SCIM Provisioner

SCIM Provisioner

The SCIM Provisioner allows PingFederate to integrate with a wide range of services that support the System for Cross-domain Identity Management (SCIM) for user provisioning and single sign-on (SSO).

Features

  • Manages users in the target service based on changes in an external datastore that is attached to PingFederate:

    • Creates, updates, disables, and deletes users

    • Allows you to enable the create, update, disable, and delete capabilities independently

    • Allows you to choose whether to disable or delete users when deprovisioning

    • Allows you to provision disabled users

  • Manages groups in the target service based on changes in an external datastore that is attached to PingFederate:

    • Creates, updates, and deletes groups

    • Updates group memberships

  • Enables browser-based SSO initiated by the service provider (SP) or identity provider (IdP).

Specifications

The SCIM Connector implements the official specifications provided from simplecloud.info.

The following table provides a brief summary:
Feature Outbound provisioning

SCIM specification

Step 1.1, 2.0

Data format

JavaScript Object Notation (JSON)

User and group CRUD operations

Yes

Custom schema support

Users

Yes

Groups

No

Filtering support

Users

Yes

Groups

The connector allows group filtering by retrieving all groups and finding a match.

PATCH

Users

No

Groups

Yes

Authentication method

HTTP Basic Authentication, OAuth bearer token and OAuth client credentials

Source data stores

Active Directory and other LDAPv3-compliant directory servers

Components

The SCIM provisioning and SSO connector:

  • Allows PingFederate to manage users in the service based on changes in an external user data store

  • (Optional configuration) Allows PingFederate to create an SSO connection to the service

  • Includes a quick-connection template that pre-populates some configuration settings

Intended audience

This document is intended for PingFederate administrators. If you need help during the setup process, see the following resources:

System requirements

  • PingFederate 9.0 or later.

  • To allow PingFederate to make outbound connections, you might need to allow SCIM endpoints in your firewall.