About SCIM Directory Integration
SCIM, or the System for Cross-domain Identity Management, is a protocol designed to make managing user identities across different systems simpler and more efficient. It’s particularly useful when you’re using multiple cloud-based applications, as it helps automate the process of adding and removing users.How It Works
SCIM involves two main roles:- Client - This is usually an identity provider or identity access management system, like Microsoft Entra ID or Okta, that manages core identity data.
- Service Provider - A software-as-a-service (SaaS) application, like Iru Endpoint, that uses identity data to manage user access and permissions.
Configuring SCIM in Iru Endpoint
To configure a SCIM integration between your Identity Provider (IdP) and Iru Endpoint, you will need to:- Create a new SCIM Directory Integration in Iru Endpoint
- Obtain the SCIM API URL and API token from Iru Endpoint to use with your IdP.
- Access your IdP to create an app integration, map SCIM attributes, and push desired user groups.
Creating a New SCIM Directory Integration
1
Navigate to Integrations
Navigate to Integrations in the left-hand navigation bar.
2
Discover Integrations
Click Discover integrations in the upper-right of the Integrations page.
3
Add SCIM Protocol
On the SCIM protocol tile, click Add and configure.
4
Start Configuration
Click Get started.
5
Name the Integration
Enter a unique name for the SCIM integration.
6
Generate Authentication Token
Click Generate token. The SCIM user directory integration uses an HTTP authorization header with a Bearer Token as the authentication method.
7
Copy the Token
Click Copy token.
8
Confirm Token Copy
Confirm that you have copied the token and know you will need to change it if you want to see the token details again.
9
Complete Setup
Click Done. You will return to the Integrations page.
Obtaining the SCIM API URL
Your SCIM API URL will be in the format of https://subdomain.api.kandji.io/api/v1/scim1
Access Integration Details
Click the ellipse on the SCIM directory integration you just created.
2
View Details
Select View Details.
3
Copy API URL
Copy the SCIM API URL; your identity provider will require this.
4
Close Details
Click Close.
SCIM Schema and Supported Attributes
Iru Endpoint supports the following SCIM attributes. Refer to these attributes when mapping your SCIM application in your IdP.Iru Endpoint does not use any attributes that are not in the list below. To limit the attributes sent, please modify the attributes configured in the SCIM app in your IdP.
| Attribute | Description | Required |
|---|---|---|
| userName | Unique identifier for the user, used to authenticate to the service provider | Yes |
| name.formatted | The user’s full name (for example, “John Doe”). This attribute or the displayName attribute is required | No |
| displayName | The user’s full name (for example, “John Doe”). This attribute or the name.formatted attribute is required | Yes |
| title | The user’s title, such as “Vice President.” | No |
| active | The user’s status within the identity provider. This attribute is automatically added by the Identity Provider. | Yes |
| emails.value | The user’s email address as a subattribute of emails. Kandji only stores the first email in the list. | Yes |
| department | Identifies the name of a department. | No |
| Attribute | Description | Required |
|---|---|---|
| displayName | A human-readable name for the Group. | Yes |
| members | A list of members in the Group. | Yes |