This API Guide outlines the steps to provision Fieldguide-created client users within your Identity Provider (IdP). It assumes you want to control authentication for client users via the same IdP as your firm users while still allowing client users to create users within Fieldguide.
Specifically, this guide covers:
Here is an overview of the system flow:
sequenceDiagram
actor Client User A
participant Fieldguide App
participant Fieldguide API
participant Your System
actor Client User B
Client User A->>Fieldguide App: Create Client B
note over Fieldguide App: Company configuration<br>skips sending invite email
Fieldguide API->>Your System: 1a) Created user webhook<br>(containing <user_uuid>)
note over Your System: Ignore firm users
Your System->>Fieldguide API: 1b) Fetch user data<br>(GET /users/<user_uuid>)
Your System->>Your System: Provision IdP user<br>from Fieldguide API data
Your System->>Client User B: Send invite email
Client User B->>Your System: Click email link
Your System->>Your System: Set password<br>and login
Your System->>Fieldguide App: Initiate SSO login
Fieldguide App->>Fieldguide App: Activate user via<br>email and login
To implement the steps outlined in this guide, you will need the following:
To implement this guide, you will need an API Token with the following credentials:
users:readFieldguide webhooks make third-party systems aware of events that occur in the Fieldguide platform. By subscribing to webhooks, your system will be notified of Users as they are created or updated.
In order to complete a Client User Provisioning integration that reacts to new Users as they are created in Fieldguide, you will need to configure a webhook subscription.
Configure SSO for your company as described in this help article. If leveraging the SAML protocol, IdP-initiated login should be enabled. This SSO configuration will apply to client companies as well, once the integration is complete.