Skip to content

SCIM - System for Cross-Domain Identity Management

SCIM is a specification created to make the management of users between different services and applications easier. A common schema is used for User information which allows services to pass their user data without having to think about how the information is stored in your own service. By provisioning users with SCIM you can simply set the up the mapping of your Users attributes to SCIM-attributes, which then will be mapped to attributes in the IFS User database, and also create new Users if they do not already exist.

Purpose

SCIM in IFS Cloud uses one-way communication. This means that only the external Identity provider sends information that creates, updates or deletes user information. Changes made to users within IFS Cloud will not trigger an update to the external Identity provider. The purpose of SCIM in IFS cloud is simple user management.

SCIM Standard

For updated and detailed information about the SCIM standard please visit this page.

Usage

SCIM 2.0 uses REST API for all operations.

Operations

All user data passed to the Create and Update endpoints must be encoded as a SCIM object in JSON. Resources stored in attributes that is not mapped to an IFS attribute will not be stored.

Attribute Mapping

This mapping table is to be used by Administrators when configuring a new Provisioning Service. The SCIM Attribute maps to certain fields of the IFS Cloud database. When first creating a new User through provisioning, a unique Identity will be created. This Id is used as a unique identified for the new User, and will be generated based on the values of the SCIM attributes name.givenName and name.familyName. Some Identity Managers will have all of these attributes by default, but in some cases a manual attribute mapper will need to be added. As an example, which can be seen in the configuration example for Okta, a attribute mapper for name.formatted has to be added.

The SCIM Attributes username, name.formatted, and displayName are mandatory, must be mapped, and have a value set from the external Identity Manager to successfully sync new users.

SCIM Attribute IFS DB Attribute IFS DB Character Limit
userName fnd_user.web_user 2000
name.formatted person_info.name 100
name.familyName person_info.last_name 100
name.givenName person_info.first_name 100
name.middleName person_info.middle_name 100
displayName fnd_user.description 2000
title person_info.title 100
addresses.formatted person_info_address.address N/A (default 'work')
addresses.streetAddress person_info_address.address1 35
addresses.locality person_info_address.city 35
addresses.region person_info_address.state 35
addresses.postalCode person_info_address.zip_code 35
addresses.country person_info_address.country 35 (ISO-3166 / Country)
emails[type eq "work"].value comm_method.value, fnd_user_property.value 200
emails.type comm_method.method_id_db, fnd_user_property.name N/A (default 'work')
phoneNumbers[type eq "work"].value comm_method.value 200
phoneNumbers.type comm_method.method_id_db N/A (default 'work')
     

Note: Addresses, emails and phonenumbers will have the default type 'work' when syncing a new User. The type provided will have to be 'work'.