Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

What is SCIM?

The SCIM (System for Cross-domain Identity Management (SCIM) specification is designed to help organizations more easily manage and exchange identity information across ) is a widely-adopted, RESTful, JSON-based specification designed to facilitate smoother management, synchronization, and exchange of identity data across various domain boundaries and cloud-based applications and domain boundaries using REST API and JSON. The SCIM specification provides standard schemas representing users and groups with built-in extensibility for additional attributes and other identity-related objects. Identity objects in SCIM are accessed via REST API with endpoints and operations for getting, creating, updating, and deleting those objects. SCIM’s underlying principles are to make user data more secure and to simplify and automate the user identity lifecycle management process.

About the EmpowerID SCIM Connector

The EmpowerID SCIM Connector is an out-of-the-box solution that primary objective of the SCIM initiative is to standardize schemas and REST APIs for representing user and group identities, along with their associated metadata, while supporting extensibility and flexible customization to meet specific business needs.

How does SCIM work?

SCIM allows users, groups, and other objects to be accessed, created, updated and deleted using a set of RESTful APIs with associated endpoints. By leveraging standardized schemas and APIs, SCIM simplifies and automates identity-related tasks, such as provisioning and deprovisioning user accounts, across diverse systems and applications.

EmpowerID's SCIM Connector

EmpowerID's SCIM Connector is a comprehensive solution that enables organizations to implement connectivity and automate user identity tasks across various applications using the SCIM specification. The SCIM Connector comprises an internal SCIM account store and a deployable SCIM microservice. The microservice is a .NET 6.0 template developed in Workflow Studio that , which can be used customized to connect with applications that use SCIM for identity transactions and those that do not. When applications do not support SCIM, organizations can extend the microservice to talk to those applications without having extensive knowledge of the EmpowerID connector framework. Simply extend the microservice for those applications and deploy it to Azure or IIS. EmpowerID takes care of the rest. Once the microservice is deployed, providing EmpowerID with the SCIM endpoint and the appropriate authentication information is all that is needed for EmpowerID to connect. All the standard features of EmpowerID’s connector technology operate under the hood to ensure the identities and associations between inventoried objects in those applications are accurately reflected in EmpowerID and any relevant back-end systems. The SCIM connector can take advantage of the full capabilities of EmpowerID, including the RBAC engine and the SSO framework, password synchronization, attribute flow, group membership management, provisioning, updating, and termination of accounts and groups, all with full auditing and reporting built-in.

...

How does the SCIM Connector Work?

The SCIM connector is comprised of the SCIM account store, which you create in EmpowerID and the SCIM microservice, which you deploy to Azure or host in IIS. When you create the SCIM account store, you specify the endpoint and the authentication information (OAuth client and key or certificate) needed to secure the connection between EmpowerID and the microservice. When you create the SCIM account store, EmpowerID generates a resource system for it with configurable settings for your application’s endpoints and a corresponding security boundary with the standard SCIM schema. The schema can be extended as needed. After creating the account store, configuring the endpoints, and extending the schema as needed, simply turn on inventory and manage the identities as you would with those belonging to any other type of account store. Create, update, delete, assign and unassign users to and from groups as needed. both SCIM-compatible and incompatible applications.

By extending the microservice, organizations can communicate with incompatible applications and deploy them on Azure or IIS platforms. Once deployed, EmpowerID handles the remaining processes, ensuring seamless integration and management of identity data across multiple systems.

With EmpowerID's SCIM Connector, organizations can:

  • Streamline the management and synchronization of identity data across different domains and cloud-based applications.

  • Automate user provisioning and deprovisioning tasks.

  • Customize the SCIM microservice to meet specific business needs.

  • Integrate both SCIM-compatible and incompatible applications.

...

Inventory Objects and their corresponding components in EmpowerID

...