Configuration Manager - SCIM
The "SCIM" menu is where a SCIM interface for account provisioning is configured. The SCIM API supports multi-tenant capability, enabling the creation of multiple SCIM configurations per client. This ensures data segregation and facilitates compliance with data protection regulations.. Important configurations for SCIM are defining the authorised SCIM user and setting up the source field to target attribute mapping.
Description
Setting | What does the setting do? |
|---|---|
Active | |
Return multi-value attributes always as a list even when only one value is available | When this setting is active (ticked), list type attributes are always returned as lists (including the brackets) even if a list has just a single entry. |
User identifier (100 characters max.) | Authorized scim user identified via ext_id_scim. |
SCIM Base Group ID | This setting is used to select a base ‘BU’ group that will be used for the SCIM API to create sub-groups using the POST method. |
SCIM Profile Identifier Attribute | Database name of the imc attribute in the PERSON table that will be used to identify a user during SCIM account provisioning. |
Multi-Tenant Configuration
Client Mapping
Client Mapping section has been introduced under Configuration → SCIM, which allows the following per-client configurations:
Setting | What does the setting do? |
|---|---|
Client | Dropdown selection to define the client for this mapping. |
User identifier (100 characters max.) | Specifies a unique technical user for each client. |
SCIM Base Group ID | Specifies a unique technical user for each client. |
SCIM Profile Identifier Attribute | Identifies users within the client’s SCIM environment. |
Attribute Mapping
Within the Mapping tab, administrators can define field mappings for user provisioning:
Setting | What does the setting do? |
|---|---|
Source Field | Specifies the field from the external SCIM source. |
Target Field | Maps the source field to the corresponding attribute in the LMS. |
Ignore Empty Field | A checkbox to ignore mappings where the source field is empty. |
Hash Identifier | An optional setting for hashing specific attribute values. |
SCIM Multi Tenant User Unique User ID
Key Considerations
SCIM Client Mapping: Each client in a multi-tenant setup requires a SCIM client mapping to associate external SCIM users and groups with the correct tenant.
SCIM Profile Identifier Attribute: Only non-unique personal attributes can be selected as the SCIM Profile Identifier Attribute.
LOGINandPERSON_IDcannot be used.
Default Client: If no specific SCIM client mapping is found for a user or group, the system will use the default client, as defined in the import settings.
Example, if imc_admin, having the client Demo CLIX and a SCIM client mapping configuration for Demo CLIX, makes SCIM requests for the user with the external ID ext_scim_user_1000, then the system will try to identify the user with the external ID ext_scim_user_1000 and the client Demo CLIX, otherwise, if imc_admin does not have a SCIM client mapping configuration for his client Demo CLIX, the system will try to identify the user with the external ID ext_scim_user_1000 and the default client (which is usually Clients).
Admin Role Assignments: Ensure administrators have the correct SCIM permissions for their respective clients.