Stack Overflow
Stack Overflow

Questions tagged [scim]

The System for Cross-domain Identity Management (SCIM) specification is designed to make managing user identities in cloud-based applications and services easier.

The SCIM standard was created to simplify user management in the cloud by defining a schema for representing users and groups and a REST API for all the necessary CRUD operations.

SCIM homepage is http://www.simplecloud.info

300 questions
2
votes
1 answer

WSO2 IS: SCIM API Update: Required attribute userName is missing in the SCIM Object

How to update user with PATCH, why it require userName (with PUT is the same)? curl -v -k --admin:admin -X PATCH -d '{"name":{"familyName":"Doe"}' \ --header "Content-Type:application/json"…
zarej
  • 913
  • 1
  • 11
  • 23
2
votes
1 answer

Using XACML to control access to a SCIM API

How can I apply XACML access control policies against the Identity Server's very own SCIM API? My idea is that I want the user to be able to access the user's SCIM endpoint (list endpoint), but it will only return the user itself as the only result…
bufferingStacker
  • 65
  • 5
2
votes
1 answer

Issue to delete a group by using SCIM in WSO2 IS 5.0

I am using IS 5.0 and I deleted a group named 'developer' in wso2 IS using SCIM service but entry not deleted from table IDN_SCIM_GROUP. when get the details of same user i got error {"Errors":[{"description":"Groups not found in the user store for…
Munees Majid
  • 747
  • 2
  • 8
  • 22
2
votes
1 answer

Pingfederate SCIM Inbound provisioning

I have configured SCIM inbound provisioning in pingfederate 7.2.0 using Active Directory as an user store. But when I hit the URL exposed by ping to search for an user I get the following error on the browser- { …
Rana
  • 41
  • 8
2
votes
1 answer

Value of "version" in SCIM

I am creating an implementation of SCIM 1.1 specification in my existing project. The SCIM spec says the following for "version" attribute: The version of the Resource being returned. This value must be the same as the ETag HTTP response header. In…
nshweta
  • 499
  • 2
  • 7
  • 19
1
vote
1 answer

Is Microsoft Azure misusing the SCIM RFC? `emails[type eq "work"].value eq "foo@example.com"`

We are having issues implementing our SCIM API and making Azure happy in every scenario. Microsoft tries to provide for folks to configure how their active directory will map to the SCIM implementation with suggestions like: emails[type eq…
Matt
  • 5,028
  • 2
  • 28
  • 55
1
vote
1 answer

Deleted user within Application, so AAD SCIM Provisioning is not modifying/creating user, since it is still cached as existing in AAD. Remove how?

Doing testing on SCIM implementation with Confluence and Azure AAD, with authentication with OIDC and ran into following issue: If a SCIM provisioned account is deleted manually from Confluence, Azure does not seem to have a way to figure out that…
Elijah Guastella
  • 11
  • 1
1
vote
1 answer

PATCH /Groups for AzureAD SCIM synchronization fails

Im currently trying to implement the SCIM protocol for synchronizing Users & Groups from AzureAD into my application. For development I use a MS tutorial and the RFC for…
CuX
  • 11
  • 2
1
vote
1 answer

Why Azure AD SCIM validator always respond “Invalid Credentials”?

I have a web application that exposed an SCIM api endpoint. Then I used Azure AD SCIM validator to validate my SCIM endpoint. Azure AD needs a token to be able to connect to my app. Problem is I generate Oauth 2 token using postman, I use this token…
jetpack
  • 169
  • 1
  • 9
1
vote
0 answers

SCIM2 => Okta provisioning: Is it possible to update attributes with import?

When we initially import users into Okta via our SCIM test app, attributes like name and roles are set correctly in Okta. This appears to be configured here in the "To Okta" provisioning settings: With the list of attributes and action to apply…
Scott Carpenter
  • 1,510
  • 1
  • 12
  • 12
1
vote
1 answer

SCIM endpoints and public DNS

I am currently learning SCIM and one thing that I have come across is the SCIM endpoints need to be on the public DNS so IdPs can call out to them. I have used ngrok to expose my localhost over the internet for testing purposes but I was curious if…
john_gomes
  • 15
  • 5
1
vote
1 answer

Azure AD provisioning requires two runs to succeed with custom app

We've created an application using SCIM 2 SDK from PingIdentity for provisioning with Azure AD. Custom mapping is set up and working. However, when the user is CREATED, all of the fields are included in the import, but only a few fields are included…
Kevin Malone
  • 51
  • 5
1
vote
1 answer

Microsoft Azure AD SCIM endpoints

Can someone tell me how to provision Microsoft Azure AD users via SCIM to my own application? The scenario is as follows: I have some users in Azure Active Directory and want to sync them with my own application running at my own server somewhere. I…
b_m_l
  • 13
  • 3
1
vote
1 answer

Sending group custom attributes through the Okta SCIM app

Trying to create a SCIM application in Okta that would provision both users and groups. Users seem to work as expected and I am able to push custom attributes for users to our app and also do the proper mappings. However, I have some issues with…
Roxana Roman
  • 1,012
  • 1
  • 8
  • 17
1
vote
0 answers

AWS SSO SCIM Access token expiry notification

Has anybody found a way to automatically be notified when the SCIM access token expiry date is approaching? This is to help with using an external identity provider for the the SSO with Azure AD. AzureAD automatically notifies you 90, 60, 30 and 7…
DevEng user
  • 11
  • 2
1 2 3
19 20