Page created: 12 Sep 2019
|
Page updated: 14 Jul 2020
PingFederate supports the SCIM 1.1 protocol for outbound and inbound provisioning. At an IdP (outbound) site, you can automatically provision and maintain user accounts at service-provider sites that have implemented SCIM. When PingFederate is configured as an SP (inbound), you can provision and manage user accounts and groups for your own organization automatically using the standard SCIM protocol. The following table provides a brief summary of the supported features.
| Feature | Outbound provisioning | Inbound provisioning |
|---|---|---|
| SCIM specification | SCIM 1.1 | SCIM 1.1 |
| Data format | JSON | JSON |
| User and group CRUD operations | Yes | Yes |
| Custom schema support | Yes | Yes |
| List/query and filtering support | Not applicable | Yes |
| PATCH | Yes | No |
| Authentication method | HTTP Basic and OAuth Resource Owner Password Credentials grant type | HTTP Basic and client certificate (mutual TLS) |
| Source data stores | PingDirectory, Microsoft Active Directory, Oracle Directory Server Enterprise Edition, and Oracle Unified Directory | Not applicable |
| Target data stores | Not applicable | Active Directory and other data stores via the Identity Store Provisioner Java SDK interface |
For detailed information about SCIM, see the website www.simplecloud.info.