SecureAuth SCIM discussion
System for Cross-domain Identity Management (SCIM) is an open standard that manages user identity information between identity domains. This topic answers some typical questions you might have about SCIM and the SecureAuth Identity Store.
- What does SCIM mean to SecureAuth Identity Store?
- Does SecureAuth Identity Store provision third-party SCIM endpoints?
- What is the best practice to manage authentication to my SCIM API?
- Does SecureAuth support multiple email addresses, phone numbers, and physical addresses in my user profile and do I need to use an array to specify them?
- How does the Identity Store determine the primary value for multiple email addresses, phone numbers, and physical addresses?
- Does the Identity Store support Delete /User?
- What is the active attribute on the user object?
- Does the Identity Store exclude any parts of the SCIM specification?
- What's the best way to import users quickly?
What does SCIM mean to SecureAuth Identity Store? | |
We use SCIM in the standard way--to manage user and group information--but we also use it to manage password policies, deny lists, membership, privacy fields, and more. | |
Does SecureAuth Identity Store provision third-party SCIM endpoints? | |
No, the current release of the Identity Store does not support provisioning. | |
What is the best practice to manage authentication to my SCIM API? | |
Generate your credentials by using the SecureAuth Identity Store UI, and then generate the bearer token (aka, access token) to use it for the API operations. Find out how to obtain a bearer token in Use the Postman collection. If you're working in your own development environment (not Postman), see Obtain credentials. | |
Does SecureAuth support multiple email addresses, phone numbers, and physical addresses in my user profile and do I need to use an array to specify them? | |
Yes, you can set multiple values for email addresses, phone numbers, and physical addresses in the user profile in a few different ways. Use the API to add as many elements as needed. You can also use the CSV import from the user interface where you can include as many element types per user as needed. Additionally, use the standard array structure to specify the elements; you must use an array structure even if you have only one element. To find out more information about this multi-valued attribute, see the SCIM specification, Section 5, Arrays. | |
How does the Identity Store determine the primary value for multiple email addresses, phone numbers, and physical addresses? | |
Set the Additionally, you can use the Example: If you have three email addresses, set one primary email. You can set only one primary email, phone number, and physical address. | |
Does the Identity Store support Delete /User? | |
Yes. Because we support multiple identity stores, we empower you to manage your distinct identity stores, but have controls in place to ensure that an identity store cannot be deleted when it contains users. We support Delete /User so that you can delete all users from an identity store and then delete the identity store. Deleting a user is permanent and the user information is irrecoverable. | |
What is the | |
SecureAuth does not use this attribute to determine if a user is active or not. We use our own extension schema, | |
Does the Identity Store exclude any parts of the SCIM specification? | |
The identity Store does not expose the following parts of the SCIM spec:
| |
What's the best way to import users quickly? | |
This depends on how many users you need to create or import.
|