System for Cross-domain Identity Management (SCIM)
Flexera One supports System for Cross-domain Identity Management (SCIM) for automated user provisioning and deprovisioning from your identity provider (IdP) to Flexera One.
SCIM is an open standard that enables the automation of user provisioning. By enabling SCIM, you can connect Flexera One to external identity providers to seamlessly import, export, and synchronize identity resources. This streamlines user onboarding and offboarding based on changes in your external system and helps control access by limiting the number of users with high-level privileges in Flexera One.
Note:Currently, SCIM integration with Microsoft Entra ID (formerly Azure Active Directory) is supported.
Important:
|
•
|
Users provisioned via SCIM can only sign in using single sign-on (SSO). They cannot sign in using a username and password. |
|
•
|
When a user is deleted via SCIM, they are removed from the organization only to prevent accidental deletion across multiple organizations when a user belongs to multiple organizations. |
Prerequisites for SCIM Provisioning
Organization Requirements
|
•
|
No new capabilities are required. The SCIM feature is available to all customers with existing Identity and Access Management (IAM) capability. |
|
•
|
A new role, SCIM Operator, is used to manage SCIM API resources. |
API Information
A new set of APIs are available under the scim namespace with the following base URL format:
api.flexera.{TLD}/scim/v2/orgs/{orgId}/*
Example Endpoints:
|
•
|
api.flexera.com/scim/v2/orgs/1105/ServiceProviderConfig |
|
•
|
api.flexera.eu/scim/v2/orgs/28018/Users |
|
•
|
api.flexera.au/scim/v2/orgs/28018/Groups/123 |
Supported SCIM Operations
Configurations
|
•
|
List Service Provider Configurations |
Users
|
•
|
List Users (filter by ID or username) |
|
•
|
Create User (only if domain is verified) |
Groups
|
•
|
List Groups (filter by ID or display name) |
Next Steps