SCIM | Implement the System for Cross-Domain Identity Management protocol

 

Required level: Superuser

 

This article explains how to proceed in order to apply the SCIM protocol.

Once the SCIM integration is activated, your IT department will be able to control directly from your identity management system:

  • The creation, modification and deactivation of users;
  • The access level of these users by assigning them projects and profiles (both are groups in the SCIM protocol).

Follow these steps:

1. From the Main menu, go to Users > Authentication settings:

SCIM__1.png

 

2. Choose SCIM on the left. In the box, click on the pencil to edit:

SCIM__2.png

 

3. Check the box, to enable the SCIM provisioning and click Save:

SCIM__3.png

 

4. These two pieces of information will appear at the bottom of the page:

  • The confirmation that the SCIM provisioning is enabled;
  • The provisioning URL in the banner with an authentication token. This token must be copied immediately, as it will not be available afterwards for security reasons.

SCIM__4.png

Note: If the token is lost, you need to disable SCIM provisioning and enable it again. A new token will then be provided. This also means the previous one will be disabled, so any integration set up previously using the previous token will stop working.

 

5. Go to your Identity Management service and follow the instructions there to complete the setup.

 

LIST OF SUPPORTED OPERATIONS

Endpoint
Operation
Details
/Users GET

GET /Users : Retrieve the complete list of users

GET /Users/{id} : Retrieve the user with the corresponding ID

GET /Users?filter=userName eq “XXXXXXX” :Retrieve the user with the corresponding userName

/Users POST Create a new user
/Users DELETE DELETE /Users/{id} : Delete the user with the corresponding ID
/Users PUT/PATCH PATCH or PUT /Users/{id} : Update the user with the corresponding ID

/Groups

GET

GET /Groups : Retrieve the complete list of groups

GET /Groups/{id} : Retrieve the group with the corresponding ID.
/ServiceProviderConfig GET Retrieve the configuration
/ResourceTypes GET Retrieve the list of supported resource types
/Schemas GET Retrieve the list of schemas
Note: All profiles and all project access will be Groups in terms of SCIM. So for example these are groups:
  • SE - Data Entry
  • Transmission line (Read-only)
  • Transmission line (Full access)

Want to know more? Check out the articles about Profiles and projects and how to create custom profiles.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request