0patch Central supports SCIM provisioning. While it should be possible to configure SCIM with any identity provider, we have prepared detailed instructions for some of the most widely used IDPs:
- Configuring Okta SCIM Provisioning to 0patch Central [in progress]
- Configuring Microsoft Entra ID SCIM Provisioning to 0patch Central
- Configuring OneLogin SCIM Provisioning to 0patch Central [in progress]
- Configuring Ping Identity SCIM Provisioning to 0patch Central [in progress]
Notes:
- When you enable SCIM in 0patch Central, the SCIM connector base URL and authentication token will be displayed to you in a dialog. This will be the only time you will see the authentication token so make sure you copy it before closing the dialog, or you'll have to create a new one by disabling SCIM and enabling it again.
- If you disable SCIM, the current authentication token will be invalidated. You will have to provide a new authentication token to your IDP if you subsequently want to re-enable SCIM.
- Even if we don't have instructions for your IDP, you can probably use SCIM with 0patch by providing your IDP with the SCIM connector base URL and authentication token from 0patch Central, and making sure SCIM requests from your IDP include the following attributes:
- userName: email address of the user in 0patch Central
- active: True or False depending on user's status (when True, the user will be able to login to 0patch Central)
- roles: an array with just one role listed having value from {"Administrator", "AgentManager", "BillingManager", "Auditor"}
- If you're going to use SAML and SCIM, make sure that the SAML name attribute matches the SCIM userName attribute.
- We currently only support provisioning users; groups-based provisioning will be implemented at a later time.
0 Comments