PingDirectory

Configure synchronization with SCIM

Configure synchronization with System for Cross-domain Identity Management (SCIM) using the create-sync-pipe-config utility and the dsconfig command. Configuring synchronization between an Lightweight Directory Access Protocol (LDAP) server and a SCIM service provider includes the following:

  • Configure one external server for every physical endpoint.

  • Configure the Sync Source server and designate the external servers that correspond to the source server.

  • Configure the Sync Destination server and designate the external servers that correspond to the SCIM sync destination.

  • Configure the LDAP to SCIM Sync Pipe.

  • Configure the Sync Classes. Each Sync Class represents a type of entry that needs to be synchronized. When specifying a Sync Class for synchronization with a SCIM service provider, avoid including attribute and distinguished name (DN) mappings. Instead use the Sync Class to specify the operations to synchronize and which correlation attributes to use.

  • Set the evaluation order for the Sync Classes to define the processing precedence for each class.

  • Configure the scim-resources.xml file. If possible, change the <resourceIDMapping> element(s) to use whatever the SCIM Service Provider uses as the SCIM ID.

  • Set Up Communication for each External Server. Run prepare-endpoint-server once for every LDAP external server that is part of the Sync Source.

  • Use realtime-sync to start the Sync Pipe.