Getting the SCIM resource type and the action being executed - PingAuthorize

Page created: 26 Jul 2021 |

Page updated: 17 Feb 2022

| 2 min read

Content Type Product documentation 9.0 PingAuthorize Product Administration

The SCIM resource type indicates the class of resources with which to interact. The action indicates what the user is trying to do. Here we define Trust Framework services to use in policies and locate the resource type and actions.

The PingAuthorize Policy Editor provides a SCIM2 service in the Trust Framework. This service is for the SCIM2 REST API and does not reference resource types. This task creates two services: Users and Devices.

Sign on to the Policy Editor.
Create the Users and Devices services.
1. Go to Trust Framework and click Services.
2. Click the SCIM2 service so the service we create is listed under SCIM2.
3. From the + menu, select Add new Service.
4. For the name, replace Untitled with Users.
5. Click Save changes.
6. Click the SCIM2 service again.
7. From the + menu, select Add new Service.
8. For the name, replace Untitled with Devices.
9. Click Save changes.
With the services defined, you should have a screen similar to the following one.

We will use these services in the policies we create.

Also, we will use the attribute SCIM2.resource.meta.resourceType.

To see the attribute in the Trust Framework, click Attributes and navigate to it starting from SCIM2.

Note: The SCIM2.resource attribute is only available when the SCIM resource exists. For example, the search and create actions do not have this attribute. However, the search action does have a policy request with a retrieve action that does have the attribute.

Your policy can use a service you define or the SCIM2.resource.meta.resourceType attribute.

Also, we can use these actions in our policies: create, delete, modify, retrieve, search, search-results.

To see the actions in the Trust Framework, click Actions.

When you are creating your policy, use the Policy Editor's Decision Visualiser to make sure your policy accurately reflects the policy requests. For example, consider the following screen showing the request.
We can use the following lines from the Decision Visualiser:
- service line
  
  Verify the name of the service in your Trust Framework and policy.
- action line
  
  Verify that the request produces the expected action that the policy uses.
  
  The PingAuthorize SCIM translates a get request in the SCIM REST API to retrieve action. For more information about actions, see SCIM policy requests.
- RequestURI line
  
  Verify that the endpoint belongs to the expected service.
- SCIM2 line
  
  Scroll right to see the verify that the resourceType is as expected.