SCIM Provisioner

SCIM Provisioner

The SCIM Provisioner allows PingFederate to integrate with a wide range of services that support the System for Cross-domain Identity Management (SCIM) for user provisioning and single sign-on (SSO).

Features

  • Manages users in the target service based on changes in an external datastore that is attached to PingFederate.

    • Creates, updates, disables, and deletes users

    • Allows you to enable the create, update, disable, and delete capabilities independently

    • Allows you to choose whether to disable or delete users when deprovisioning

    • Allows you to provision disabled users

  • Manages groups in the target service based on changes in an external datastore that is attached to PingFederate.

    • Creates, updates, and deletes groups

    • Updates group memberships

  • Enables browser-based SSO initiated by the service provider (SP) or identity provider (IdP).

The SCIM Connector implements the official specifications provided from simplecloud.info. The following table provides a brief summary.

Feature Outbound provisioning

SCIM specification

Step 1.1, 2.0

Data format

JSON

User and group CRUD operations

Yes

Custom schema support

Users: Yes.

Groups: No.

Filtering support

Users: Yes

Groups: The connector allows group filtering by retrieving all groups and finding a match.

PATCH

Users: No

Groups: Yes

Authentication method

HTTP Basic Authentication, OAuth bearer token and OAuth client credentials

Source data stores

Active Directory and other LDAPv3-compliant directory servers

Components

The SCIM provisioning and SSO connector:

  • Allows PingFederate to manage users in the service based on changes in an external user data store

  • Optional configuration allows PingFederate to create an SSO connection to the service

  • Includes a quick-connection template that pre-populates some configuration settings

Intended audience

This document is intended for PingFederate administrators.

If you need help during the setup process, see the following resources:

System requirements

  • PingFederate 9.0 or later.

  • To allow PingFederate to make outbound connections, you might need to allow SCIM endpoints in your firewall.