SCIM is a framework that standardizes identity management across domains
The target audience for this article is users with technical expertise. If you need assistance setting up SCIM, please contact your Customer Success Manager.
π‘If you are not currently using User Synchronization, please contact your Customer Success Manager at Stratsys for further discussion, as this is an Enterprise/add-on service.
Contents
Setup Guide
Stratsys offers several different options for user synchronization. This article describes the implementation, setup, and examples of intended requests for a solution based on APIs following the SCIM framework. This is an Enterprise functionality.
Setup Guide
Preparatory steps 1 to 5 here need to be completed to enable SCIM synchronization with Stratsys.
Feel free to use our Swagger: https://azureadsync.svc.stratsys.com/swagger/index.html
The key retrieved in the platform is used to authenticate in Swagger.
The base URL for the requests is always: https://azureadsync.svc.stratsys.com,
then append "/api/v1/scim/...." to reach the correct endpoint.
To get started, groups must be provisioned by sending a POST request to the groups you want to start provisioning:
First, retrieve the group IDs by sending a GET request to:
"/api/v1/scim/groups"
Then use a POST request on the groups. Example body:
"api/v1/scim/groups"
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group", "http://schemas.microsoft.com/2006/11/ResourceManagement/ADSCIM/2.0/Group"],
"externalId": "8aa1a0c0-c4c3-4bc0-b4a5-2ef676900159",
"displayName": "displayName",
"meta": {
"resourceType": "Group"
}
}
Provisioning has now started, and a checkmark will appear in the "Provisioned" field.
If all the steps above have been followed, it is now possible to begin synchronizing and making API calls.
Example Scenarios
Below are various examples of user management scenarios using SCIM.
Remove member from group:
A user should be removed from a group. Start by retrieving the ID of the user in question, use GET on users or go to the platform and search for the user.
When the user is selected, the ID can be found in the browser's URL. If the user belongs to a group, their ID is listed under "SCIM Details."
Add the ID to the endpoint URL after /groups/.
Below is a sample request body for removing a user from a group:
PATCH β/api/v1/scim/groups/\[id]β
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "remove",
"path": "members",
"value": [
{
"$ref": null,
"value": "37ada649-dc21-452a-dd52-08d95708b133"
}
]
}
]
}
Add Member to Group:
A user is granted elevated permissions or needs to be added to a group. Start by retrieving the ID of the user in question by using a GET request on users, or search for the user in the platform. The group ID can be found by making a GET request on groups:
β/api/v1/scim/groups/..."
Add the ID to the endpoint URL after /groups/.
Below is a sample request body for adding a user to a group:
PATCH β/api/v1/scim/groups/[id]β
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [{
"op": "Add",
"path": "members",
"value": [{
"$ref": null,
"value": "f648f8d5ea4e4cd38e9c"
}]
}]
}
Move User to Another Department:
A user needs to change department. Start by retrieving the ID of the user in question using a GET request on users, or search for the user in the platform. The department is specified in string format.
β/api/v1/scim/users/..."
Add the ID to the endpoint URL after /users/.
Below is a sample request body for moving a user to another department:
PATCH "/api/v1/scim/users/[id]"
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "replace",
"path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:user:department",
"value": "ny-enhet"
}
]
}
Change Name/Email:
A user's name or email needs to be updated. Start by retrieving the ID of the user in question using a GET request on users, or search for the user in the platform.
β/api/v1/scim/users/..."
Add the ID to the endpoint URL after /users/.
Below is a sample request body for updating a user's name or email:
PATCH β/api/v1/scim/users/[id]β
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "Replace",
"path": "emails[type eq \"work\"].value",
"value": updatedEmail@microsoft.com
},
{
"op": "Replace",
"path": "name.familyName",
"value": "updatedFamilyName"
}
]
}
Additional Documentation:
-
Swagger.json for download βhttps://azureadsync.svc.stratsys.com/swagger/v1/swagger.json
-
Microsoftβs official tutorial β https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups
-
Getting started β https://techcommunity.microsoft.com/t5/identity-standards-blog/provisioning-with-scim-getting-started/ba-p/880010
-
Information about the SCIM framework β http://www.simplecloud.info/
FAQ
Coming soon!