The first way facilitates SCIM operations used to create and update records in the datastore. The second way allows the same SCIM client to retrieve those records and have the attribute values mapped back to their corresponding designation in the client store. The dual mapping provides greater flexibility, especially for OGNL-expression transformations (for example, converting two attributes into one multivalued attribute and then back again). For more information, see Writing user information to the datastore and Configuring a SCIM response.

Note:

SCIM-client requests must include authentication credentials, which you configure on the Credentials > Back-Channel Authentication tab. The same credentials needed for single sign-on (SSO), are also used for SCIM transactions.

  1. On the Authentication > Integration > IdP Connections window, create a new IdP connection or select an existing IdP connection.
  2. On the Connection Type tab, select the Inbound Provisioning check box and one of the following options:
    • User Support
    • User and Group Support
  3. On the Inbound Provisioning tab, click Configure Inbound Provisioning to begin the configuration of SCIM inbound provisioning.
    Screen capture of the Inbound Provisioning tab.