This configuration provides for two-way mapping of attributes. The first facilitates SCIM operations used to create and update records in the datastore (see Writing user information to the datastore). The second allows the same SCIM client to retrieve those records and have the attribute values mapped back to their corresponding designation in the client store (see Configuring a SCIM response).

The dual mapping is intended to provide greater flexibility, especially when needed for OGNL-expression transformations; for example, converting two attributes into one multivalued attribute and then back again.

Note:

SCIM-client requests must include authentication credentials, which you configure later on the Credentials > Back-Channel Authentication screen. The same credentials needed for SSO or other types of transactions enabled as part of this IdP connection, if configured, are also used for SCIM transactions.

  1. If you have not already done so, enable the Inbound Provisioning option (under the Server Provider role) on the System > Protocol Settings > Roles & Protocols screen.
  2. Create a new IdP connection or select an existing IdP connection on the Service Provider menu.
  3. On the Connection Type screen, select the Inbound Provisioning check box and one of these two options: User Support or User and Group Support.
  4. On the Inbound Provisioning screen, click Configure Inbound Provisioning to begin the configuration of SCIM inbound provisioning.
    Inbound Provisioning