Duplicate » admin by request

SCIM Integration

SCIM icon over a dark digital background with white dots and lines making a network.

Chances are, your enterprise is already making the most of the reusable, normalized, open standard that is the

System for Cross-Domain Identity Management (a.k.a. ‘SCIM’).

Lightweight, simple, and growing in popularity – we’ve now made it possible to integrate with Admin By Request.

Overview

If you’re new to SCIM, the protocol was created to help manage user identity information. In simple terms, it does this by defining how an Identity Provider (IDP) and supported applications talk to each other.

The SCIM protocol provides standard definitions for users and groups, i.e., a schema with a default set of values for what should be defined for users, and what should be defined for groups.

With this, comes a set of standard operations and a RESTful API which translates these operations into GETPOSTPUTPATCH and DELETE HTTP requests. These HTTP requests run the typical operations involved in user and group management, such as CreateUpdate, and Delete, with responses returned in JSON data format.

Benefits of SCIM Integration

At one end you have your IDP environment – such as Azure AD or Okta – used to create, maintain, and manage user information: the central hub for all things user-identity related.

At the other end you have the many applications that you want your users to have easy and secure access to.

In between, you have SCIM: the communication channel used to provision users by pushing the actions undertaken on the IDP side, to connected applications.

The main goal being, to save IT admins from having to onboard and manage user identities and user access manually on multiple different applications. With SCIM, you can do it all from the IDP side, with changes automatically reflected on integrated applications when the provisioning cycle runs.

What Our Integration Offers

  • Identity Provider Support: The Admin By Request implementation of SCIM provisioning supports the Azure AD and Okta IDP environments, and is designed for Portal Users (i.e., your company admins. This implementation is not intended to integrate with end users).
  • Provisioning Access: Provisioned users are able to access the User Portal using their IDP credentials and selecting the appropriate option from the Corporate Sign-in menu of the log in page, or from within the IDP:
  • User Portal Permissions: Roles can be assigned to groups of users, specifying the permissions they have within the Admin By Request User Portal based on their Azure AD or Okta source group:
» admin by request
  • SCIM Operation Support: The Admin By Request integration supports the CreateUpdate, and Delete operations for user provisioning.

Here’s How it Works:

The integration comprises an Admin By Request application on the IDP side, which acts as the SCIM Connector.

The connection between the SCIM Connector and the SCIM Endpoint is established using a SCIM API key and URL.

When the connection is authorized, actions within Azure AD or Okta are pushed through the SCIM Connector to the SCIM API, which makes HTTP requests (POST, PATCH, DELETE) to the Admin By Request SCIM Endpoint according to the protocol.

These requests run the appropriate operations in the Admin By Request User Portal: Creating, Updating, or Deleting user and group data.

  • Create: Users are created in the Admin By Request User Portal based on user and group values and assignments in the IDP. In this case, a POST request is pushed to the application (i.e., Admin By Request).
  • Update: Existing user and group attributes are updated in the Admin By Request User Portal to match changes to their corresponding user profile or group in the IDP. In this case, the application receives a PATCH request.
  • Delete: Users or groups that are deleted or deprovisioned / unassigned in the IDP are deleted from the Admin By Request User Portal. In this case, SCIM sends a DELETE request to the application.

Configuring the Integration

The Task breakdown for configuring the integration is as follows:

  1. Create the SCIM Connector on your IDP side (i.e., Azure AD or Okta). This is done by creating a new Admin By Request SCIM application.
  2. Authorize the connection between the Admin By Request SCIM application and the SCIM Endpoint (created by us, on the Admin By Request side). This involves plugging in the SCIM API Key and URL, available in your Admin By Request User Portal.
  3. Set up provisioning and assign users and groups to the Admin By Request SCIM application in the IDP. (For Okta users, Single Sign-On (SSO) needs to be set up prior to provisioning.)
  4. Initiate provisioning to synchronize assigned users and groups to your Admin By Request User Portal.

Next Steps

If your organization implements SCIM and uses Azure AD or Okta for identity management, download the corresponding self-service manual below to set up SCIM provisioning with Admin By Request.

About the Author:

Picture of S Dodson

S Dodson

With a solid background in computer science and graphic design, my career kicked off writing tech manuals for various companies in both the software and hardware realms. I then side-stepped into marketing and found my passion in cybersecurity. I fuse my tech know-how with design skills to craft engaging blogs that spotlight cybersecurity for businesses. My main focus now is championing the marketing efforts of Admin By Request Zero Trust Platform, where my creative take on cybersecurity helps me create content that's enlightening, entertaining, and impactful. My articles have graced the pages of InfoSec Magazine and top-tier security websites like OPSWAT. I'm on a mission to stress the significance of cybersecurity and to showcase how Admin By Request is shaking things up by making enterprise solutions simple, intuitive, accessible, and affordable to organizations of all sizes, in any industry. My goal is to craft content that informs, intrigues, and motivates action, helping businesses understand the pivotal role of cybersecurity in the digital age we're now living in. Through my work, I aim to close the gap between technology and its real-world applications, keeping our audience well-informed, interested, and ready for the ever-evolving cybersecurity landscape. I bring a blend of extensive experience, deep expertise, recognized authority, and unwavering commitment to trustworthiness in cybersecurity. My goal? To make complex topics relatable and actionable for businesses of all sizes - just like Admin By Request strives to do.

Get the Admin By Request Free Plan

Fill out the form with your work email and we’ll send your credentials to your inbox.

Book a Demo

Orange admin by request circle tick logo. » admin by request