Skip to main content

SCIM

From Administration, SCIM, admins can manage the System for Cross-domain Identity Management (SCIM) connection for your organization.

System for Cross-domain Identity Management (SCIM) is an open standard that automates the exchange of user identity information between identity providers (IdPs) and service providers (SPs), such as SixMap. SCIM works in conjunction with Single Sign-On (SSO) to streamline user lifecycle management, making it easier to manage user identities across different systems. For more information, see Understand SCIM.

Create a SCIM connection

  1. Navigate to Administration, SCIM.
  2. Select Create.
  3. Under Create SCIM Connection, select the IdP to connect to, enter a display name, and select Create.
  4. Under Configure SCIM, follow the on-screen connection steps to copy the SCIM connection settings to your IdP, and confirm that you copied the values.
  5. Select Done.

Role assignments

To automate group management and role-based access control, admins can manage group attributes and assign roles to those groups within SixMap during configuration.

Group attributes are pieces of information associated with a group in your IdP which can include the group's name, description, or other relevant details. SCIM allows SixMap to receive and synchronize these group attributes from your IdP so that when an admin provisions a group through SCIM, SixMap can use the attributes to create or update the corresponding group in the app.

Assign groups to roles

  1. Navigate to Administration, SCIM.
  2. In the Role assignments section, select Edit.
  3. Select Add group roles.
  4. In the Group name field, select a group from your IdP to assign to a SixMap role.
  5. In the Group Role field, select the SixMap role to assign to the group.
  6. Select Save.

Token rotation

Token rotation provides a security mechanism for managing and updating the bearer tokens your IdP uses to authenticate with SixMap's SCIM API. Although bearer tokens are convenient, they can pose a security risk if compromised. Token rotation helps mitigate this risk by allowing admins to periodically replace existing tokens with new ones, limiting the window of opportunity for unauthorized access if a token is exposed.

Rotate a SCIM token

  1. Navigate to Administration, SCIM.
  2. Under Token Rotation, select Start token rotation.
  3. Copy the token and confirm that you copied it.
  4. Select Done.
  5. Add the token to your IdP.
  6. Select Complete rotation and confirm your selection.

Delete a SCIM connection

To delete a SCIM connection and all associated SCIM groups, user registrations, and group role assignments, navigate to Administration, SCIM. Under Danger zone, select Delete Connection and confirm your selection.

info

To create a new SCIM connection, delete the existing connection first.

caution

You can't restore a connection after you delete it.