Although user stores typically consist of a single datastore, such as PingDirectory Server, they can also consist of multiple datastores.

When a SCIM request is received, it is translated into one or more requests to the user store, and the resulting user store response is translated into a SCIM response. The SCIM response is authorized by sending a policy request to the policy decision point (PDP). Depending on the policy result, including the advices that are returned in the result, the SCIM response might be filtered or rejected.

Produced by OmniGraffle 7.18.5\n2021-09-07 17:30:33 +0000 SCIM sequence diagram Services DIRECTORY SERVER DIRECTORY SERVER DIRECTORY SERVER DIRECTORY SERVER PDP PDP PDP PDP PingAuthorize PingAuthorize PingAuthorize PingAuthorize Client Client Client Client Actions client receives filtered SCIM response PingAuthorize filters SCIM response PingAuthorize validates access token Client makes SCIM request PingAuthorize makes user store request Messages request LDAP request and response response token validation ENDPOINT submit SCIM response for policy processing translate SCIM request to LDAP request translate LDAP response to SCIM response apply policy result to SCIM response