Configuring SCIM Provisioning in 0patch Central

Mitja Kolsek -

0patch Central supports SCIM provisioning. While it should be possible to configure SCIM with any identity provider, we have prepared detailed instructions for some of the most widely used IDPs:

Notes:

  1. When you enable SCIM in 0patch Central, the SCIM connector base URL and authentication token will be displayed to you in a dialog. This will be the only time you will see the authentication token so make sure you copy it before closing the dialog, or you'll have to create a new one by disabling SCIM and enabling it again.
  2. If you disable SCIM, the current authentication token will be invalidated. You will have to provide a new authentication token to your IDP if you subsequently want to re-enable SCIM.
  3. Even if we don't have instructions for your IDP, you can probably use SCIM with 0patch by providing your IDP with the SCIM connector base URL and authentication token from 0patch Central, and making sure SCIM requests from your IDP include the following attributes:
    • userName: email address of the user in 0patch Central
    • active: True or False depending on user's status (when True, the user will be able to login to 0patch Central)
    • roles: an array with just one role listed having value from {"Administrator", "AgentManager", "BillingManager", "Auditor"}
  4. If you're going to use SAML and SCIM, make sure that the SAML name attribute matches the SCIM userName attribute.
  5. We currently only support provisioning users; groups-based provisioning will be implemented at a later time.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.