SCIM

Who can use this feature?

Only the Application Owner role can use this feature.

SCIM enables you to centrally manage user identities with your IdP for cloud-based applications like ITONICS Enterprise.

How SCIM works

The System for Cross-domain Identity Management (SCIM) is designed to synchronize user information between multiple applications with your Identity Provider. In this way, SCIM allows for streamlining processes while reducing mistakes and data inconsistencies between identity ecosystems.

ITONICS only supported SAML Just in Time (JIT) user provisioning in the past. In this configuration, user accounts are created the first time they successfully log in to ITONICS via SAML assertions that pass the attributes required for account creation.

SCIM, on the other hand, allows admins to create, update and deactivate accounts from a central place using an API call. For example, if an organization uses SCIM, and one of their employees leaves the company, an admin can deprovision them using their IdP. That change will propagate to SCIM-enabled web applications (like ITONICS) and automatically delete the accounts there.

Integrate SCIM 

Integrating SCIM is the more technical side of things and usually requires the involvement of both IT departments (ITONICS & Client). Please get in touch with your Customer Innovation Success Manager to initiate the integration.

For a smooth integration, make sure the following prerequisites are completed:

  • SAML integration has to be completed
  • SAML configuration document has to be completed

The following steps describe the high-level integration procedure: 

  • Your IT Team configures SCIM in your Identity Provider
  • ITONICS activates the SCIM module on your ITONICS Enterprise
  • ITONICS conducts the SCIM configuration with your IT Team:
    • User Configuration (Update Username, Delete Users) 
    • Role Configuration (Create, Update, Delete, Manage Roles) 
    • Token Configuration (Expiration Time, Bearer Token)

The following ITONICS User Attributes can be mapped out-of-the box with your Identity Provider.

ITONICS Field Machine Name ITONICS Field Type Example
E-Mail email Single Line Input Field jane.doe@itonics.de
First Name first_name Single Line Input Field Jane
Last Name last_name Single Line Input Field Doe
Business Unit user_organizational_unit List Field IT
Region user_region List Field Europe

Additional fields from type Single Line Input Field can also be mapped, but need to be configured first via the User Configuration.

Was this article helpful?
0 out of 0 found this helpful