Security and fallback procedures
Fallback to manual provisioning for SSO users
If the auto-provisioning logic fails due to IdP claim issues, administrators can revert to
manual management.
- Feature Flag: Set Enable SSO user provisioning(Parameter Name = platform_user_provisioning_sso_any_enabled) to false to return to the legacy manual sso user creation mode.
- Audit Trail: Set Enable audit trail for user management(Parameter Name = user_mgmt_audit_trial_enabled) to true to monitor all automated role changes and creation/update events.
Establishing a 'Safety Net' rule
First-time users who authenticate via SSO but are not associated with any functional group (Roles/Computer Groups) and do not have a local user mapping in BFI will be denied access and instructed to contact their administrator.