C3 AI Documentation Home

Create Users

In identity and access management on the C3 Agentic AI Platform, managing user creation and synchronization with an Identity Provider (IdP) uses three workflows.

Workflow 1: User creation in C3 AI leading to IdP synchronization

In this first workflow, the C3 Agentic AI Platform establishes itself as the primary source of truth for user identities. The process begins with user creation within the C3 Agentic AI Platform. A critical interaction occurs at the user's first sign-in, which triggers the creation of the user's identity in IdP.

This setup is an instance of Identity Provider (IdP) write-back, where C3 AI, the primary identity source, writes back to the secondary system, the IdP.

Write-Back trigger

The initiation of the write-back to the IdP is user sign-in dependent. This means the synchronization process is not automatically triggered upon user creation in the C3 Agentic AI Platform but requires the first user sign-in to activate.

Conflict resolution

In cases of conflicting user information between the C3 Agentic AI Platform and the IdP, a predefined hierarchy of source authority is employed. This could mean that C3 AI's data overrides the IdP's in case of discrepancies, maintaining C3 AI as the source of truth.

Workflow 2: Starting with user creation in the IdP

In this workflow, the IdP serves as the primary identity source. The sequence begins with creating a user in the IdP, followed by adding the user to the C3 Agentic AI Platform. The group mapping defined in the IdP is replicated within C3 AI.

This represents a standard identity synchronization scenario, with the IdP leading the process.

Authentication and authorization

The C3 Agentic AI Platform utilizes the IdP's group mapping for both authentication and authorization. The user's group membership in the IdP dictates their access levels and permissions in C3 AI.

Synchronization dynamics

Synchronization between the IdP and C3 AI is event-driven, typically occurring upon user creation or update in the IdP. The frequency is therefore contingent upon these events.

User role management

Deprovisioning or updating user roles is managed using immediate synchronization. When a user's role changes in the IdP, the C3 Agentic AI Platform reflects these changes in real-time or near-real-time, ensuring role consistency across both platforms.

Workflow 3: Bi-directional synchronization

This scenario involves independent management of user information and group memberships in both C3 AI and the IdP, with changes in one system being updated in the other.

Conflict resolution

In cases of contradictory data, a rule-based resolution system is likely in place. This involves timestamp-based resolution, where the most recent update takes precedence, or a priority system where one system's data is considered authoritative over the other.

Security measures

To prevent unauthorized data manipulation, robust authentication and encryption protocols are employed during synchronization. This includes OAuth for secure API access and SSL/TLS encryption for data in transit.

Data integrity and confidentiality

Maintaining data integrity and confidentiality during synchronization is achieved through encrypted data transfers and strict access controls, ensuring that only authorized systems and personnel can access or modify the data.

In each of these workflows, the C3 Agentic AI Platform and the IdP interact in a way that prioritizes data accuracy, security, and efficient identity management. These processes are critical in an enterprise environment, necessitating a deep understanding of identity management principles and the technical specifics of both platforms.

Was this page helpful?