LDAP User Provisioning

You can enable user provisioning to automatically create LDAP-authenticated users in Tenable.sc by importing user accounts from your LDAP identity provider. When user provisioning is enabled, users who log into your LDAP identity provider are automatically created in Tenable.sc.

Tenable.sc supports the following LDAP authentication systems for user provisioning:

  • Active Directory on Microsoft Server 2016 (on-premises)

  • Active Directory on Microsoft Server 2019 (on-premises)

For more information about LDAP authentication in Tenable.sc, see LDAP Authentication.

If you enable user provisioning and a user who does not have a Tenable.sc user account logs in using your LDAP identity provider, Tenable.sc automatically creates a user account for them in Tenable.sc.

Tenable.sc creates users using data from attribute fields you map to the corresponding fields in your LDAP identity provider. If you enable User Data Sync for an LDAP server, each time a user logs into Tenable.sc using your LDAP identity provider, Tenable.sc updates any mapped attribute fields in Tenable.sc with values from the fields in your LDAP identity provider. For more information about User Data Sync, see LDAP Authentication Options.

Note: If you want to edit a Tenable.sc user that was created via LDAP user provisioning and you enabled User Data Sync, edit the user in your LDAP identity provider. Otherwise, the Tenable.sc user data synchronization overwrites your changes the next time the user logs in to Tenable.sc using your LDAP identity provider.

Note: If you want to delete a Tenable.sc user that was created via LDAP user provisioning, delete the user from your LDAP identity provider. If you delete a user in Tenable.sc that was created via LDAP user provisioning without deleting the user in your LDAP identity provider, Tenable.sc automatically re-creates the user in Tenable.sc the next time they log in using your LDAP identity provider.

For more information, see Configure LDAP User Provisioning.