Features

  • Manages users in the target service based on changes in an external datastore that is attached to PingFederate.
    • Creates, updates, disables, and deletes users
    • Allows you to enable the create, update, disable, and delete capabilities independently
    • Allows you to choose whether to disable or delete users when deprovisioning
    • Allows you to provision disabled users
  • Manages groups in the target service based on changes in an external datastore that is attached to PingFederate.
    • Creates, updates, and deletes groups
    • Updates group memberships
  • Enables browser-based SSO initiated by the service provider (SP) or identity provider (IdP).

The SCIM Connector implements the official specifications provided from simplecloud.info. The following table provides a brief summary.

Feature Outbound provisioning

SCIM specification

1.1, 2.0

Data format

JSON

User and group CRUD operations

Yes

Custom schema support

Users: Yes.

Groups: No.

Filtering support

Users: Yes

Groups: The connector allows group filtering by retrieving all groups and finding a match.

PATCH

Users: No

Groups: Yes

Authentication method

HTTP Basic Authentication, OAuth bearer token and OAuth client credentials

Source data stores

Active Directory and other LDAPv3-compliant directory servers

Components

The SCIM provisioning and SSO connector:

  • Allows PingFederate to manage users in the service based on changes in an external user data store
  • Optional configuration allows PingFederate to create an SSO connection to the service
  • Includes a quick-connection template that pre-populates some configuration settings

Intended audience

This document is intended for PingFederate administrators.

If you need help during the setup process, see the following resources:

System requirements

  • PingFederate 9.0 or later.
  • To allow PingFederate to make outbound connections, you might need to allow SCIM endpoints in your firewall.