Fact

PhenixID Identity Provisioning 4.0 or later

System Requirements

SCIM client Bulk WS endpoint, WS username and WS password (for sending BulkResponse).

Situation

Use PhenixID Identity Provisioning as a SCIM Service Provider to process SCIM BulkRequests (from files) and send corresponding SCIM BulkResponse to SCIM client endpoint.

Use PhenixID Identity Provisioning as a SCIM Client to send SCIM BulkRequests to a SCIM Service Provider endpoint.

Use PhenixID Identity Provisioning as a SCIM Client to fetch user information from a SCIM Service Provider endpoint.

Use PhenixID Identity Provisioning as a SCIM Client to fetch group information from a SCIM Service Provider endpoint.

Please view this document for a PhenixID SCIM overview.

Solution

This document will show the steps that are necessary to configure PhenixID Identity Provisioning to handle different SCIM scenarios. See Situation above for the different scenarios.

First download this necessary component:

Add action dependencies

Unzip scim_action_dependencies.zip to Identity Provisioning ext/ folder. Verify that the jars were added correctly.

Import the new SCIM action(s)

Start the Provisioning Configurator and go to Tools – Action Package Manager.

Click the button Import from file and browse to the downloaded file AAMSCIMActions.jar.

Give the imported Action jar a name of your choice.

Save by clicking OK and exit Action Package Manager.

Actions

Read SCIM BulkRequest files

[PhenixID Identity Provisioning acting as a SCIM service provider (SCIM server)]

This action processes SCIM BulkRequest files from disk. From every Operation object of the BulkRequest, a new PIP session object will be created and populated with data. Operations of type User, Group and organization (STHLM UNIT) are currently supported.

NB! For detailed information about the SCIM standard, please view http://www.simplecloud.info/.

Parameter	Description	Example
Folder containing SCIM BulkRequest files to be processed	[MANDATORY] Folder containing json files.
Archive folder to copy processed files	[MANDATORY] The archive folder. Processed files will be moved to this folder.
Prefix value to add to new session attributes.	[Optional] Prefix value to be added to the session attributes created by this action. Defaults to “SCIM_”	scim_

Session attribute name list

This table describes the session attributes that will be created after action execution and which Operation json property it maps to.

Send SCIM BulkResponse

[PhenixID Identity Provisioning acting as a SCIM service provider (SCIM server)]

This action creates a SCIM BulkResponse and sends it to SCIM REST endpoint. For every session object, a SCIM BulkResponse Operation object will be created.

Each Operation object will be populated with bulkId, status, method, location [OPTIONAL] and version [OPTIONAL].

The action supports the use of HTTP Basic Authentication (username and password) against the SCIM Endpoint.

NB! For detailed information about the SCIM standard, please view http://www.simplecloud.info/.

Parameter	Description	Example
SCIM Bulk web service endpoint	[MANDATORY] The endpoint for the SCIM client Bulk Service. Must be the full URL. Supports GLOBAL().	http://demo6962066.mockable.io/scim/v2/asynchronous/bulk
SCIM web service username	[MANDATORY] The web service username. Supports GLOBAL()	phenixid
SCIM web service password	[MANDATORY] The web service password. Supports GLOBAL()	secret
Session Attribute for bulkId	[MANDATORY] The session attribute that contains the bulkId value.	scim_operation_bulkId
Session Attribute for status	[MANDATORY] The session attribute that contains the status. Status value must be a HTTP Status code.	status
Session Attribute for method	[MANDATORY] The name of the session attribute that contains the method (PUT, POST…). Method value must be a HTTP method	scim_operation_method
Session Attribute for version	[OPTIONAL] The name of the session attribute that contains version.
Session Attribute for location	OPTIONAL] The name of the session attribute that contains location.	secret

Send SCIM GetUser

[PhenixID Identity Provisioning acting as a SCIM client]

This action sends a GET request to a SCIM REST endpoint for every session object.

The session object will be populated with attributes based on the SCIM response according to this table.

The action supports the use of HTTP Basic Authentication (username and password) against the SCIM Endpoint.

NB! For detailed information about the SCIM standard, please view http://www.simplecloud.info/.

Parameter	Description	Example
SCIM GetUser web service endpoint	[MANDATORY] The endpoint for the SCIM Service Provider User method. Supports SESSION().	http://demo6962066.mockable.io/scim/v2/GetUser?id=SESSION(userid)
SCIM web service username	[MANDATORY] The web service username. Supports GLOBAL()	phenixid
SCIM web service password	[MANDATORY] The web service password. Supports GLOBAL()	secret
Prefix value to for scim session attributes.	[Optional] Prefix value for scim session attributes. Defaults to “SCIM_”	scim_

Send SCIM GetGroup

[PhenixID Identity Provisioning acting as a SCIM client]

This action sends a GET request to a SCIM REST endpoint for every session object.

The session object will be populated with attributes based on the SCIM response according to this table.

The action supports the use of HTTP Basic Authentication (username and password) against the SCIM Endpoint.

NB! For detailed information about the SCIM standard, please view http://www.simplecloud.info/.

Parameter	Description	Example
SCIM GetGroup web service endpoint	[MANDATORY] The endpoint for the SCIM Service Provider Group method. Supports SESSION().	http://demo6962066.mockable.io/scim/v2/GetGrouo?id=SESSION(groupId)
SCIM web service username	[MANDATORY] The web service username. Supports GLOBAL()	phenixid
SCIM web service password	[MANDATORY] The web service password. Supports GLOBAL()	secret
Prefix value to for scim session attributes.	[Optional] Prefix value for scim session attributes. Defaults to “SCIM_”	scim_

Send SCIM BulkRequest

[PhenixID Identity Provisioning acting as a SCIM client]

This action creates a SCIM BulkRequest and sends it to a SCIM REST endpoint. For every session object, a SCIM BulkRequest Operation object will be created.

Each Operation object will be populated based on the data in the session object before sending it. Make sure you populate your session objects according to this table.

The action supports the use of HTTP Basic Authentication (username and password) against the SCIM Endpoint.

NB! For detailed information about the SCIM standard, please view http://www.simplecloud.info/.

Parameter	Description	Example
SCIM Bulk web service endpoint	[MANDATORY] The endpoint for the SCIM client Bulk Service. Must be the full URL. Supports GLOBAL().	http://demo6962066.mockable.io/scim/v2/bulk
SCIM web service username	[MANDATORY] The web service username. Supports GLOBAL()	phenixid
SCIM web service password	[MANDATORY] The web service password. Supports GLOBAL()	secret
Prefix value to for scim session attributes.	[Optional] Prefix value for scim session attributes. Defaults to “SCIM_”	scim_

After the send operation to the SCIM endpoint, the action will process the SCIM BulkResponse response from the SCIM Service Provider. Each session object will be updated with these session properties. It also describes how they map to the JSON property of the BulkResponse operation.

Session attribute name	Operation json property
SCIM_response_operation_status	Operation->status
SCIM_response_operation_location	Operation->location
SCIM_response_operation_version	Operation->version

DISCLAIMER

Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se