SCIM

Register the application

In the Advanced Identity Cloud admin console, go to Applications, and click grid_view Browse App Catalog.
In the Browse App Catalog modal, select an application, and click Next.

Select the latest application version.
Review the Application Integration information, and click Next.
In the Application Details window, specify the name, description, application owners, and logo for the application.
To make the application an Authoritative source of identity data, select the Authoritative check box. This option is not available for every application.
Click Create Application.

Configure provisioning

In the Advanced Identity Cloud admin console, on the Provisioning tab:
- If setting up provisioning for the first time, click Set up Provisioning.
- If editing existing settings, in the Connection section, click Settings.

Configure the following fields:

Field Description

Field	Description
SCIM Endpoint	The URL defining the root for the SCIM endpoint. For example, `https://myserver.com/service/scim`.
SCIM Protocol Version	Choose version 1 or version 2. The default is 1.
Authentication Method	The method for authenticating on the remote server: `BASIC`, `OAUTH`, or `TOKEN`. The default is `OAUTH`.

SCIM Endpoint

The URL defining the root for the SCIM endpoint. For example, https://myserver.com/service/scim.

SCIM Protocol Version

Choose version 1 or version 2. The default is 1.

Authentication Method

The method for authenticating on the remote server: BASIC, OAUTH, or TOKEN. The default is OAUTH.

Depending on the Authentication Method, configure the applicable fields:

BASIC
OAUTH
TOKEN

Field	Description
User	The basic authentication username for the SCIM service.
Password	The basic authentication password for the SCIM service.

Field

Description

User

The basic authentication username for the SCIM service.

Password

The basic authentication password for the SCIM service.

Field Description

Field	Description
Token Endpoint	The OAuth 2.0 endpoint where a new access token is requested for the SCIM service.
Client Id	The OAuth 2.0 client identifier for the SCIM service.
Client Secret	The OAuth 2.0 client secret for the SCIM service.
Scope	The OAuth 2.0 scope to use.
Grant Type	The OAuth 2.0 grant type to use (`client_credentials` or `refresh_token`).
Refresh Token	Used by the `refresh_token` Grant Type.

Token Endpoint

The OAuth 2.0 endpoint where a new access token is requested for the SCIM service.

Client Id

The OAuth 2.0 client identifier for the SCIM service.

Client Secret

The OAuth 2.0 client secret for the SCIM service.

Scope

The OAuth 2.0 scope to use.

Grant Type

The OAuth 2.0 grant type to use (client_credentials or refresh_token).

Refresh Token

Used by the refresh_token Grant Type.

Field	Description
Auth Token	The auth token for the SCIM service.

Field

Description

Auth Token

The auth token for the SCIM service.

Fill out the following fields:

Field	Description
Use TLS Mutual Authentication	Select to use TLS Mutual Authentication.
Maximum Connections	The maximum size of the http connection pool. The default is 10 connections.

Field

Description

Use TLS Mutual Authentication

Select to use TLS Mutual Authentication.

Maximum Connections

The maximum size of the http connection pool. The default is 10 connections.

If you selected Use TLS Mutual Authentication, configure the following fields:

Field Description

Client Certificate Alias

The client certificate alias.

Client Certificate Password

The client certificate password.

Field	Description
Client Certificate Alias	The client certificate alias.
Client Certificate Password	The client certificate password.

Optionally, click Show advanced settings to set any of the following options:

Field Description

Disable Http Compression

Content compression is enabled by default. Select this property to true to disable it.

Use an HTTP Proxy

Select to use an HTTP proxy.

Connection Timeout

Define a timeout (in seconds) for the underlying http connection. The default is 30 seconds.

Debug/Test settings

Only use these settings for test environments. Don’t enable for production environments.

Selecting this option displays the following options:

Accept Self Signed Certificates: Enable to accept self-signed certificates.
Disable Host Name Verifier: Enable to disable hostname verifiers.

Read Schema

Read/discover the schema from the SCIM endpoint. The default value is true.

Exclude Unmodified

Select this option to synchronize only the modified properties on a target resource.

Click Connect.
Verify the information in the Details tab.

Provision side tabs

The object type determines the side tabs that display on the Provisioning tab. Use the object type list to select an object type, such as Group. Afterward, you can configure properties in the different sub-tabs under the Provisioning tab.

Provisioning tab	Description	Related sections
Details	View and manage an application, including name, ID, and native type.	Select the specific application from Provision settings for an application.
Properties	View and manage properties for the selected object type.	Manage application attributes
Data	View data about the selected object type.	View user access data
Mapping	View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.	Manage mappings
Reconciliation	Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems. View and manage rules for the users and groups that use your application. View and manage schedules for Full and Incremental reconciliation.	Reconcile and synchronize end-user accounts
Privacy & Consent	Manage end-user data sharing and synchronization.	Configure end-user data sharing
Rules	View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.	Manage provisioning rules
Advanced Sync	Create and manage mappings between an identity profile and an application or between applications.	Manage advanced sync

Provisioning tab

Description

Related sections

Details

View and manage an application, including name, ID, and native type.

Select the specific application from Provision settings for an application.

Properties

View and manage properties for the selected object type.

Manage application attributes

Data

View data about the selected object type.

View user access data

Mapping

View and manage mappings from the Advanced Identity Cloud admin console properties to external system properties and from external system properties to the Advanced Identity Cloud admin console properties.

Manage mappings

Reconciliation

Preview mappings on target applications between external systems and the Advanced Identity Cloud admin console, and reconcile the data between the two systems.

View and manage rules for the users and groups that use your application.

View and manage schedules for Full and Incremental reconciliation.

Reconcile and synchronize end-user accounts

Privacy & Consent

Manage end-user data sharing and synchronization.

Configure end-user data sharing

Rules

View and manage provisioning rules for mappings between Advanced Identity Cloud and a target application.

Manage provisioning rules

Advanced Sync

Create and manage mappings between an identity profile and an application or between applications.

Manage advanced sync