customers with a mechanism to maintain user identity information. It supports customers using Workcloud Communication in a shared device model. The IDP offers a single set of credentials to ensure user identity across multiple platforms, applications, and networks.

IDP Requirements
Zebra manages the IDP, creating the realm and providing an SFTP location for customers to upload user data. Once the data is imported into the IDP and the PTT Pro Server, users can log in to PTT Pro for Android and authenticate against the IDP.

User Import for the IDP
The user data for a PTT Pro customer is stored in a CSV file. Customers upload this data to the Workcloud Communication IDP using SFTP. An administrator can verify user additions or removals by checking the users in the PTT Pro server. The import script runs hourly.

NOTE: Ensure CSV file accuracy before uploading to prevent disruptions in the PTT service for users. Verify data and format of the CSV file before uploading.

The first row of the CSV file should contain the following columns in order:

  • Employee First Name (Mandatory)
  • Last Name (Mandatory)
  • Department (Mandatory)
  • Customer PTT ESN ID (Mandatory)
  • Name (Mandatory)
  • Group (Mandatory)
  • Password (Mandatory)
  • Domain User (Mandatory)

FAQ

  • Q: Can I use the IDP service with any device?
    A: The IDP service is designed to work with devices that support Workcloud Communication and PTT Pro for Android.

  • Q: How often does the import script run?
    A: The import script runs every hour on the hour.

Identity Provider
Workcloud Communication

2024/04/10
ZEBRA and the stylized Zebra head are trademarks of Zebra Technologies Corporation, registered in many jurisdictions worldwide. All other trademarks are the property of their respective owners. ©2023 Zebra Technologies Corporation and/or its affiliates. All rights reserved.
Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of those agreements.
For further information regarding legal and proprietary statements, please go to:

Terms of Use

  • Proprietary Statement
    This manual contains proprietary information of Zebra Technologies Corporation and its subsidiaries= (“Zebra Technologies”). It is intended solely for the information and use of parties operating and maintaining the equipment described herein. Such proprietary information may not be used, reproduced, or disclosed to any other parties for any other purpose without the express, written permission of Zebra Technologies.

  • Product Improvements
    Continuous improvement of products is a policy of Zebra Technologies. All specifications and designs are subject to change without notice.

  • Liability Disclaimer
    Zebra Technologies takes steps to ensure that its published Engineering specifications and manuals are correct; however, errors do occur. Zebra Technologies reserves the right to correct any such errors and disclaims liability resulting therefrom.

  • Limitation of Liability
    In no event shall Zebra Technologies or anyone else involved in the creation, production, or delivery of the accompanying product (including hardware and software) be liable for any damages whatsoever (including, without limitation, consequential damages including loss of business profits, business interruption, or loss of business information) arising out of the use of, the results of use of, or inability to use such product, even if Zebra Technologies has been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to you.

Identity Provider Quick Start Guide

Workcloud Communication IDP
The Identity Provider (IDP) service provides customers with a mechanism to maintain user identity information, supporting customers who use Workcloud Communication in a shared device model. The IDP provides a user with a single set of credentials to ensure that the user is who they say they are across multiple platforms, applications, and networks.

IDP Requirements
Zebra manages the IDP. This includes creating the realm and providing an SFTP location for the customer to upload user data. The user data is imported into the IDP and the PTT Pro Server. After the import is complete, users can log in to PTT Pro for Android and authenticate against the IDP.

Zebra and the customer must complete the following steps:

  • Zebra and the customer agree on the realm name. This is the URL for the IDP.
  • Zebra creates the realm and configures the SFTP site.
  • Zebra shares the credentials with the customer.
  • Zebra creates the customer in the PTT Pro Server.
  • The customer must include one or more departments.
  • Each department must contain one or more groups.
  • The customer configures their PTT Pro clients with the Client ID and the Client Secret. Zebra provides this information as a Provisioning Manager token or a JSON file. Refer to the Workcloud Communication Provisioning Manager Customer Administrator Guide and the Workcloud Communication PTT Pro for Android Configuration Guide for more information.

User Import for the IDP
The user data for a PTT Pro customer is contained in a CSV. The customer uploads their user data to the Workcloud Communication IDP using SFTP. A customer administrator can verify that users are added or removed by viewing the users in the PTT Pro server. The import script runs every hour on the hour.

NOTE: Errors in the CSV file can disrupt the PTT service for users. Verify the data and format of the CSV file prior to uploading the file.
The first row of the CSV file contains the column headers. The column headers are not required, but the columns must appear in the order specified below. The CSV fields cannot contain spaces.

Table 1    User Data

Employee ID| First Name| Last Name| Department| Customer| PTT

Group

| ESN| Time of Change| password| domainuser
---|---|---|---|---|---|---|---|---|---
Mandatory| Mandatory| Mandatory| Mandatory| Mandatory| Mandatory| Not Used| Not Used| Mandatory| Mandatory

NOTE: Fields that are not used must be included in the CSV file to ensure that the file is properly processed.

Employee ID
A unique identifier for the user must be lowercase. The identifier is used for logging in to Zebra PTT Pro.

  • First Name
    Used for the display name of the user.

  • Last Name
    Used for the display name of the user.

  • Department
    The department the user is added to. The department must already exist in the PTT Pro Server before import. The CSV import process does not create a department.

  • Customer
    Leave blank.

  • PTT Group
    The groups in the PTT Pro Server the user is a member of. The groups must already exist because the CSV process does not create a group. Use a semicolon (;) as a delimiter to specify additional groups. A maximum of 10 groups can be specified in the CSV file. The maximum number of groups can be modified by Zebra in the IDP configuration.

  • ESN
    Leave blank. This field is reserved for future use but must be included in the CSV.

  • Time of change
    Leave blank. This field is reserved for future use but must be included in the CSV.

  • Password
    The password for the user. The password is provided to the IDP.

  • DomainUser
    Must be a valid email address and each user must have a unique email address.

Customer Responsibilities
A customer is responsible for creating, updating, and maintaining the CSV file of user information. This includes the initial upload of users. A customer can reduce the potential for errors by creating a process to manage changes to the CSV file.

  • Designate a person who is responsible for changes to the CSV file.
  • Update and upload the CSV file to reflect user roles and responsibilities.
  • Maintain a backup copy of the CSV file.
  • Verify the accuracy and format of the CSV file and submit changes through SFTP.
  • Review changes in the PTT Pro server to verify the addition, removal, or modification of users.

User Management

The CSV file specifies the users and their passwords in the Workcloud Communication IDP and the PTT Pro Server. The number of users is controlled by licensing in the PTT Pro Server. If the number of users in the CSV file exceeds the number of licenses, the PTT Pro Server limits the number of imported users.

Adding and Removing Users
Users can be added or removed by modifying the CSV file.

  • When a user is added to the CSV file, the user is added to the IDP and the PTT Pro Server.
  • When a user is removed from the CSV file, the user is removed from the IDP and the PTT Pro Server. If an error occurs for a user record, for example, the user password does not meet the password requirement policy,  the user is not added to the PTT Pro Server.

The CSV file must contain the full list of users. The exception is for users using the PTT Pro PC Client. These users must be created using the PTT Pro Management Portal because the PC Client does not support OAuth.

Password Management
User authentication for PTT Pro uses OAuth. When users open PTT Pro for Android, they are prompted for their user name and password.

Figure 1    PTT Pro OAuth Login Screen

ZEBRA-MN-004666-02EN-Workcloud-Communication-Identity-
Provider-01

By default, passwords are managed through the CSV file. Any password changes made in the PTT Pro Server or through the device are overwritten during the next CSV file import. You can ask Zebra to modify how passwords are managed by changing the value of the customerpwdforcechange parameter.
When customerpwdforcechange is set to Y, the password is specified in the CSV file. When the value is N, the password specified in the CSV file is ignored.

Revision History

Version Date Description
MN-004666-01 Rev A March 2023 First version.
MN-004666-02 Rev A April 2024 Updates to CSV field descriptions.

www.zebra.com

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Related Manuals