Introduction to SCIM provisioning
SCIM provisioning allows you to automatically manage users in your cloud Code42 environment. Once enabled, Code42 creates new users, deactivates users, and updates user roles and permissions based on syncs with your provisioning provider. This article gives an overview of Code42 provisioning as well as some tutorials for configuring provisioning in the Code42 console.
The SCIM provisioning feature is only available in cloud Code42 environments.
authentication: The process of identifying and verifying users in a system. Methods for authentication include:
- Local Code42 directory
- Single sign-on (SSO)
- Multi-factor authentication (MFA)
authentication provider: Allows access to Code42. When enabled, users sign in using the authentication provider instead of Code42. Examples of authentication providers include Okta, Google SSO, Ping, Azure AD, OneLogin, and Microsoft AD FS.
Code42 User Directory Sync Tool: Uses LDAP to automate user management between your directory service and your Code42 environment. This differs from other provisioning providers because it uses LDAP rather than SCIM.
identity management: An IT administrative area or market that deals with users in a IT system and gives them access to the right resources within the system.
identity provider (IdP): A general term to refer to a system that contains user identities. Identity provider can refer to a system performing authentication, provisioning, or both. Examples of identity providers include Okta, Google SSO, Ping, Azure AD, and OneLogin.
SCIM provisioning: An open standard protocol for automating user management.
provisioning provider: Automates user management. Applications like Code42 sync with a provisioning provider and then create, update, or deactivate users based on the provisioning provider's user profile. Examples of provisioning providers include Okta, Ping, and Azure AD.
single sign-on (SSO): SSO is one type of authentication method. It allows a user to use the same credentials to sign in to multiple applications.
What is SCIM provisioning?
SCIM provisioning is one way to manage users in your company. There are multiple ways to manage users in an IT system or application. For example:
- Manually: You can manually create, update, and deactivate users in every application each time a change happens. This method is time consuming, and it is difficult to scale in larger environments.
- Active Directory, OpenDirectory, or LDAP: Directory services where one user directory acts as a source of truth. Administrators make updates to one directory and the changes are synced to other systems and applications. This automates user management, which saves you time, and can scale to large environments. However, these directory services have firewall rules that may make it difficult to integrate with cloud applications.
- SCIM provisioning: SCIM provisioning relies on a provisioning provider as a source of truth. The provisioning provider may even connect to Active Directory, OpenDirectory, or LDAP on the back end. However, SCIM provisioning leverages REST and JSON to communicate, which makes it easier to integrate with cloud apps. It is also able to scale in large environments.
How does SCIM provisioning work?
What it does
- Performs actions to your Code42 environment based on the provisioning provider information:
- Adds or deactivates users
- Moves users to appropriate organizations based on the organization mapping method
- Applies roles to users based on the role mapping
- Provides groups for adding to watchlists
- Performs sync when a change occurs on the provisioning provider side. This means you must make a change on the provisioning provider to apply any updates to Code42.
What it doesn't do
- Code42 does not make any changes to your provisioning provider. Therefore, Code42 does not add, modify, or deactivate users in the provisioning provider.
- Use LDAP. If your directory service requires LDAP to connect to Code42, use the Code42 User Directory Sync Tool. To configure the tool in your Code42 environment, contact your Customer Success Manager (CSM).
The Code42 provisioning feature requires you to connect a third-party provisioning provider to Code42. The following are the basic requirements that your provider and your Code42 environment need to integrate correctly:
- Cloud Code42 environment: Provisioning is only available in cloud Code42 environments.
- SCIM 2.0: Code42 requires a provisioning provider to use the SCIM 2.0 protocol.
- SCIM groups: The Custom SCIM mapping and role mapping require that your provider uses SCIM groups. Other provisioning features are available without SCIM groups.
See the following articles to learn how to configure provisioning providers:
- SimpleCloud: SCIM: System for Cross-domain Identity Management
- Okta: What is SCIM?