.. _flow-through-provisioning:


Setting up Flow Through Provisioning
-------------------------------------

.. _21.1|EKB-9104:
.. _21.3|EKB-11022:
.. _21.4-PB1|EKB-15191:
.. _21.4-PB4|VOSS-1295|EKB-16557:   


Overview 
..........

VOSS Automate's flow through provisioning feature allows auto-provisioning of users and services 
during user sync from devices. 


.. note:: 

   * VOSS Automate v21.4-PB4 introduced sync with flow through provisioning for Cisco Webex. 
   * VOSS Automate v21.2 introduced sync with flow through provisioning for Microsoft. 
   * VOSS Automate v21.3 extends this functionality to several additional scenarios, including 
     LDAP top down and LDAP/CUCM bottom up. While the legacy sync, move, and provisioning functionality 
     remains available for compatibility purposes, the enhanced functionality introduced in this version 
     is recommended. 

   * Only *Add* is supported for syncs with flow through provisioning.   




.. rubric:: Related Topics

* 
  .. raw:: latex

     LDAP Integration in the Core Feature Guide

  .. raw:: html
  
     <a href="ldap-integration.html">LDAP Integration</a> 

* 
  .. raw:: latex

     Add CUCM Server in the Core Feature Guide

  .. raw:: html
  
     <a href="set-up-cisco-unified-communications.html">Add CUCM Server</a> 

* 
  .. raw:: latex

     CUCM Configuration in the Core Feature Guide

  .. raw:: html
  
     <a href="cucm-config.html">CUCM Configuration</a> 

* 
  .. raw:: latex

     Microsoft Overview in the Core Feature Guide

  .. raw:: html
  
     <a href="concepts-microsoft-overview.html">Microsoft Overview</a> 

* 
  .. raw:: latex

     Sync with Flow Through for Microsoft in the Core Feature Guide

  .. raw:: html
  
     <a href="concepts-sync-with-flow-through-for-microsoft.html">Sync with Flow Through for Microsoft</a>


* 
  .. raw:: latex

     Sync Webex App Users with Flow-through Provisioning in the Core Feature Guide

  .. raw:: html
  
     <a href="webex-app-user-management.html#sync-with-flow-through-for-webex">Sync Webex App Users with Flow-through Provisioning</a> 

* 
  .. raw:: latex

     Subscriber Profiles in the Core Feature Guide

  .. raw:: html
  
     <a href="concepts-subscriber-profiles.html">Subscriber Profiles</a> 

* 
  .. raw:: latex

     Model Filter Criteria in the Core Feature Guide

  .. raw:: html
  
     <a href="concepts-model-filter-criteria.html">Model Filter Criteria</a> 

* 
  .. raw:: latex

     Global Settings in the Core Feature Guide

  .. raw:: html
  
     <a href="concepts-global-settings.html#flow-through-provisioning-tab">Global Settings</a> 

* 
  .. raw:: latex

     Site Defaults in the Core Feature Guide

  .. raw:: html
  
     <a href="site-defaults.html">Site Defaults</a> 

* 
  .. raw:: latex

     User Roles in the Core Feature Guide

  .. raw:: html
  
     <a href="concepts-user-roles.html">User Roles</a>



This topic describes the steps for setting up your system to enable a seamless sync in of 
users to VOSS Automate from the hierarchy where the sync source device is set up (typically, Customer level), and the flow through provisioning 
of services to subscribers at your sites. 

* To move users to sites, the flow through provisioning references move filter criteria, and 
  attributes set up as :ref:`model-filter-criteria` (such as a user's department, division or city address). 

  .. note:: 

     The flow through provisioning uses the move filter criteria in the site defaults (SDD) to determine 
     whether to move users to site. FTP will not run if the user is not moved to the site. 

* To create a subscriber and provision resources and services, the flow through provisioning 
  references subscriber profiles. See :ref:`concepts-subscriber-profiles`.

  .. note:: 

     Flow through provisioning (FTP) uses subscriber profiles for provisioning, so you will need a 
     subscriber profile and Quick Add Group (QAG) with device configuration templates (CFTs) set 
     up before using FTP. 

* Each flow through provisioning criteria (one per customer) consists of one or more pairs of 
  model filter criteria and a subscriber profile combinations. 



Flow Through Provisioning Workflow 
....................................


.. index:: Flowchart;Flow Through Provisioning Workflow


.. include:: generic-sync-with-flow-through.uml



Before you Start: Add a Server as Sync Source
...............................................

Users are imported from the server sync source to the Customer level in VOSS Automate. 
The flow through provisioning is generic functionality and supports a number of scenarios, 
including Microsoft, LDAP, CUCM, Cisco Webex and other models (depending on predefined model criteria). 

.. note:: 
   
   See the Core Feature Guide for details around adding and setting up a server for your flow 
   through provisioning scenario. For example, see :ref:`microsoft-quick-start`, :ref:`set-up-an-ldap-server`, 
   :ref:`set-up-cucm-servers`





Step 1: Add Model Filter Criteria
....................................

Flow through provisioning references model filter criteria set up for each user type (for example, 
Microsoft, LDAP, or CUCM).

When setting up the model filter criteria, you will specify usage, either flow through provisioning, or move user: 

* To move a user to the site on import, configure model filter criteria with **Move User** selected as 
  the value for the **Usage** field. 
* To provision a user once they're at the site, configure model filter criteria with 
  **Flow Through Provisioning** selected as the value for the **Usage** field. 

  .. note:: 

     The flow through provisioning process only runs if the user is at the site. 

     For details around adding the model filter criteria, see :ref:`model-filter-criteria`


.. image:: /src/images/model-filter-criteria-flow-through.png



Step 2: Add Subscriber Profiles 
..................................

Flow through provisioning uses the subscriber profile to determine the services to be assigned to a 
subscriber once they're moved to the site. 

For details around adding subscriber profiles, see :ref:`concepts-subscriber-profiles`




Step 3: Add Flow Through Provisioning Criteria 
...............................................

Flow through provisioning criteria is a type of model filter criteria used for provisioning. 
One named flow through provisioning criteria can be added at each Customer level.

Each flow through provisioning criteria is a collection of one or more pairs of model filter criteria 
and subscriber profile combinations. The flow through provisioning criteria 
defines how users are matched to both sites and subscriber profiles, allowing the tool to 
seamlessly move users to the sites (based on model filter 
criteria) and to create a subscriber and assign services from the subscriber profile.  

Flow through provisioning uses the first match to execute the move and service assignment operation.

You can use a single flow through provisioning criteria to match any number of subscriber profiles for 
this customer and its sites. For example, if you have ten different subscriber profiles, you can add 
ten pairs of model filter criteria and subscriber profile combinations. 

.. note:: 
  
   Flow through provisioning criteria is configured via either of the following menu options (default menus): 

   * **Customizations > Flow Through Provisioning Criteria**
   * **Flow Through Provisioning Configuration > Flow Through Provisioning Criteria**. 


Before setting up the flow through provisioning criteria, configure the following:

* Server sync source
* :ref:`model-filter-criteria`
* :ref:`concepts-subscriber-profiles`


.. image:: /src/images/flow-through-provisioning-criteria.png




Step 4: Choose Move Criteria
.............................

To allow users to be moved in a flow through provisioning, you need to choose move filter criteria 
for the user type (Microsoft, LDAP, and/or CUCM). The move filter criteria 
defines how the system moves users to the correct 
site once they're synced in; that is, it matches each user to the relevant site. 

.. note:: 
   
   The system uses the existence of the move filter criteria from the site defaults to 
   determine if the user must be moved. Flow through provisioning will not work if a 
   user is not moved to a site. 

 
.. rubric:: Prerequisites:  

* Server sync source
* :ref:`model-filter-criteria` (set Usage field to **Move User**)
* :ref:`concepts-subscriber-profiles`
* Flow Through Provisioning Criteria


.. rubric:: To choose move criteria ... 

1. Go to (default menus) **Site Management > Defaults**.
2. Click on the relevant site. 
3. On the **Move Filter Criteria** tab, choose the criteria for the user types you're importing 
   (Microsoft, LDAP, and/or CUCM). 
4. Save. 




Step 5: Enable Flow Through Provisioning 
...........................................

Enabling your system for flow through provisioning in the Global Settings allows 
VOSS Automate to perform a seamless sync in, to move users to the correct site (based on move filter criteria) 
as subscribers (based on the model filter criteria), and to 
provision these subscribers with appropriate services (based on the subscriber 
profile). 


.. rubric:: Prerequisites: 

* Server sync source
* :ref:`model-filter-criteria`
* :ref:`concepts-subscriber-profiles`
* Flow through provisioning criteria
* Move criteria selected



.. rubric:: To enable flow through provisioning ... 

1. Log in to the Admin Portal as Provider admin or higher. 
2. Set the hierarchy to the level where the sync source device is installed. Typically, this is at the 
   customer. 
3. Go to (default menus) **Customizations > Global Settings**, and select the **Flow Through Provisioning** tab. 

   .. note:: 

      Alternative menu: **Flow Through Provisioning Configuration > Global Settings**.

4. At **Enable Move & Flow Through Provisioning**, select **Yes**.  
5. At **Enable Move & Provisioning after Add Sync**, select **Yes**. 
6. At **Flow Through Provisioning Criteria**, choose the flow through provisioning criteria to use at 
   the customer level (for all sites at the customer). 
7. Save. 



.. image:: /src/images/global-settings-enable-flow-through.png



Step 6: Sync with Flow Through Provisioning
............................................

This section describes the general workflow in a generic sync with flow through provisioning. 

You can run the sync directly, or via a schedule. 

Ensure you have the following set up before a sync:

* Server sync source
* :ref:`model-filter-criteria`
* :ref:`concepts-subscriber-profiles`
* Flow through provisioning criteria
* Move criteria selected



.. rubric:: Sync with Flow Through Provisioning Workflow Steps

The flow through provisioning workflow is executed per user and runs in parallel: 
   
1. Imports user. 
2. Creates a corresponding LDAP user (for LDAP scenario), and a local VOSS user. 
3. Moves users to the sites (based on model filter criteria). If no criteria in place, 
   user remains at Customer level. 
4. Updates the user's role for the site. 
5. Executes Add Subscriber from Profile to create the subscriber, and checks the flow through 
   provisioning criteria to match it to a subscriber profile. 
6. Provisions the subscribers with appropriate services, from the subscriber profile. 
7. Sends a welcome email to subscribers if the following applies:

   * The global setting to allow an email message to be sent to a user is enabled.
     See the *Email Tab* topic at :ref:`global-settings`.
   * An SNMP server has bee set up. See :ref:`SMTP-server`.
   * The subscriber user has an email address.  
   
   See also :ref:`email-html-templates`.  

You can monitor the progress of the transaction via the Transaction Log. When complete, verify 
the user's move and provisioning status: 

1. Go to (default menus) **User Management > Users**, and in the list view, check that 
   synced in users are at the correct sites. 
2. On the Subscribers list view, check that subscribers exist at the sites, with relevant services.