Page created: 15 Jul 2022 |
Page updated: 20 Jan 2023
Unlike the System for Cross-domain Identity Management (SCIM) 1.1 servlet extension, the SCIM 2.0 system is configured through the administrative console or with the dsconfig command-line tool.
The SCIM 2.0 system consists of the following components:
- SCIM resource type
- A SCIM resource type defines a class of resources, such as users or devices. Every SCIM resource type features at least one SCIM schema, which defines the attributes available to each resource. If you enable a SCIM resource type, it must have a designated LDAP structural objectclass and an associated base distinguished name (DN).
- The two types of SCIM resource types, mapping and passthrough, differ based on the definitions of the SCIM schema the resource types use:
- LDAP mapping SCIM
- Requires an explicitly defined SCIM schema with explicitly defined mappings of SCIM attributes to LDAP attributes. Use a mapping SCIM resource type to exercise detailed control over the SCIM schema and its attributes and mappings.
- LDAP passthrough SCIM
- Does not use an explicitly defined SCIM schema. Instead, an implicit schema is generated dynamically based on the underlying LDAP schema. Use a passthrough SCIM resource type when you need to get started quickly
- SCIM schemas
- Defines a collection of SCIM attributes, grouped under an identifier called a schema URN. Each SCIM resource type possesses a single core schema and can feature schema extensions, which act as secondary attribute groupings that the schema URN namespaces. SCIM Schemas are defined independently of SCIM resource types, and multiple SCIM resource types can use a single SCIM schema as a core schema or schema extension.
- SCIM attributes
- Defines an attribute that is available under a SCIM schema. The configuration for a SCIM attribute defines its data type, regardless of whether it's required, single-valued, or multi-valued. When a SCIM attribute consists of SCIM sub-attributes, it's defined as a complex attribute.
- SCIM sub-attributes
- When a SCIM attribute consists of SCIM sub-attributes, it's defined as a complex attribute.
- SCIM attribute mappings (mapping resource types only)
- Defines the manner in which a SCIM resource type maps the attributes in its SCIM schemas to native LDAP attributes of the PingDirectoryProxy server.
- Correlated LDAP Data Views
- Allows a single SCIM resource that consists of attributes that are retrieved from multiple LDAP entries. For more information, see Correlated LDAP data views.