Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Customizing the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Mapping processes in One Identity Manager Setting up Job servers
The One Identity Manager Service functionality Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager
Visual Basic .NET scripts usage Notes on message output Notes on using date values Tips for using Windows PowerShell scripts Using dollar ($) notation Using base objects Calling functions Pre-scripts for use in processes and process steps Using session services Using #LD-notation Script library Support for processing scripts in the Script Editor Creating and editing scripts in the Script Editor Copying scripts in the Script Editor Testing scripts in the Script Editor Testing script compilation in the Script Editor Overriding scripts Permissions for running scripts Editing and testing script code with the System Debugger Extended debugging in the Object Browser
One Identity Manager query language Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration One Identity Manager as SCIM 2.0 service provider Processing DBQueue tasks One Identity Manager Service configuration files

One Identity Manager as SCIM 2.0 service provider

One Identity Manager provides an interface corresponding to the System for Cross-domain Identity Management (SCIM) 2.0. The interface enables the import and export of One Identity Manager objects by a SCIM client. For example, the interface can be used to:

  • Import identity, department, cost center, and location data from an HR system

  • Import user account and group data from a cloud system

  • Match custom target systems that have a SCIM V2.0 client

  • Provision information about identities through a standardized interface for further processing in third-party systems

The SCIM 2.0 service provider for One Identity Manager is provided as a plugin for the API Server and you can select it when you install the API Server. Further configuration of the SCIM plugin itself is not necessary. You can check in the API Server administration portal if the SCIM plugin was installed and activated successfully. For more information on installing an API Server, see the One Identity Manager Installation Guide.

Detailed information about this topic

Endpoints and base URL

NOTE: The providers and endpoints supplied with the interface are fixed and cannot be configured.

The SCIM 2.0 interface can be found in the API Server installation directory under the fixed subdirectory /ApiServer/scim/v2. The base URL is formed as follows:

<http | https>://[<subdomain | server name>.]<domain name>/ApiServer/scim/v2

There are other fixed endpoints. The endpoints are called without any further URL parameters.

  • /ServiceProviderConfig

    The endpoint provides information about the options implemented in the service provider, such as the authentication types on offer. The endpoint can be accessed without authentication.

  • /Schemas

    The return structure of the endpoint defines all data objects and their properties supported by the provider.

  • /ResourceTypes

    When the endpoint is called, the metadata for the data objects published through the /Schemas endpoint are returned. These are linked to an endpoint based on the base URL under which the respective provider of a specific data object type can be reached.

Related topics

SCIM plugin features

The return structure of the /ServiceproviderConfig endpoint defines, among other things, the features that are supported by the SCIM plugin.

  • patch: When transferring changes, only single operations on object properties are transferred, not the complete object to be changed.

  • filter: This supports filtering of objects immediately on request or in patch operations.

Authenticating SCIM clients

An authenticationSchemes list is included in the structure returned by the /ServiceproviderConfig endpoint. The list publishes the possible authentication and authorization methods with which the SCIM plugin can be used.

Supported are:

  • HTTP Basic access authentication

  • NTLM Authentication and Kerberos

  • OAuth 2.0 client authorization

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating