System for Cross Domain Identity Management (SCIM)

ICM is now providing support for System for Cross-domain Identity Management (SCIM), which is an open standard protocol to automate the provisioning and deprovisioning of users. This framework allows exchange of user identity and user group information between identity providers (such as OKTA) and service providers (such as ICM – SaaS-based application). As a single system is used to manage permissions and groups, and data is transferred automatically, the risk of error is considerably reduced. This makes user management simpler and easier for customers. 

Provisioning and Deprovisioning users in ICM through OKTA using SCIM Protocol

OKTA integrates various applications into its service, and you simply deploy these pre-integrated applications to your users as necessary. For example, OKTA uses the SCIM application to provision users or user groups in ICM. 
To provision or de-provision ICM users, the OKTA Administrator first needs to create and configure an application which supports the SCIM protocol.  
 

Note: ICM only supports SCIM 2.0 version.

Configuring  SCIM Application

The OKTA Administrator uses the OKTA Dashboard to configure the SCIM application.

1. Click the Applications tab. 

2. Select Applications from the drop-down. The Applications page opens. 

3. Click Add Application.

4. Enter scim in the search field to search applications that are supportingSCIM.

Note: ICM supports the SCIM 2.0 App (Header Auth) version to provision and deprovision users through OKTA.

5. Select the application created by the OKTA Administrator using SCIM 2.0 App (Header Auth) for SCIM protocol.  For example, SCIM to ICM application (as shown in the screenshot below).

To configure SCIM to ICM application, the OKTA Administrator performs the following steps:

1. Click the Provisioning tab.

2. Click the Integration tab.

3. Enter the Base URL and API Token as provided by ICM Administrator.

Note: Ensure that the Enable API Integration box is selected.

4. Click the Test API Credentials button to validate the credentials (ICM Base URL and API Token). A validation message will be displayed on entering incorrect credentials indicating that an authentication error has occurred.  

To allow Provisioning of SCIM application that is from OKTA to SCIM, the Administrator enables functionalities such as Create Users, Update User Attributes, and Deactivate Users. After enabling the functionalities, you can provision/deprovision users in ICM from OKTA using the SCIM protocol (for example, SCIM to ICM application as mentioned in Step 5).

Adding a user in OKTA 

1.Click Users menu on the Dashboard.

2. Click People.

3. Click Add Person. The Add Person window opens. 

4. Enter details such as First name, Last name, Username and Primary email. For example, add user - Michael Smith.

5. Click Save. The user Michael Smith is added to the application SCIM to ICM.

The user Michael Smith can now be provisioned to ICM using Assignments tab.