Overview
By enabling SCIM provisioning, you can configure a push-based directory sync from your identity provider (idP) to Secureframe. User and user updates (e.g. active status) are pushed to Secureframe in near real-time.
What is SCIM?
SCIM (System for Cross-domain Identity Management) is a standard protocol that automates the management of user identities across systems. SCIM simplifies tasks like creating, updating, and deactivating user accounts in multiple systems. It’s particularly useful for organizations with a large user base, as it reduces the manual effort required to maintain accurate user data.
Key features of SCIM:
- Automates user provisioning and deprovisioning.
- Ensures consistency of user data across connected systems.
- Reduces administrative overhead by syncing user data from a central identity provider (IdP) to other applications.
Setting up SCIM
- In Secureframe, navigate to Company Settings -> SCIM Settings.
- Click "Start configuring SCIM."
- Click "Add SCIM Connection" and follow the step by step workflow on the screen. If you do not see your provider listed, you can easily set up a custom SCIM connection by selecting "Custom SCIM" on the following screen:
Automatic Invites
By default, we will automatically import SCIM groups to Secureframe. You can automatically invite users from your SCIM sync by:
- Navigate to Personnel
- Personnel Settings
- Invite personnel
- Adding the SCIM group to the "Automatic group invites" selector (make sure the toggle is checked)
If you don't see SCIM groups in this selector, make sure you have provisioned them in the SCIM app you've setup in your identity provider (idP). Groups from a SCIM connection are prefixed with the idP vendor name, for example, "Okta SCIM - Contractors".
Frequently Asked Questions (FAQ)
Is a SCIM connection the same as an SSO connection?
- No, a SCIM connection is separate from an SSO connection. They serve different purposes: SCIM handles user-related data synchronization, while SSO focuses only on authentication.
Does setting up an SSO connection sync user-related data?
- No, setting up an SSO connection does not sync user-related data. SSO is limited to authentication and does not involve provisioning or updating user accounts.
How can I sync user-related data?
- User-related data will only be synced when a SCIM connection is established and properly configured. Without a SCIM connection, no user data synchronization will occur, even if an SSO connection is active.
How do I enable and set up SCIM?
- If you don’t see the "SCIM Settings" tab in the Company Settings, SCIM isn’t currently enabled for your account. Please reach out to accountmanagement@secureframe.com to discuss enabling this feature.
Comments
0 comments
Article is closed for comments.