Admin By Request now supports SCIM integration. Here’s what our implementation of the standard offers, and what you need to do to get it set up.
Chances are, your enterprise is already making the most of the reusable, normalized, open standard that is the System for Cross-Domain Identity Management (a.k.a. ‘SCIM’).
Lightweight, simple, and growing in popularity – we’ve now made it possible to integrate with Admin By Request.
Benefits of SCIM Integration
What Our Integration Offers
- Identity Provider Support: The Admin By Request implementation of SCIM provisioning supports the Azure AD and Okta IDP environments, and is designed for Portal Users (i.e., your company admins. This implementation is not intended to integrate with end users).
- Provisioning Access: Provisioned users are able to access the User Portal using their IDP credentials and selecting the appropriate option from the Corporate Sign-in menu of the log in page, or from within the IDP:
- User Portal Permissions: Roles can be assigned to groups of users, specifying the permissions they have within the Admin By Request User Portal based on their Azure AD or Okta source group:
- SCIM Operation Support: The Admin By Request integration supports the Create, Update, and Delete operations for user provisioning.
Here’s How it Works:
- Create: Users are created in the Admin By Request User Portal based on user and group values and assignments in the IDP. In this case, a POST request is pushed to the application (i.e., Admin By Request).
- Update: Existing user and group attributes are updated in the Admin By Request User Portal to match changes to their corresponding user profile or group in the IDP. In this case, the application receives a PATCH request.
- Delete: Users or groups that are deleted or deprovisioned / unassigned in the IDP are deleted from the Admin By Request User Portal. In this case, SCIM sends a DELETE request to the application.
Configuring the Integration
- Create the SCIM Connector on your IDP side (i.e., Azure AD or Okta). This is done by creating a new Admin By Request SCIM application.
- Authorize the connection between the Admin By Request SCIM application and the SCIM Endpoint (created by us, on the Admin By Request side). This involves plugging in the SCIM API Key and URL, available in your Admin By Request User Portal.
- Set up provisioning and assign users and groups to the Admin By Request SCIM application in the IDP. (For Okta users, Single Sign-On (SSO) needs to be set up prior to provisioning.)
- Initiate provisioning to synchronize assigned users and groups to your Admin By Request User Portal.