Skip to content

Latest commit

 

History

History
222 lines (209 loc) · 6.47 KB

README.md

File metadata and controls

222 lines (209 loc) · 6.47 KB

Connector Scim2

ConnID Connector to support System for Cross-domain Identity Management (SCIM2) API for Identify and Access Management (IAM) of Remote Services

This open source connector for the SCIM2 API uses the ConnId Framework for integration with Identity and Access Management (IAM) systems such as Evolveum Midpoint.

The software leverages the Connector Base Framework located at https://github.com/ExclamationLabs/connector-base

This software is Copyright 2024 Exclamation Graphics. Licensed under the Apache License, Version 2.0.

Connector Configuration

The actual method of configuring a connector is largely dependent on the interface(s) provided by your Identity and Access management system. Midpoint provides a convenient user interface method to enter these values. If configuration properties are being read in from a property file you may also need to know the name of the property.

SCIM2 Configuration Options

Service URL Yes The base URL of the SCIM2 endpoint.
IO Error Retries No Number of retries that will be attempted when an IO error occurs. Default is 5.
Deep Get Enabled No When a search operation is executed and this value is true, the connector will make an individual call to download each User or Group returned. The value should be set to false since a standard SCIM2 service should return all attributes of each record.
Deep Import Enabled No When an import operation is executed and this value is true the connector will attempt to download all attributes for each individual record returned. The option should be set to false since the SCIM2 connector should return all attributes on the search.
Import Batch Size No The default number of records to retrieve per page. Import operations will be invoked using the given batch size when it is supplied. Since the SCIM2 API supports paging you can import records one batch/page at a time instead of all at once.
Pagination Enabled No The SCIM2 Connector supports pagination on User and Group objects. This option should be set to true.
Duplicate Record Returns Id No When a create is attempted and an AlreadyExistsException is generated, the adapter shall attempt to return the id of the existing record matching the specified userName.
Resource Type URL string URL to Discover resource type for a particular service provider. These included Users and Groups URL endpoints.
Resource Type JSON string The actual resource types for a particular service provider
Use Resource Type URL boolean Whether to use the URL or the JSON. Especially when the URL is not supported by the service provider.
Schema URL string URL to discover schema for a particular service provider
Schema JSON string The actual Schema return for a particular service provider. This can be populated from the URL at discovery time.
Use Schema URL boolean Where to use URL or JSON especially when URL is not available
Enable Standard Schema boolean Uses prebuilt java objects based on the stand schema.
Enable Enterprise User boolean Extend the user schema with enterprise attributes
Enable AWS Schema boolean Use a pre-built java classes as defined for AWS \ As specified here https://docs.aws.amazon.com/singlesignon/latest/developerguide/what-is-scim.html
Enable Slack Schema boolean Use prebuilt java classes as define for Slack as specified here: \ https://api.slack.com/admins/scim2
Enable Dynamic Schema boolean Use the Resource Type and/or the Schema defined above for dynamic operations.
Users Endpoint URL string Discovered from the resource type or entered manually. Usually “/Users
Group Endpoint URL string Discovered from the resource type or entered manually. Usually “/Groups”
UserSchemaIdList [string] A list of user schemas that define a user.
This is discoverable from the Resource Type URL, JSON, or by one of the prebuilt java classes
Default:
urn:ietf:params:scim:schemas:core:2.0:User
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
GroupSchemaIDList [string] A list of Group schemas that define a Group.
This is discoverable from the Resource Type URL or JSON. or by one of the prebuilt java classes default:
urn:ietf:params:scim:schemas:core:2.0:Group+etc

References

  1. RFC 7642 SCIM2 Definitions, Overview, Concepts, and Requirements
  2. RFC 7643 SCIM2 Core Schema
  3. RFC 7644 SCIM2 Protocol
  4. Amazon Web Services SCIM Implementation Guide
  5. Slack API Provisioning with SCIM 2.0
  6. Zoom SCIM2 API
  7. SalesForce SCIM2 Implementation
  8. Fast Fed SCIM2 Interoperability Requirements