The SCIM Provisioner allows PingFederate to integrate with a wide range of services that support the System for Cross-domain Identity Management (SCIM) for user provisioning and single sign-on (SSO).
Features
- Manages users in the target service based on changes in an external
datastore that is attached to PingFederate.
- Creates, updates, disables, and deletes users
- Allows you to enable the create, update, disable, and delete capabilities independently
- Allows you to choose whether to disable or delete users when deprovisioning
- Allows you to provision disabled users
- Manages groups in the target service based on changes in an external
datastore that is attached to PingFederate.
- Creates, updates, and deletes groups
- Updates group memberships
- Enables browser-based SSO initiated by the service provider (SP) or identity provider (IdP).
The SCIM Connector implements the official specifications provided from simplecloud.info. The following table provides a brief summary.
Feature | Outbound provisioning |
---|---|
SCIM specification |
1.1, 2.0 |
Data format |
JSON |
User and group CRUD operations |
Yes |
Custom schema support |
Users: Yes. Groups: No. |
Filtering support |
Users: Yes Groups: The connector allows group filtering by retrieving all groups and finding a match. |
PATCH |
Users: No Groups: Yes |
Authentication method |
HTTP Basic Authentication, OAuth bearer token and OAuth client credentials |
Source data stores |
Active Directory and other LDAPv3-compliant directory servers |
Components
The SCIM provisioning and SSO connector:
- Allows PingFederate to manage users in the service based on changes in an external user data store
- Optional configuration allows PingFederate to create an SSO connection to the service
- Includes a quick-connection template that pre-populates some configuration settings
Intended audience
This document is intended for PingFederate administrators.
If you need help during the setup process, see the following resources:
- PingFederate documentation:
- The SCIM 1.1 Developer Guide on the Ping Identity Developer site
- The SCIM specification on simplecloud.info
System requirements
- PingFederate 9.0 or later.
- To allow PingFederate to make outbound connections, you might need to allow SCIM endpoints in your firewall.