1. Resolver Core
  2. End User System Essentials
  3. SCIM

SCIM Overview

Updated

Article Content

Overview
User Account Requirements
Related Information/Setup
Prerequisites

Overview

Resolver’s System for Cross-Domain Identity Management (SCIM) User Provisioning allows IT Administrators to manage Resolver users in one spot with the industry standardized SCIM 2.0 protocol integration with their IdP. This means that Administrators will not have to track user access in multiple places when users are onboarding or leaving their Orgs.

Resolver’s implementation of SCIM offers a standard schema for users and groups, and is intended to support the following resources:

  • Group
  • User
  • Service Provider Config
  • Resource Type
  • Schema

Additionally, it is intended to support the following operations:

  • Creating users
  • Retrieving users
  • Retrieving users by query (support for sorting, filtering, and paging)
  • Updating users
  • Deleting users
  • Retrieving groups
  • Retrieving groups by query (support for sorting, filtering, and paging)
  • Updating groups (supports changes to externalId, displayName, and group membership)

 SCIM 2.0 User Provisioning supports Entra Id (formerly Azure AD) and Okta IdPs.

Note-ec6f12.png
 Note:
If you are interested in enabling this feature on your account, please contact your Customer Success Manager. 

User Account Requirements 

The user must have Administrator permissions to generate SCIM tokens. 

Related Information/Setup

Please refer to the following articles for further information on using SCIM in Resolver:

Prerequisites

Before enabling SCIM on your Org, these prerequisites must be met:

  • SSO must be enabled for your Resolver Org to enable SCIM.

  • A Resolver user with Administrator permissions to generate SCIM tokens.

  • A technical resource with SCIM knowledge. 

  • A technical resource with administrative access to your IdP.

  • Create new Resolver user for the service account, used for SCIM purposes only. 

    Note-ec6f12.png
    		 Note:
    Ensure this new user is an Administrator user type, with the Enable User Access toggle switch enabled. We highly recommend giving this new user a descriptive name such as “IdP Service Account, Do NOT change”.  The user’s email address can use any email domain owned by the customer.

  • Identify any LDAP, SCIM, or User Provisioning that is currently active for Resolver.

    Note-ec6f12.png
    		 Note:
    We highly recommend disabling these during testing and go live to prevent conflicts and unforeseen issues.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section