0

We have Single Sign-On (SSO) done via SAML.

Currently we have requirement to sync users from ADFS to our database as well as ADFS groups.

I was able to google out solutions for LDAP, however that seems quite old.

Is it possible to do this via SAML? Any other method?

I would be using PHP.

rock3t
  • 2,193
  • 2
  • 19
  • 24

1 Answers1

0

Both SAML and ADFS are about authentication.

What you are referring to is provisioning which is not provided by either.

The modern standard for provisioning is SCIM.

rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • Thank you, bud. That's exactly hat I have eventually googled out. When it comes to having ADFS, how do one goes about providing SCIM capabilities? – rock3t May 28 '20 at 08:23
  • You wouldn't add it to ADFS. You would something that uses SCIM to access AD. – rbrayb May 28 '20 at 22:35
  • So it means AD itself can provide SCIM? – rock3t May 29 '20 at 09:48
  • No - you have to buy or write a SCIM package that is tailored for AD. SCIM is just a set of REST endpoints e.g. "Create User". So you have to have an API that people can call that uses LDAP to write to AD. – rbrayb May 29 '20 at 20:47