PingAuthorize

Getting the SCIM resource type and the action being executed

The SCIM resource type indicates the class of resources with which to interact. The action indicates what the user is trying to do. Here we define Trust Framework services to use in policies and locate the resource type and actions.

About this task

The PingAuthorize Policy Editor provides a SCIM2 service in the Trust Framework. This service is for the SCIM2 REST API and does not reference resource types. This task creates two services: Users and Devices.

Steps

  1. Sign on to the Policy Editor.

  2. Create the Users and Devices services.

    1. Go to Trust Framework and click Services.

    2. Click the SCIM2 service so the service we create is listed under SCIM2.

    3. From the menu, select Add new Service.

    4. For the name, replace Untitled with Users.

    5. Click Save changes.

    6. Click the SCIM2 service again.

    7. From the menu, select Add new Service.

    8. For the name, replace Untitled with Devices.

    9. Click Save changes.

      With the services defined, you should have a screen similar to the following one.

      Screen capture of the Trust Framework with the Services tab selected and the SCIM2.Devices and SCIM2.Users services defined

      We will use these services in the policies we create.

      Also, we will use the attribute SCIM2.resource.meta.resourceType.

      To see the attribute in the Trust Framework, click Attributes and navigate to it starting from SCIM2.

      The SCIM2.resource attribute is only available when the SCIM resource exists. For example, the search and create actions do not have this attribute. However, the search action does have a policy request with a retrieve action that does have the attribute.

      Your policy can use a service you define or the SCIM2.resource.meta.resourceType attribute.

      Also, we can use these actions in our policies: create, delete, modify, retrieve, search, and search-results.

      To see the actions in the Trust Framework, click Actions.

      When you are creating your policy, use the Policy Editor’s Decision Visualiser to make sure your policy accurately reflects the policy requests. For example, consider the following screen showing the request.

      Screen capture of the Decision Visualiser’s Request tab showing the text view of a request

      We can use the following lines from the Decision Visualiser:

      • service line

        Verify the name of the service in your Trust Framework and policy.

      • action line

        Verify that the request produces the expected action that the policy uses.

        The PingAuthorize SCIM translates a GET request in the SCIM REST API to a retrieve action. For more information about actions, see SCIM policy requests.

      • RequestURI line

        Verify that the endpoint belongs to the expected service.

      • SCIM2 line

        Scroll right to verify that the resourceType is as expected.