Page created: 15 Jul 2022 |
Page updated: 20 Jan 2023
When configuring an LDAP to System for Cross-domain Identity Management (SCIM) Sync Pipe, consider the following:
- Use scim-resources.xml for attribute and DN mappings
- There are two layers of mapping: once at the Sync Class level and again at the SCIM Sync Destination level in the scim-resources.xml file. To reduce complexity, do all possible mappings in the scim-resources.xml file.
- Avoid groups unless the SCIM ID is DN based
- Group synchronization is supported if the SCIM ID is based on the distinguished name (DN). If the SCIM ID is not the DN itself, it must be one of the components of the RDN, meaning that the DNs of group members must contain the necessary attribute.
- SCIM modifies entries using PUT
- The SCIM Sync Destination modifies entries using the full HTTP PUT method. For every modify, SCIM replaces the entire resource with the updated resource. For information about the implications of this on password updates, see Password considerations with SCIM.