Support matrix (SCIM Directory)
Use this support matrix as a quick lookup of supported directory features.
Table of SCIM Directory features that
are identified as being supported or not supported by Content Platform Engine.
| SCIM Directory Features | Supported By Content Platform Engine |
|---|---|
| One-way Secure Sockets Layer (SSL) | Yes |
| Two-way SSL | No |
| Transport Layer Security (TLS) | Yes |
| Static Groups | Yes |
| Dynamic Groups | No |
| Nested Groups | Yes |
| Supported User type (objectClass) | Users |
| Supported Static Group types (objectClass) | Groups |
| Roles | No |
| Follow referrals for Search (for example, User and Group retrieval) | No |
| Support multiple realms | No. You can have multiple SCIM directories, each supporting a single realm corresponding to a SCIM provider. |
| Chaining | Yes |
| Directory aliases | No |
| Restrict to single realm | Yes - One SCIM Directory Provider per realm. Can support multiple SCIM Directory Providers. |
| Configurable user short name attribute | Yes - Because the short name does not contain realm information, short names must be unique across all your configured domains and realms. |
| Configurable group short name attribute | Yes. Because the short name does not contain realm information, short names must be unique across all your configured domains and realms. |
| Configurable user display name attribute | Yes |
| Configurable group display name attribute | Yes |
| Multiple authenticating attributes support | Not Applicable - authenticating attributes are controlled by the Identity Provider. |
| Use email attribute as short name | Yes - for user short name Do not use email for group short name |
| Sorting | No |
| Server side sorting | Yes (Required) - Server Side Sorting (SSS) must be enabled. This is because Content Cortex components call on Content Platform Engine to perform searches using a sorted paging mechanism. Note that SSS is normally enabled by default but is sometimes disabled due to concerns with performance. |
| Paging/Continuation | Yes - Return users and groups page by page. Page continuation happens automatically in the back end. |
| LDAP attributes to read in a group entry when resolving member users and member groups | Depends on the SCIM Directory and how it maps LDAP attributes to SCIM Attributes. For
example, IAM uses a SCIM attribute map in the platform-auth-idp configmap. |
| Security Proxy Server | No - The Security Proxy Server is designed to sit in front of a group of base directory servers and provide request routing, load balancing, and fail over support. However, because it does not support sorted searches, it cannot be used with Content Platform Engine. |