Skip to main content

Manage provisioners using SCIM

IDaaS allows you to create a Provisioner to provision users with a third-party service that supports System Cross Domain Identity Management (SCIM) in two ways:

  • Inbound into IDaaS from another service—Users from the SCIM 2.0 client (for example, Microsoft Entra ID) are added to IDaaS. In addition, user updates and deletions that are made to in the users in the third-party service are applied to the inbound users in IDaaS.

    The inbound provisioning process involves creating a SCIM Administration API application in IDaaS to generate a URL, secret, and long-lived token that is shared with the third-party service.

  • Outbound from IDaaS to another service—Users from IDaaS are added to the third-party service. In addition, user updates and deletions that are made to in the users in IDaaS are applied to the outbound users in the third-party service.

    The outbound provisioning process includes using groups and user attributes to identify the users that need to be provisioned. Before you begin, you need to determine that attributes required for successful mapping, which may require creating custom user attributes.

This section describes how to configure user provisioning for a generic or custom service. For instructions to integrate other third-party services that have been fully tested with IDaaS, see Integrate services for user provisioning in the IDaaS integration guides.

note

To use the Provisioners feature for outbound provisioning, you need a tenant with the premium or a custom bundle.

Topics in this section