ConnID Connector to support System for Cross-domain Identity Management (SCIM2) API for Identify and Access Management (IAM) of Remote Services
This open source connector for the SCIM2 API uses the ConnId Framework for integration with Identity and Access Management (IAM) systems such as Evolveum Midpoint.
The software leverages the Connector Base Framework located at https://github.com/ExclamationLabs/connector-base
This software is Copyright 2024 Exclamation Graphics. Licensed under the Apache License, Version 2.0.
The actual method of configuring a connector is largely dependent on the interface(s) provided by your Identity and Access management system. Midpoint provides a convenient user interface method to enter these values. If configuration properties are being read in from a property file you may also need to know the name of the property.
| Service URL | Yes | The base URL of the SCIM2 endpoint. |
| IO Error Retries | No | Number of retries that will be attempted when an IO error occurs. Default is 5. |
| Deep Get Enabled | No | When a search operation is executed and this value is true, the connector will make an individual call to download each User or Group returned. The value should be set to false since a standard SCIM2 service should return all attributes of each record. |
| Deep Import Enabled | No | When an import operation is executed and this value is true the connector will attempt to download all attributes for each individual record returned. The option should be set to false since the SCIM2 connector should return all attributes on the search. |
| Import Batch Size | No | The default number of records to retrieve per page. Import operations will be invoked using the given batch size when it is supplied. Since the SCIM2 API supports paging you can import records one batch/page at a time instead of all at once. |
| Pagination Enabled | No | The SCIM2 Connector supports pagination on User and Group objects. This option should be set to true. |
| Duplicate Record Returns Id | No | When a create is attempted and an AlreadyExistsException is generated, the adapter shall attempt to return the id of the existing record matching the specified userName. |
| Resource Type URL | string | URL to Discover resource type for a particular service provider. These included Users and Groups URL endpoints. |
| Resource Type JSON | string | The actual resource types for a particular service provider |
| Use Resource Type URL | boolean | Whether to use the URL or the JSON. Especially when the URL is not supported by the service provider. |
| Schema URL | string | URL to discover schema for a particular service provider |
| Schema JSON | string | The actual Schema return for a particular service provider. This can be populated from the URL at discovery time. |
| Use Schema URL | boolean | Where to use URL or JSON especially when URL is not available |
| Enable Standard Schema | boolean | Uses prebuilt java objects based on the stand schema. |
| Enable Enterprise User | boolean | Extend the user schema with enterprise attributes |
| Enable AWS Schema | boolean | Use a pre-built java classes as defined for AWS \ As specified here https://docs.aws.amazon.com/singlesignon/latest/developerguide/what-is-scim.html |
| Enable Slack Schema | boolean | Use prebuilt java classes as define for Slack as specified here: \ https://api.slack.com/admins/scim2 |
| Enable Dynamic Schema | boolean | Use the Resource Type and/or the Schema defined above for dynamic operations. |
| Users Endpoint URL | string | Discovered from the resource type or entered manually. Usually “/Users |
| Group Endpoint URL | string | Discovered from the resource type or entered manually. Usually “/Groups” |
| UserSchemaIdList | [string] |
A list of user schemas that define a user. This is discoverable from the Resource Type URL, JSON, or by one of the prebuilt java classes Default: urn:ietf:params:scim:schemas:core:2.0:User urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
| GroupSchemaIDList | [string] | A list of Group schemas that define a Group. This is discoverable from the Resource Type URL or JSON. or by one of the prebuilt java classes default: urn:ietf:params:scim:schemas:core:2.0:Group+etc |