SCIM configuration by using your product UI
In your product UI, you can configure SCIM by selecting the attributes (User and Group attributes) to map the Identity provider (Idp) attributes to the SCIM attributes.
Note: If you want to add custom SCIM attributes, see Adding custom SCIM attributes.
To configure SCIM, complete the following steps:
Pre-requisite: Install the cluster. Once the cluster is installed, the admin username, password, and the URL are displayed.
-
Log in to the console by using the URL and enter the username and password.
Note: The console can be Platform UI or Common UI.
-
From the navigation menu, click Identity and access > Identity providers.
- Click Create Connection. The New LDAP server connection page is displayed.
- Select SCIM configuration.
- Click New attribute in the SCIM configuration page. The attribute types- User attribute and Group attribute are displayed.
- Select User attribute and complete the following:
- Select the attribute from the Attribute drop-down.
- Provide an Idp attribute to map the Idp attribute to the SCIM attribute.
-
Select Group attribute and complete the following:
- Select the attribute from the Attribute drop-down.
- Provide an Idp attribute to map the Idp attribute to the SCIM attribute.
Similarly, you can create another User attribute and Group attribute by clicking New attribute.
See the following notes:
-
The attributes in the Attribute drop-down are divided into two categories- simple attribute and complex attribute. For example, Name is a complex attribute because when you select the Name attribute from the drop-down, the New component attribute option is displayed. Click New component attribute to select the component attribute from the drop-down. These component attributes can be familyName, givenName, userType, and so on. And, id is a simple attribute because it does not have any component attribute.
-
If no SCIM attributes mappings are added, the default mapping happens. If you define a custom SCIM attributes mapping, the default mapping will not work and SCIM user search will return only those field values that you have added to the mapping list. Therefore, in such cases, perform the attribute mapping for others SCIM attributes in SCIM configuration section.
- Click Create to update the identity provider.
Editing the SCIM configuration
To edit the SCIM configuration, complete the following steps:
-
In the Identity Providers page, a list of SCIM configurations is displayed.
-
Select the name of SCIM configuration to edit and click Edit connection. Edit LDAP connection dialog box is displayed.
-
In Edit your LDAP connection dialog box, click Edit. It displays the LDAP connection page that contains SCIM configuration.
You can edit the SCIM configuration by the following ways:
-
Select New attribute, if you want to add new attributes to the SCIM configuration.
-
Delete any existing attribute. For each attribute, there is a Delete option in the UI.
-
Change the value of the Idp attribute of any existing attribute.
-
-
Click Save.
See the following notes:
-
The
Group filter
andGroup member ID map
filters do not consider the custom SCIM attribute values. Use LDAP filter values forGroup filter
andGroup member ID map
attributes to map the data. For more information about LDAP filters, see LDAP filters. -
The SCIM users and groups API for LDAP is dependent on the attribute mapping list. You must provide a proper attribute mapping for all the SCIM user and group attributes. If the SCIM attributes mapping is not proper then SCIM API might not be able to fetch users or group details or some attributes might miss in the SCIM users or groups response.