Skip to main content
Skip table of contents

Configuration Manager - SCIM

The "SCIM" menu is where a SCIM interface for account provisioning is configured. The SCIM API supports multi-tenant capability, enabling the creation of multiple SCIM configurations per client. This ensures data segregation and facilitates compliance with data protection regulations.. Important configurations for SCIM are defining the authorised SCIM user and setting up the source field to target attribute mapping.

Description

Setting

What does the setting do?

Active

Return multi-value attributes always as a list even when only one value is available

When this setting is active (ticked), list type attributes are always returned as lists (including the brackets) even if a list has just a single entry.

User identifier (100 characters max.)

Authorized scim user identified via ext_id_scim.

SCIM Base Group ID

This setting is used to select a base ‘BU’ group that will be used for the SCIM API to create sub-groups using the POST method.

SCIM Profile Identifier Attribute

Database name of the imc attribute in the PERSON table that will be used to identify a user during SCIM account provisioning.

Multi-Tenant Configuration

Client Mapping

Client Mapping section has been introduced under Configuration → SCIM, which allows the following per-client configurations:

Setting

What does the setting do?

Client

Dropdown selection to define the client for this mapping.

User identifier (100 characters max.)

Specifies a unique technical user for each client.

SCIM Base Group ID

Specifies a unique technical user for each client.

SCIM Profile Identifier Attribute

Identifies users within the client’s SCIM environment.

Attribute Mapping

Within the Mapping tab, administrators can define field mappings for user provisioning:

Setting

What does the setting do?

Source Field

Specifies the field from the external SCIM source.

Target Field

Maps the source field to the corresponding attribute in the LMS.

Ignore Empty Field

A checkbox to ignore mappings where the source field is empty.

Hash Identifier

An optional setting for hashing specific attribute values.

SCIM Multi Tenant User Unique User ID

Key Considerations

  1. SCIM Client Mapping: Each client in a multi-tenant setup requires a SCIM client mapping to associate external SCIM users and groups with the correct tenant.

  2. SCIM Profile Identifier Attribute: Only non-unique personal attributes can be selected as the SCIM Profile Identifier Attribute. LOGIN and PERSON_ID cannot be used.

image-20250314-160309.png
image-20250314-160052.png
  1. Default Client: If no specific SCIM client mapping is found for a user or group, the system will use the default client, as defined in the import settings.

    1. Example, if imc_admin, having the client Demo CLIX and a SCIM client mapping configuration for Demo CLIX, makes SCIM requests for the user with the external ID ext_scim_user_1000, then the system will try to identify the user with the external ID ext_scim_user_1000 and the client Demo CLIX, otherwise, if imc_admin does not have a SCIM client mapping configuration for his client Demo CLIX, the system will try to identify the user with the external ID ext_scim_user_1000 and the default client (which is usually Clients).

  2. Admin Role Assignments: Ensure administrators have the correct SCIM permissions for their respective clients.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.