SCIM is a standard interface to manage Users/Roles/Groups. It is based on REST. The interface is described in http://www.simplecloud.info/
CoreOne can connect to other systems using SCIM and provision there users and groups. The other system has to implement SCIM correctly - there are many small discrepencies between existing implementations. Please check below implementation details to see if your system supports SCIM.
Set up target system
Target system attribute | Description |
---|---|
SCIM base URL | Specification of the base URL of the SCIM API interface, incl. schema, domain and path (like https://localhost:44319/scim) |
SCIM login URL | Specification of the URL for token endpoint (username and password is only supported authentication method for now). CoreOne uses the token to authenticate in SCIM endpoint |
SCIM login username | Username to be used for login |
SCIM login password | Password to be used for login |
Disable SSL handshake | Checkbox → if selected, the SSL certificate check is skipped, e.g. if no valid certificate is available. Should be avoided in principle |
Operations
Below you can find what are exact requests that CoreOne will make to other SCIM system. Please check if your system supports them.
Let’s assume we provision some standard attributes:
userName,
name.givenName,
name.familyName,
emails.value
SCIM allows for multivalue attributes - like email but it is not supported by CoreOne for now.
Create user
URL /scim/users POST
Update user
URL /scim/users/{id} PATCH
Select users
URL /scim/users GET
Select user
URL /scim/users/{id} GET
(filter and attributes needs to be supported)
Delete user
URL /scim/users/{id} DELETE
Create group
URL /scim/groups POST
Assign Member
URL /scim/groups/{id} PATCH
Remove Member
URL /scim/groups/{id} PATCH
(core one assumes there is .groups property)