Skip to content

Setup for SCIM Server UserSync connector

Configuration

  • Enable Privacera UserSync: 

    cd ~/privacera/privacera-manager
cp config/sample-vars/vars.privacera-usersync.yml config/custom-vars/

  • Enable the SCIM Server connector: 

    cd ~/privacera/privacera-manager
cp config/sample-vars/vars.privacera-usersync.scimserver.yml config/custom-vars/
vi config/custom-vars/vars.privacera-usersync.scimserver.yml

  • Edit the following properties:

    • SCIM_SERVER_CONNECTOR: The name of this connector

    • SCIM_SERVER_ENABLED: The enabled status of the connector (true/false)

    • SCIM_SERVER_USERNAME: The basic auth username

    • SCIM_SERVER_PASSWORD: The basic auth password

    • SCIM_SERVER_BEARER_TOKEN: The bearer token for auth to SCIM API

    • SCIM_SERVER_ATTRIBUTE_USERNAME_VALUE_EXTRACTFROMEMAIL: Extracts the username from the email address (true/false). By default, username is mapped to "userName" which may contain an email address.

  • Post configuration, deploy the changes Using Privacera Manager.

To add an SCIM Server UserSync connector on Privacera Cloud, follow these steps:

  1. From the navigation menu, select Settings > UserSync Configuration.

  2. Choose a data source, click the dots icon, and select Add Application.

  3. From the Application List section, select USERSYNC.

  4. From the Service Type dropdown, select SCIM-Server (System for Cross Identity Management - Server Endpoint).

  5. In the Connector Name field, enter a name for the connector.

  6. Click Next.

  7. Copy Endpoint URL for the SCIM server to be used when configuring provisioning in external service.

  8. Select desired authentication type Basic or Bearer Token.

  9. Enter Username and Password or Bearer Token.

  10. Complete each step and advance through the pages of the configuration wizard.

  11. Complete all BASIC values, then review and update ADVANCED values as required.

    Username Attribute Modification

    Some services provide username in the format of an email address. If username format should be the first part of email address then visit the Advanced tab of the Base User Attributes section and update the Username Attribute field to Extract from email.

  12. Click FINISH.

For additional details, see Advanced Configuration

Integrating SCIM Server

For details on integrating SCIM Server with external identity providers, see the following topics:

Comments