What is SCIM?
SCIM or The System for Cross-domain Identity Management (SCIM) specification is designed to make managing user identities in cloud-based applications and services easier. The intent is to reduce the cost and complexity of user management operations by providing a common user schema and extension model. SCIM is a secure and standard method to exchange the user identity information between the identity providers and your cloud/SaaS applications.
How SCIM Works?
SCIM automates the process of Provisioning and Deprovisioning, it uses a standardized API through REST with data formatted in JSON.
LogMeOnce supports native support for SCIM integration with identity providers such as Azure AD, Okta, OneLogin, JumpCloud, Google G Suite and other IdP. SCIM is supported as part of LogMeOnce Enterprise Edition.
LogMeOnce supports SCIM 2.0, and supports SCIM REST API end point and operations such as
Create, Read, Replace, Delete, Update, Search operations for both Users and Group management.
- Create Users
- Update User Attributes
- Deactivate Users
- Push Groups
LogMeOnce Configuration for Azure AD SCIM Integration
Azure Active Directory uses a concept called assignments to determine which users should receive access to selected apps. In the context of automatic user provisioning, only the users and/or groups that have been assigned to an application in Azure AD are synchronized.
Before configuring and enabling automatic user provisioning, you should decide which users and/or groups in Azure AD need access to LogMeOnce. Once decided, you can assign these users and/or groups to LogMeOnce by following the instructions here:
1 – Create a Group in Azure Active Directory Tenant (For example LogMeOnceSCIM)
2 – Assign user to group
Login to your LogMeOnce account and navigate to your Administrator Dashboard, Select Security Menu and Select Directories. Then click Add Directory and select Azure SCIM.
Enter a name for your Azure SCIM Connector.
Save your custom directory name and click save, after adding a directory click to directory name and copy your tenant URL and Secret Token.
Adding LogMeOnce SCIM in Azure Portal
1 - In the Azure portal, in the left navigation panel, select Azure Active Directory
2 - Go to Enterprise applications, and then select All applications
3 - To add a new application, select the New application button at the top of the pane
4 –Name your custom application or search your newly created application from applications listing page
5 – Go to provisioning tab of application
7 - Set the Provisioning Mode to Automatic.
8 – Under the Admin Credentials section, input LogMeOnce tenant URL. Input the SCIM Authentication Token value retrieved earlier in Secret Token.
Click Test Connection to ensure Azure AD can connect to LogMeOnce. If the connection fails, ensure your LogMeOnce account has Admin permissions and try again.
9 – Assign users and groups to application.
10 – Start Provisioning
Edit and Delete SCIM Connector
To edit the SCIM connector, please select connector from Menu and click on 3 dots and select Edit or Delete
Activity and Event Log for your SCIM Connector
To view logs of your SCIM connector, please select connector from Menu and click on 3 dots and select Activity
Supported SCIM Attributes
You can View supported Attributes from Attributes tab as shown below.