The SCIM resource type indicates the class of resources with which to interact. The
action indicates what the user is trying to do. Here we define Trust Framework services to
use in policies and locate the resource type and actions.
The PingAuthorizePolicy Editor provides a SCIM2 service in the Trust Framework. This
service is for the SCIM2 REST API and does not reference resource types. This task
creates two services: Users and Devices.
Sign on to the Policy Editor.
Create the Users and Devices services.
Go to Trust Framework and click
Services.
Click the SCIM2 service so the service we create
is listed under SCIM2.
From the + menu, select Add new
Service.
For the name, replace Untitled with
Users.
Click Save changes.
Click the SCIM2 service again.
From the + menu, select Add new
Service.
For the name, replace Untitled with
Devices.
Click Save changes.
With the services defined, you should have a screen similar to the following one.
We will use these services in the policies we create.
Also, we will use the attribute
SCIM2.resource.meta.resourceType.
To see the attribute in the Trust Framework, click
Attributes and navigate to it starting from
SCIM2.
Note: The
SCIM2.resource attribute is only available when the
SCIM resource exists. For example, the search and create actions do not have
this attribute. However, the search action does have a policy request with a
retrieve action that does have the attribute.
Your policy can use a service you define or the
SCIM2.resource.meta.resourceType attribute.
Also, we can use these actions in our policies: create, delete, modify, retrieve, search,
and search-results.
To see the actions in the Trust Framework, click
Actions.
When you are creating your policy, use the Policy Editor's Decision
Visualiser to make sure your policy accurately reflects the policy requests.
For example, consider the following screen showing the request.
We can use the following lines from the Decision Visualiser:
service line
Verify the name of the service in your Trust Framework and
policy.
action line
Verify that the request produces the expected action that the
policy uses.
The PingAuthorize SCIM translates a
GET request in the SCIM REST API to a
retrieve action. For more information about actions, see SCIM policy requests.
RequestURI line
Verify that the endpoint belongs to the expected service.
SCIM2 line
Scroll right to verify that the resourceType is as expected.