Provisioning with SCIM (System for Cross-domain Identity Management) streamlines user lifecycle management across diverse systems. It offers standardised protocols for automated user provisioning, ensuring consistency, security, and efficiency. SCIM simplifies onboarding and offboarding processes, reducing manual errors and enhancing compliance.
Pre-requisites
Your IdP supports SCIM provisioning and de-provisioning.
Right-hand SCIM integration supports only SCIM 2.0.
When performing the integration kindly ensure that V2 of SCIM schema is selected.
Configuration for SCIM in Cyberready
Go to Company Management -> Employees in the left pane menu.
Click on import and select the "SCIM" option
2. A pop-up window as shown below will appear. Click on "Enable SCIM Provisioning" toggle and click on "Generate token"
3. Once the token is generated
Copy the Webhook Url and token
Follow the steps indicated in the yellow coloured section. This would involve setting up the provisioning in your IdP and testing the connection
We have tested our SCIM endpoint using the following IdPs. Please follow the steps needed based on your IdP tool:
4. If your Idp provides and option to test connection - go ahead and use it. As soon as cyberready receives a signal from your IdP you will notice a message as indicated below.
5. Click on Start Provisioning
6. Click Continue
7. The integration will show as a connector in your connectors list
Limitations
If SCIM is disabled and the actions where no error was reported, those actions will not get captured even after enabling the SCIM.
Example:
Let’s suppose SCIM is disabled for a company, and they have performed the following actions during the disabled time:
The user's first name was updated; if we enable SCIM, we will still get the old user's name value.
The user was removed from the assigned group; if we enable SCIM, the user will still be active in the RH portal.
The user is unassigned from the app; if we enable SCIM, the user will remain active in the RH portal.
The user group was unassigned from the app; if we enable SCIM, the user group will remain active in the RH portal.