General SCIM settings

The general SCIM settings include common configuration for the SCIM Web Service.

Steps

  1. From the top menu, go to AAC > Manage > SCIM Configuration.

  2. On the General page, modify the following options as needed.

      Enable Verify Access Header Authentication
      Controls Whether Verify Access Header Authentication is enabled. Verify Access Header Authentication is used to add the ISAM credential attributes to the session so they can be used by SCIM.

      Enable Authorization Filter
      The authorization filter is responsible for authorizing the request. It has some pre-defined rules for each of the supported SCIM end-points. These rules are:

        For the user profile functionality

        • Only authenticated users with administrator authority are allowed to do a search of users (GET /Users).
        • Unauthenticated access is allowed for creating a new user (POST /Users).

        • Only authenticated users with administrator authority or authenticated users who are accessing their own data are allowed to perform create, retrieve, update, and delete operations on a specific user's data (GET/PUT/DELETE/PATCH /Me or /Users/<id>).

        For other functionalities
        Any authenticated user is allowed to retrieve information about the SCIM service (GET /ServiceProviderConfig, /ResourceTypes, or /Schemas).

      If more advanced or different authorization is required, disable this filter and use a web reverse proxy or the Advanced Access Control component in front of the SCIM application to handle the authorization.

      Administration Group
      This group is used by the authorization filter for authorization checks where the user must be a member of the administration group.

      Max User Responses
      Set the maximum number of users that can be returned from a web service query to list users.

      Attribute Mode
      Each SCIM attribute has an associated mutability mode. The value can be ReadOnly, ReadWrite, AdminWrite, UserWrite, WriteOnly, or Immutable.

      The value of the default column shows if the mode is default (true) or user defined (false). A mode can be reset to default by setting this mode to an empty string.

      We can expand an attribute to see its subattributes.

  3. Click Save to save the changes. Due to the caching of configuration data within the runtime, it might take up to 30 seconds before any deployed configuration changes become active.

Parent topic: SCIM configuration