You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

EmpowerID SCIM Connector

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

About SCIM

The System for Cross-domain Identity Management (SCIM) specification is designed to help organizations more easily manage and exchange identity information across cloud-based applications and domain boundaries using REST API and JSON. The SCIM specification provides standard schemas representing users and groups with built-in extensibility for additional attributes and other identity-related objects. Identity objects in SCIM are accessed via REST API with endpoints and operations for getting, creating, updating, and deleting those objects. SCIM’s underlying principles are to make user data more secure and to simplify and automate the user identity lifecycle management process.

About the EmpowerID SCIM Connector

The EmpowerID SCIM Connector is an out-of-the-box solution that comprises an internal SCIM account store and a deployable SCIM microservice. The microservice is a .NET 6.0 template developed in Workflow Studio that can be used to connect with applications that use SCIM for identity transactions and those that do not. When applications do not support SCIM, organizations can extend the microservice to talk to those applications without having extensive knowledge of the EmpowerID connector framework. Simply extend the microservice for those applications and deploy it to Azure or IIS. EmpowerID takes care of the rest. Once the microservice is deployed, providing EmpowerID with the SCIM endpoint and the appropriate authentication information is all that is needed for EmpowerID to connect. All the standard features of EmpowerID’s connector technology operate under the hood to ensure the identities and associations between inventoried objects in those applications are accurately reflected in EmpowerID and any relevant back-end systems. The SCIM connector can take advantage of the full capabilities of EmpowerID, including the RBAC engine and the SSO framework, password synchronization, attribute flow, group membership management, provisioning, updating, and termination of accounts and groups, all with full auditing and reporting built-in.

How does the SCIM Connector Work?

The SCIM connector is comprised of the SCIM account store, which you create in EmpowerID and the SCIM microservice, which you deploy to Azure or host in IIS. When you create the SCIM account store, you specify the endpoint and the authentication information (OAuth client and key or certificate) needed to secure the connection between EmpowerID and the microservice. When you create the SCIM account store, EmpowerID generates a resource system for it with configurable settings for your application’s endpoints and a corresponding security boundary with the standard SCIM schema. The schema can be extended as needed. After creating the account store, configuring the endpoints, and extending the schema as needed, simply turn on inventory and manage the identities as you would with those belonging to any other type of account store. Create, update, delete, assign and unassign users to and from groups as needed.

Inventory Objects and their corresponding components in EmpowerID

Object in SCIM

Component in EmpowerID

User

Account

Group

Group

Attribute Mapping

User Attribute Mapping

SCIM User Attribute

Corresponding EmpowerID Person Attribute

active

Status

addresses[?(@.type=='work')].country

Country

addresses[?(@.type=='work')].Locality

City

addresses[?(@.type=='work')].postalCode

ZipCode

addresses[?(@.type=='work')].region

State

addresses[?(@.type=='work')].streetAddress

StreetAddress

emails[?(@.type=='work')].value

Email

externalId

EmailAlias

name.familyName

LastName

name.givenName

FirstName

name.honorificSuffix

GenerationalSuffix

name.middleName

MiddleName

password

Password

phoneNumbers[?(@.type=='fax')].value

Fax

phoneNumbers[?(@.type=='home')].value

HomePhone

phoneNumbers[?(@.type=='mobile')].value

MobileNumber

phoneNumbers[?(@.type=='other')].value

Telephone

phoneNumbers[?(@.type=='work')].value

BusinessPhone

photos[?(@.type=='work')].value

PhotoUrl

preferredLanguage

PreferredLanguage

profileUrl

AboutMe

title

Title

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.department

Department

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.EmployeeNumber

EmployeeID

userName

Login

userType

EmployeType

Group Attribute Mapping

SCIM Group Attribute

Corresponding EmpowerID Group Attribute

Description

Description

externalId

Alias

members

Members

Role Attribute Mapping

SCIM Role Attribute

Corresponding EmpowerID Role Attribute

Description

Description

externalId

Alias

FreindlyName

FriendlyName

Name

Name

ParentID

ParentPath

Location Attribute Mapping

SCIM Location Attribute

Corresponding EmpowerID Location Attribute

Description

Description

externalId

Alias

FreindlyName

FriendlyName

Name

Name

ParentID

ParentPath

Connect to SCIM Applications

Create SCIM Microservices

  • No labels