Getting the SCIM resource type and the action being executed
The SCIM resource type indicates the class of resources with which to interact. The action indicates what the user is trying to do. Here we define Trust Framework services to use in policies and locate the resource type and actions.
About this task
The PingAuthorize Policy Editor provides a SCIM2 service in the Trust Framework. This service is for the SCIM2 REST API and does not reference resource types. This task creates two services: Users and Devices.
Steps
-
Sign on to the Policy Editor.
-
Create the Users and Devices services.
-
Go to Trust Framework and click Services.
-
Click the SCIM2 service so the service we create is listed under SCIM2.
-
From the menu, select Add new Service.
-
For the name, replace Untitled with
Users
. -
Click Save changes.
-
Click the SCIM2 service again.
-
From the menu, select Add new Service.
-
For the name, replace Untitled with
Devices
. -
Click Save changes.
With the services defined, you should have a screen similar to the following one.
We will use these services in the policies we create.
Also, we will use the attribute
SCIM2.resource.meta.resourceType
.To see the attribute in the Trust Framework, click Attributes and navigate to it starting from SCIM2.
The
SCIM2.resource
attribute is only available when the SCIM resource exists. For example, the search and create actions do not have this attribute. However, the search action does have a policy request with a retrieve action that does have the attribute.Your policy can use a service you define or the
SCIM2.resource.meta.resourceType
attribute.Also, we can use these actions in our policies: create, delete, modify, retrieve, search, and search-results.
To see the actions in the Trust Framework, click Actions.
When you are creating your policy, use the Policy Editor’s Decision Visualiser to make sure your policy accurately reflects the policy requests. For example, consider the following screen showing the request.
We can use the following lines from the Decision Visualiser:
-
service
lineVerify the name of the service in your Trust Framework and policy.
-
action
lineVerify that the request produces the expected action that the policy uses.
The PingAuthorize SCIM translates a
GET
request in the SCIM REST API to a retrieve action. For more information about actions, see SCIM policy requests. -
RequestURI
lineVerify that the endpoint belongs to the expected service.
-
SCIM2
lineScroll right to verify that the
resourceType
is as expected.
-