You can configure an enterprise app integration in your identity provider (IdP) that uses System for Cross-domain Identity Management (SCIM) for provisioning. This securely automates and manages user identity information, such as user and group creation, updates, and deactivation from your IdP to Opti ID.
User and group provisioning with SCIM lets you manage your organization’s users and groups in one place and have those users and groups populate in Opti ID. Provisioning prevents the need to create a duplicate set of users and groups in Opti ID that already exist in your identity management service.
With Opti ID and SCIM, users and groups are first set up in your IdP and then provisioned to Opti ID. After you set up SCIM provisioning, changes you make to users and groups at the source IdP sync down to Opti ID using the SCIM protocol. You should not edit users and groups that SCIM provisioned into Opti ID directly in Opti ID. Instead, make changes to the users and groups at the source IdP, so you can sync these changes downstream into Opti ID with SCIM.
Supported provisioning features
Opti ID supports the following SCIM provisioning features:
- Push users – Users that you assign to the Opti ID SCIM application in your IdP are automatically added as users in Opti ID.
- Update user attributes – When you update user attributes in your IdP (like first and last names), they are updated in Opti ID.
- Deactivate users – When you deactivate users in your IdP or unassign them from the Opti ID application, they are deleted in Opti ID.
- Push groups – Groups and their users in your IdP are pushed to Opti ID.
Configure SCIM provisioning
You can configure SCIM provisioning with Entra ID, Okta, or PingOne.
- Create a SCIM provisioning app in Microsoft Entra ID
- Create a SCIM provisioning app in Okta
- Create a SCIM provisioning app in PingOne
For a visual representation of the processes that occur when you provision from SCIM to Opti ID, see SCIM provisioning workflow diagrams.
See also the APIs for SCIM provisioning.
Article is closed for comments.