About SCIM
The System for Cross-domain Identity Management (SCIM) specification is designed to help organizations more easily manage and exchange identity information across cloud-based applications and domain boundaries using REST API and JSON. The SCIM specification provides standard schemas representing users and groups with built-in extensibility for additional attributes and other identity-related objects. Identity objects in SCIM are accessed via REST API with endpoints and operations for getting, creating, updating, and deleting those objects. SCIM’s underlying principles are to make user data more secure and to simplify and automate the user identity lifecycle management process.
About the EmpowerID SCIM Connector
The EmpowerID SCIM Connector is an out-of-the-box solution that can be used to connect EmpowerID to any application that supports SCIM 2.0. Providing EmpowerID with the application endpoint and authentication information is all that is needed for EmpowerID to connect. Once connected, all the standard features of EmpowerID’s connector technology operate under the hood to ensure the identities and associations between inventoried objects are accurately reflected in EmpowerID and any relevant back-end systems. As with any managed directory, the SCIM connector can take advantage of the full capabilities of EmpowerID, including the RBAC engine, the SSO framework, as well as password synchronization, attribute flow, group membership management, provisioning, updating and termination of accounts and groups, all with full auditing and reporting built-in.
Inventory Objects and their corresponding components in EmpowerID
Object in SCIM | Component in EmpowerID |
---|---|
User | Account |
Group | Group |
Attribute Mapping
User Attribute Mapping
SCIM User Attribute | Corresponding EmpowerID Person Attribute |
---|---|
active | Status |
addresses[?(@.type=='work')].country | Country |
addresses[?(@.type=='work')].Locality | City |
addresses[?(@.type=='work')].postalCode | ZipCode |
addresses[?(@.type=='work')].region | State |
addresses[?(@.type=='work')].streetAddress | StreetAddress |
emails[?(@.type=='work')].value | |
externalId | EmailAlias |
name.familyName | LastName |
name.givenName | FirstName |
name.honorificSuffix | GenerationalSuffix |
name.middleName | MiddleName |
password | Password |
phoneNumbers[?(@.type=='fax')].value | Fax |
phoneNumbers[?(@.type=='home')].value | HomePhone |
phoneNumbers[?(@.type=='mobile')].value | MobileNumber |
phoneNumbers[?(@.type=='other')].value | Telephone |
phoneNumbers[?(@.type=='work')].value | BusinessPhone |
photos[?(@.type=='work')].value | PhotoUrl |
preferredLanguage | PreferredLanguage |
profileUrl | AboutMe |
title | Title |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.department | Department |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.EmployeeNumber | EmployeeID |
userName | Login |
userType | EmployeType |
Group Attribute Mapping
SCIM Group Attribute | Corresponding EmpowerID Group Attribute |
---|---|
Description | Description |
externalId | Alias |
members | Members |
Role Attribute Mapping
SCIM Role Attribute | Corresponding EmpowerID Role Attribute |
---|---|
Description | Description |
externalId | Alias |
FreindlyName | FriendlyName |
Name | Name |
ParentID | ParentPath |
Location Attribute Mapping
SCIM Location Attribute | Corresponding EmpowerID Location Attribute |
---|---|
Description | Description |
externalId | Alias |
FreindlyName | FriendlyName |
Name | Name |
ParentID | ParentPath |
Connect to a SCIM Application