SCIM
SCIM (System for Cross-domain Identity Management) is a set of application-level protocols that use JSON, REST, and other authentication methods to automate the task of data provisioning.
SmartLink is SCIM-compatible, allowing you to automate provisioning (account creation) and deprovisioning (account deletion) across all your applications to save you time and money.
Use cases:
- Onboard your new employees to all the applications they need access to, in one click
- Remove all unnecessary accounts to save your resources
- Update all your users' passwords in your applications and save them in SmartLink in one click
Add an Application
To configure SCIM, start by adding a compatible application in SmartLink:
Configure SCIM
Let's configure SCIM now.
To use SCIM, you need to obtain two pieces of information from the target application:
- The SCIM API URL
- The authentication token (confidential!)
SCIM Features
Accounts in the Target Application
In this first tab, you have access to the list of user accounts present in the target application. Each account can be associated with a SmartLink account or not.
You have several options:
- You can create a new user in SmartLink and link it to this account in the target application. This action should be taken when the user exists in the target application but not yet in your SmartLink system.
- You can assign this account to an existing SmartLink user. This action should be taken when the user exists in both the target application and SmartLink.
- Delete the account in the target application.
Access in SmartLink
You can create an account in the target application for users who don't have one yet. This tab shows SmartLink users who have been granted access to the application but do not yet have a provisioned account in the target application. You can view all these users and take action for each of them.
For each user in the list, you can provision an account in the target application by clicking on the actions button.
Groups in the Target Application
Similar to users, you can:
- Create a new folder in SmartLink linked to this group in the target application
- Assign an existing folder
- Delete the folder in the target application
SmartLink Folders
You can create a new group in the target application associated with this SmartLink folder.
SCIM Schema
Automation Settings
For each SCIM event, you have three options:
- Manual Mode: You manage everything manually through the tabs seen previously
- Notification Mode: Each access modification in SmartLink creates a new ticket in the message tab to help you take action
- Automatic Mode: An access change in SmartLink automatically affects the target application
What are the possible events?
- An administrator has authorized a new SmartLink user on the application: In automatic mode, this will automatically create an account on the target application for this user (provisioning)
- An administrator has removed access to this application for a SmartLink user: In automatic mode, this will delete the associated account in the target application (deprovisioning)
- An administrator has deactivated a SmartLink user: In automatic mode, this will also deactivate the associated account in the target application (the user will temporarily be unable to log in)
- Information about a SmartLink user has been updated (name, surname, email...): In automatic mode, these updates will also be reflected in the target application
