1. Resolver Core
  2. End User System Essentials
  3. SCIM

Generating SCIM Tokens

Updated

Article Content

Overview
User Account Requirements
Related Information/Setup
Navigation
Generating SCIM Tokens

Overview

The System for Cross-Domain Identity Management (SCIM) uses bearer tokens for authentication. These bearer tokens are generated against a user account.

Tips.png
 Best Practice:
We recommend creating a user account solely for the purpose of generating SCIM tokens, so that if a user is to leave their Org and their account gets deactivated, associated tokens will not become invalid.

User Account Requirements 

The user must have Administrator permissions to generate SCIM tokens. 

Related Information/Setup

Please refer to the following articles for further information on using SCIM in Resolver:

Navigation

  1. Follow the steps to retrieve a user's ID. 
  1. From the Home screen, click the Administration icon.
Administration Icon

Administration Icon

  1. From the Administrator Settings menu, click the Admin Overview link.
Admin Overview Link

Admin Overview Link

  1. From the Admin Overview screen, click the Swagger Docs tile under the Tools section.
Swagger Docs Tile

Swagger Docs Tile

Generating SCIM Tokens

  1. From the Admin: Help screen, enter the keyword user in the search text box, then click the User topic from the results.
User API Topic

User API Topic

  1. Click the GET /user/users/me (who am I?) endpoint to open the parameters. 
API Endpoint

API Endpoint

  1. Click the Execute button. 
Execute Button

Execute Button

  1. Record or copy the id number to your clipboard from the currentOrg section. This is the current org's internal ID.
CurrentORG ID Value

CurrentORG ID Value

  1. Enter the keyword org in the search text box, then click the Org topic from the results.
Org API Topic

Org API Topic

  1. Click the GET /user/org/{orgId}/user/{userId} (load a user org membership) endpoint to open the parameters.
API Endpoint

API Endpoint

  1. Enter the Org ID number copied during step 4 in the orgId field.
OrgID Field

OrgID Field

  1. Enter the user ID, copied during step 1 in the Navigation section, in the userId field.
UserID Field

UserID Field

  1. Click the Execute button. 
Execute Button

Execute Button

  1. From the Response Body section, record or copy the id number to your clipboard. This is the user's org membership ID number.
ID Value

ID Value

  1. Enter the keyword scim in the search text box, then click the scimTokens topic from the results.
scimTokens API Topic

scimTokens API Topic

  1. Click the POST /user/scimTokens (add a scim token) endpoint to open the parameters.
API Endpoint

API Endpoint

  1. From the Parameters section, click the Click to Populate Example box to populate the template in the body text box.
Click to Populate Example Box

Click to Populate Example Box

  1. In the body text box, delete the 0 in the orgMembershipId attribute, then enter the user's org membership ID number obtained in step 10. Enter a descriptive name for the SCIM token in the name attribute and define the domain (without the @ symbol) in the emailDomains attribute. If the IdP will be managing multiple domains, a comma-separated list can be used. The domains defined here should match those defined in the SSO setup.
  2. Click the Execute button. 
Execute Button

Execute Button

  1. Copy the token attribute from the Response body and store it for safekeeping. For security purposes, once a token is generated, it cannot be retrieved. If you misplace a token, a new one must be generated and the former token deleted. Tokens are only active for 2 years from the date of creation, and will become inactive once they pass the tokenExpiry date. 
Token Attribute

Token Attribute

Tips.png
 Tip:
IT Administrators should schedule the token rotation so that it is not missed in the future.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section