...
Target System Parameters
Whenever you connect a SAP SCIM system to the CoreOne Suite you will need to specify the following parameters.
Parameter | Mandatory | Example | Description |
---|---|---|---|
| ✅ | https://scim.webapp.com | The base url of the SCIM endpoint |
| ❌ | https://scim.webapp.com/login | The endpoint where the authentication for the SCIM endpoint has to be performed This URL gets called together with the Username and Password as HTTP Basic Authentication request and has to return a Bearer Token in the form of { Token: ““ } |
| ❌ | svc_cos | The user name to be used for authentication |
| ❌ | 🔑 * * * * * * * | The password of the user |
| ✅ | false | If the SSL handshake can not be performed because of invalid certificates. Be very cautions with this and only disable it if really necessary. |
| ✅ | Updates done via PATCH method | Defines with which HTTP method identity updates should be sent. Currently PATCH and PUT are supported |
| ✅ | Updates done via PATCH method | Defines with which HTTP method resource updates should be sent. Currently PATCH and PUT are supported |
| ✅ | false | If true, sets all the missing attributes on the entity sent back by the target system to the default values of their respective data types. Usually the target system sends back the whole entity with all attributes so this doesn’t need to be enabled. |
| ❌ | JSON-serizalized dictionary of parameters used when using OAuth authentication |
SCIM Authentication
There are different ways to authenticate to SCIM. It depends on combination of 3 paramters Login base url
, Login username
, Login password
, Scim OAuth parameters
.
Authentication | Description | Parameters | ||
---|---|---|---|---|
Anonymous | No authentication header sent with the request to SCIM | All ( | ||
Basic | Basic authentication header is sent with username and password |
| ||
Token with Basic | Basic authentication header is sent with username and password to the Obtained token will be send as Bearer token with request to SCIM |
| ||
Token with OAuth | Oauth request with parameters from Obtained token is sent as Bearer token with request to SCIM
|
|
Context Assignment
The SCIM Connector supports the assignment context as described here. As this assignment context is not part of the standard definition in SCIM, we made use of SCIMs capability to extend the schema. Whenever an assignment is made with a context, first the assignment context transformations are applied and then they are provisioned in as the relations
property.
...
The following identity functions are supported:
Supported | |
create/delete identities | ✅ |
provisioning identities | ✅ |
update identities | ✅ |
provisioning identity updates | ✅ |
deprovision identities | ✅ |
cleanup of inactive identities active | - |
check password changed active | - |
...
The following resource functions are supported:
Supported | |
create/delete resources | ✅ |
provision resources | ✅ |
update resources | ✅ |
provisioning resource changes | ✅ |
deprovisioning resources | ✅ |
provisioning resource allocations | ✅ |
deprovisioning resource allocations | ✅ |
provisioning resources-resource allocations | - |
Deprovisioning resource resource allocations | - |
...
The following cleanup functions are supported:
Supported | |
Is available in the expected/actual comparison log | ✅ |
Clean up expected/actualIn the should-actual Log available | ✅ |
Should be - Actually is - cleanup | - |
Read back user account properties | - |
Resource identity assignments Target system cleanup member target system clean up | - |
Resource - resource assignments Target system cleanup member target system clean up | - |