Specifying custom SCIM attributes - PingFederate - 11.0

PingFederate Server

bundle
pingfederate-110
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.0
category
Product
pf-110
pingfederate
ContentType_ce

You can configure simple, multivalued, and complex custom System for Cross-domain Identity Management (SCIM) attributes in PingFederate.

PingFederate supports SCIM attributes in the core schema and custom attributes through a schema extension.
Note:

Custom attributes are optional. If your use case does not require any additional attributes, click Next on the Custom SCIM Attributes tab.

To support custom attributes, you must specify the schema extension and the custom attributes in the connection. There are four attribute types:
  • Simple attributes
  • Simple multivalued attributes
  • Complex attributes
  • Complex multivalued attributes
The following fragment illustrates a SCIM message supporting schema extension urn:scim:schemas:extension:custom:1.0 with four attributes, one of each attribute type. The table afterward describes the details of each attribute.
{
  "userName":"CBrown",
  "active":true,
  "schemas":[
    "urn:scim:schemas:core:1.0",
    "urn:scim:schemas:extension:custom:1.0"
  ],
  ...
  "urn:scim:schemas:extension:custom:1.0":{
    "supervisor":"JSmith",
    "territories":[
      "Montana",
      "Idaho",
      "Wyoming"
    ],
    "options":{
      "quantity":"10000",
      "strike"  :"5.25",
      "first"   :"2017-12-01",
      "last"    :"2025-03-31"
    },
    "tablets":[
      {
        "model" :"8086",
        "serial":"5500-2020-965",
        "type"  :"office"
      },
      {
        "model" :"8088",
        "serial":"5500-2040-151",
        "type"  :"remote"
      }
    ]
  }
}
Attribute Name Attribute Type Sub-Attributes (Complex)
supervisor Simple Not applicable
territories Simple multivalued Not applicable
options Complex quantity, strike, first, and last
tablets Complex multivalued model, serial, and type.
Note:

type is a reserved sub-attribute for a complex multivalued attribute.

Tip:

For more information about SCIM and attribute types, see the website www.simplecloud.info.

  1. Go to Applications > Integration > SP Connection > Configure Channels. Specify the URI of the schema extension in the Extension Namespace field.
    Screen capture illustrating the Custom SCIM Attributes tab.
    Tip:

    The default value is urn:scim:schemas:extension:custom:1.0. You can keep this value if your partner identifies custom attributes by this URI in its SCIM messages.

  2. Enter an attribute name and click Add to add a custom attribute.
    Repeat this step to add more custom attributes as needed.
    Tip:

    Use the Delete and Undelete workflow to remove or cancel the removal request of existing custom attributes.

  3. Click Edit next to the custom attribute to perform one of the following tasks.
    Change the attribute name
    1. Replace the current value in the Name field.
    2. Click Done.
    Screen capture illustrating a simple attribute on the Custom SCIM Attribute Options tab.
    Set the attribute as a simple multivalued attribute
    1. Select the Is Multivalued check box.
    2. Click Done.
    Screen capture illustrating a multivalued attribute on the Custom SCIM Attribute Options tab.
    Add sub-attributes to make the attribute a complex attribute
    1. Enter a sub-attribute and click Add. Repeat this step to add more sub-attributes as needed.
    2. Use the Edit, Update, and Cancel workflow to make or undo a change to the name of a sub-attribute. Use the Delete and Undelete workflow to remove a sub-attribute or cancel the removal request.
    3. Click Done.
    Screen capture illustrating a complex attribute on the Custom SCIM Attribute Options tab.
    Add sub-attributes and set the attribute as a complex multivalued attribute
    1. Enter a sub-attribute and click Add. Repeat this step to add more sub-attributes as needed.
      Tip:

      Use the Edit, Update, and Cancel workflow to make or undo a change to the name of a sub-attribute. Use the Delete and Undelete workflow to remove a sub-attribute or cancel the removal request.

    2. Select the Is Multivalued check box.
    3. Specify at least one value under the Types column for type, a reserved sub-attribute for a complex multivalued attribute.
      Tip:

      Use the Edit, Update, and Cancel workflow to make or undo a change to the type value. Use the Delete and Undelete workflow to remove a type value or cancel the removal request.

    4. Click Done.
    Screen capture illustrating a complex multivalued attribute on the Custom SCIM Attribute Options tab.