Configure synchronization with SCIM
Configure synchronization with System for Cross-domain Identity Management (SCIM) using the create-sync-pipe-config utility and the dsconfig command. Configuring synchronization between an Lightweight Directory Access Protocol (LDAP) server and a SCIM service provider includes the following:
-
Configure one external server for every physical endpoint.
-
Configure the Sync Source server and designate the external servers that correspond to the source server.
-
Configure the Sync Destination server and designate the external servers that correspond to the SCIM sync destination.
-
Configure the LDAP to SCIM Sync Pipe.
-
Configure the Sync Classes. Each Sync Class represents a type of entry that needs to be synchronized. When specifying a Sync Class for synchronization with a SCIM service provider, avoid including attribute and distinguished name (DN) mappings. Instead use the Sync Class to specify the operations to synchronize and which correlation attributes to use.
-
Set the evaluation order for the Sync Classes to define the processing precedence for each class.
-
Configure the
scim-resources.xmlfile. If possible, change the<resourceIDMapping>element(s) to use whatever the SCIM Service Provider uses as the SCIM ID. -
Set Up Communication for each External Server. Run
prepare-endpoint-serveronce for every LDAP external server that is part of the Sync Source. -
Use
realtime-syncto start the Sync Pipe.