PhenixID and SCIM – technical overview
About this document
This document describes the flow for PhenixID as SCIM Server and PhenixID as SCIM client.
The reader is expected to have basic knowledge about the SCIM standard.
Facts
PhenixID is able to act as SCIM Server (also known as SCIM Service Provider) and SCIM client.
PhenixID utilize the SCIM Bulk operation to exchange identity- and organizational data.
PhenixID as SCIM Service Provider
Flow description:
1. SCIM Client sends a SCIM BulkRequest to PhenixID Server (acting as SCIM Service Provider) over https.
2. PhenixID Server writes the BulkRequest to file and responds to the SCIM client with a SCIM BulkResponse. The SCIM BulkResponse operation(s) status will be 202.
3. PhenixID Identity Provisioning will read the SCIM BulkRequest from file and perform any actions necessary for the use case.
4. [OPTIONAL] PhenixID Identity Provisioning will, after processing the SCIM information, send a SCIM BulkResponse to SCIM client endpoint. This SCIM BulkResponse will contain an updated status for each operation, depending on execution status.
PhenixID as SCIM Client
Bulk
1. PhenixID Identity Provisioning (acting as SCIM client) sends a SCIM BulkRequest to the SCIM Service Provider over https.
2. SCIM Service Provider will respond with a SCIM BulkResponse. PhenixID Identity Provisioning will act upon the status of the SCIM BulkResponse operations.
Synchronous
Get user information
1. PhenixID Identity Provisioning (acting as SCIM client) sends a SCIM read request (HTTP GET to configured endpoint) to the SCIM Service Provider over https.
2. SCIM Service Provider will respond with a SCIM User object. PhenixID Identity Provisioning will add user properties as session attributes.
The above will be performed once for each session object.
Get group information
1. PhenixID Identity Provisioning (acting as SCIM client) sends a SCIM read request (HTTP GET to configured endpoint) to the SCIM Service Provider over https.
2. SCIM Service Provider will respond with a SCIM Group object. PhenixID Identity Provisioning will add group properties as session attributes.
The above will be performed once for each session object.
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se