User Management in Bridge: Methods and Best Practices for Provisioning Users

User management is a foundational step for setting up and managing your Bridge account. Properly provisioning users ensures clean data, accurate reporting, and reliable automation for enrollments and group memberships.

Methods for Managing Users

Bridge supports multiple user provisioning and management methods, depending on your source of truth and level of automation required.

1. Manual Provisioning

Add or remove users individually via the Bridge UI, or in bulk via CSV upload.

2. Auto-CSV (Autofeed)

For Autocsv, you can deliver a flat CSV file via SFTP (either hosted by you or Bridge). This file is picked up on a regular cadence (e.g., daily).

It’s important to note that only users included in the file remain active—anyone missing is marked as terminated, but not permanently deleted. However, if their unique identifier (UID) reappears later, they can be restored.

3. API Provisioning

Use Bridge’s open APIs to create, update, or restore user accounts.

Important considerations when provisioning users via API:

  • If a UID already exists but is terminated, use the RESTORE API call rather than ADD.
  • Manager relationships only work if the manager’s UID is already in Bridge.
  • There’s no built-in bulk-termination safety, and logging for large-scale deletes is limited.

Tip: Learn more about the Bridge API and see how to get started.

4. SCIM Provisioning

Bridge supports SCIM via Azure SCIM and Okta SCIM, allowing for real-time automated provisioning and deprovisioning directly from your identity provider.

5. Just-in-Time Provisioning via SAML SSO

Just-in-Time (JIT) provisioning allows you to authenticate users and add them to Bridge when they first log in via SAML SSO.

Only basic attributes (e.g., name, email, UID) are captured at first—custom fields aren’t populated yet. Because of this, automated enrollments from custom groups require further setup.

Best Practices for Managing Users

To make sure your provisioning is efficient, reliable, and scalable, here are some proven best practices:

1. Define a Stable UID Strategy

  • Choose a unique identifier (UID) that never changes, or changes only through controlled processes.
  • Common UIDs include company email addresses, HRIS IDs, or other consistent, unique values.
  • For CSV imports, the UID is mandatory, but other fields are optional.
  • If you ever need to change UIDs in bulk, reach out to Bridge Support for help.

2. Set Up Manager Relationships

  • Use the Manager ID field to define the reporting structure.
  • Make sure the manager’s UID already exists in Bridge—otherwise the relationship won’t be created.
  • A correct manager relationship is essential for reporting and for hierarchical group rules.

3. Use Default and Custom Fields Thoughtfully

  • Bridge includes default fields such as Job Title, Department, Hire Date, and Manager.
  • Create custom fields (e.g., region, role level) to support smart groups, auto-enrolment, and reporting.
  • Name custom fields clearly and consistently to avoid confusion or duplication.

4. Maintain Data Cleanliness

  • Standardize how fields are populated (job titles, department names, locations, etc).
  • Clean data ensures that smart groups (used for enrollments) behave as expected.
  • Regularly audit your user data and mappings to avoid inconsistencies.

5. Choose the Right Provisioning Flow and Test It

  • Test your provisioning setup with a sample file or a small set of users before going live.
  • Validate the following:
    • UID correctness
    • Manager relationships
    • Custom field data
    • Group memberships (especially for smart groups)

6. Monitor and Audit Provisioning Over Time

  • Keep your provisioning cadence consistent (e.g., daily CSV uploads) to avoid unexpected terminations.
  • Use Bridge’s audit logs and reports to monitor for anomalies (e.g., missing users or duplicate accounts).
  • Review the provisioning configuration whenever there are changes in your source system (e.g., HRIS, IdP).

7. Leverage Bridge Support When Needed

  • For large-scale UID changes, SCIM setup, or any complex scenario, reach out to Bridge Support, who can assist you with:
    • Restoring terminated users
    • Bulk changes via API or CSV
    • SCIM configuration for Azure or Okta

CSV File Best Practices

When using CSV for provisioning, here are crucial points to follow:

  • UID (Unique Identifier): Must be present, unique, and should remain stable.
  • Encoding: Use UTF-8 to ensure special characters (e.g., accents) are handled correctly.
  • Date Format: Use MM-DD-YYYY in CSV; for API, use ISO 8601 (YYYY-MM-DDTHH:MM:SSZ).
  • Organizational Fields: Include useful data such as Manager UID, Department, Job Title, and Language—these fields can all power smart groups and reporting.

Tip: Refer to our CSV Requirements and Best Practices for more information.

Which Provisioning Method to Use

Use Case Recommended Provisioning Method
You want hands-off, automated user management Auto-CSV or SCIM
Your identity management system supports SCIM Azure SCIM or Okta SCIM
You want users provisioned on first login via SSO JIT Provisioning (SAML)
You need complete control via your own system API Provisioning
You occasionally add or update individual users Manual or CSV Upload

Support and Resources

  • Decide which provisioning method best suits your setup.
  • Build a CSV template or API integration, then run a test with a small number of users.
  • Clean up your custom field mappings and ensure your smart groups are aligned.
  • Reach out to Bridge Support for help with:
    • Bulk UID changes
    • SCIM setup
    • Restoring previously terminated users

Related to

Was this article helpful?

1 out of 1 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.