Configure synchronization with System for Cross-domain Identity Management (SCIM)System for Cross-domain Identity Management (SCIM)SCIM An application-level, HTTP-based protocol for provisioning and managing user identity information. SCIM supplies a common schema for representing users and groups and provides a REST API. using the create-sync-pipe-config utility and the dsconfig command. Configuring synchronization between an LDAPLDAP (Lightweight Directory Access Protocol) An open, cross platform protocol used for interacting with directory services. server and a SCIM service provider includes the following:

  • Configure one external server for every physical endpoint.
  • Configure the Sync Source server and designate the external servers that correspond to the source server.
  • Configure the Sync Destination server and designate the external servers that correspond to the SCIM sync destination.
  • Configure the LDAP to SCIM Sync Pipe.
  • Configure the Sync Classes. Each Sync Class represents a type of entry that needs to be synchronized. When specifying a Sync Class for synchronization with a SCIM service provider, avoid including attribute and distinguished name (DN)distinguished name (DN)DN A name uniquely identifying an object within the hierarchy of a directory tree. mappings. Instead use the Sync Class to specify the operations to synchronize and which correlation attributes to use.
  • Set the evaluation order for the Sync Classes to define the processing precedence for each class.
  • Configure the scim-resources.xml file. If possible, change the <resourceIDMapping> element(s) to use whatever the SCIM Service Provider uses as the SCIM ID.
  • Set Up Communication for each External Server. Run prepare-endpoint-server once for every LDAP external server that is part of the Sync Source.
  • Use realtime-sync to start the Sync Pipe.