SCIM user sync
Introduction
SCIM (System for Cross-domain Identity Management) is an open standard for synchronising users between an identity provider (Google, Azure, Okta, etc) and service provider (Skovik).
Supported SCIM schemas
Our implementation follows the SCIM 2.0 specification and supports the following schemas.
Core user schema
urn:ietf:params:scim:schemas:core:2.0:User
Enterprise user schema
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
Custom user extension
urn:ietf:params:scim:schemas:extension:skovik:2.0:User
The Custom User Extension schema is used to synchronize custom field values, unique to our system, for example cost center, default project membership and similar.
Provided SCIM endpoints
We provide the following SCIM endpoints:
/Users⇒ For user provisioning, updates, and deprovisioning./ServiceProviderConfig⇒ For SCIM service provider metadata./Schemas⇒ The SCIM schemas supported by our API, including the core user schema, the enterprise extension and our custom extension./ResourceTypes⇒ The resource types available (such as User), along with their associated schemas.
Implementation Guide
Prerequisites
Ensure that all users have a unique email address, as that will be used as the unique identifier (
userName) used for logging in to Skovik.Ensure that the branch an employee should belong to can be identified by an attribute on the identity provider. This attribute must match the
external_identifierof the branch in our system.Identify any custom fields in Skovik that should be provisioned for the employees.
Configuring SCIM in Skovik
Configuring SCIM in the identity provider
Table of mappings
userName
Employee's email
name.givenName
Employee's first name
name.familyName
Employee's last name
active
Active in Skovik. Setting to false will permanently archive the user.
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division
Employee's branch
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager
Employee's superior
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field1
Mapped to a custom field in the identity provider configuration.
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field1
Mapped to a custom field in the identity provider configuration.
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field2
Mapped to a custom field in the identity provider configuration.
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field3
Mapped to a custom field in the identity provider configuration.
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field4
Mapped to a custom field in the identity provider configuration.
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field5
Mapped to a custom field in the identity provider configuration.
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field6
Mapped to a custom field in the identity provider configuration.
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field7
Mapped to a custom field in the identity provider configuration.
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field8
Mapped to a custom field in the identity provider configuration.
urn:ietf:params:scim:schemas:extension:skovik:2.0:User:custom_field9
Mapped to a custom field in the identity provider configuration.
Last updated
Was this helpful?