About SCIM synchronization using an API

2020-07-14Last updated

In Clearance, the System for Cross-domain Identity Management (SCIM) protocol is used to synchronize users and groups from an identity management system into cloud-based products.

The SCIM integration is intended to save Clearance users time in the user and group creation process.

The following information describes Azure Active Directory SCIM synchronization:
  • Synchronization of SCIM attributes into Clearance identity attributes is INBOUND only.
    CAUTION: Any changes only made to identities in Clearance can be overwritten by the next synchronization from the Active Directory.
  • Synchronization occurs automatically at the intervals specified in the Build a SCIM endpoint and configure user provisioning with Azure AD documentation.
  • The first time a synchronization occurs, all Active Directory user attributes are synchronized.
  • The next time a synchronization occurs, only Active Directory user attributes that have changed since the last time the agent ran are synchronized.
  • Once connected, Azure AD runs a synchronization process every 40 minutes in which it queries the application's SCIM endpoint for assigned users and groups, and creates or modifies them according to assignment details.
  • CAUTION: If you try to provision a user whose email address is already used in Clearance, the provisioning will fail for that user.
  • Important: Please note that nested groups are not supported in Clearance. If you provision a group that has another group nested in it, they will be created as separate groups in Clearance.
  • Group provisioning requires Azure AD Premium P1 or P2