SCIM | Implement the System for Cross-Domain Identity Management protocol

 

Required level: Superuser

 

This article will tell you how to proceed, in order to apply the SCIM protocol.

Once the SCIM integration is activated, your IT department will be able to control:

  • Users directly from your identity management already existing system;
  • The creation, modification and deactivation of these users;
  • The management of the access level of these users according to their respective profiles and projects.

Follow these steps:

1. From the "Main Menu", select the "Users" section and the "Authentication Settings":

SCIM__1.png

 

2. Choose "SCIM" on the left next to the "Main Menu". In the box, click on the pencil to edit:

SCIM__2.png

 

3. Check the box, to enable the SCIM provisioning and click "Save":

SCIM__3.png

 

4. These two pieces of information will appear at the bottom of the page:

  • The confirmation that the SCIM provisioning is enabled;
  • The provisioning URL in the banner with an authentication token. This token must be copied immediately, as it will not be available afterwards for security reasons.

SCIM__4.png

Note: If the token is lost, you need to disable SCIM provisioning and enable it again. A new token will then be provided. This also means the previous one will be disabled, so any integration set up previously using the previous token will stop working.

 

5. Go to your Identity Management service and follow the instructions there to complete the setup.

 

LIST OF SUPPORTED OPERATIONS

Endpoint
Operation
Details
/Users GET

GET /Users : Retrieve the complete list of users

GET /Users/{id} : Retrieve the user with the corresponding ID

GET /Users?filter=userName eq “XXXXXXX” :Retrieve the user with the corresponding userName

/Users POST Create a new user
/Users DELETE DELETE /Users/{id} : Delete the user with the corresponding ID
/Users PUT/PATCH PATCH or PUT /Users/{id} : Update the user with the corresponding ID

/Groups

GET

GET /Groups : Retrieve the complete list of groups

GET /Groups/{id} : Retrieve the group with the corresponding ID.
/ServiceProviderConfig GET Retrieve the configuration
/ResourceTypes GET Retrieve the list of supported resource types
/Schemas GET Retrieve the list of schemas
Note: All profiles and all project access will be Groups in terms of SCIM. So for example these are groups:
  • SE - Data Entry
  • Transmission line (Read-only)
  • Transmission line (Full access)

Want to know more? Check out the articles about Profiles and projects and how to create custom profiles.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request