About SCIM synchronization using an API
2020-07-14Last updated
In Clearance, the System for Cross-domain Identity Management (SCIM) protocol is used to synchronize users and groups from an identity management system into cloud-based products.
The SCIM integration is intended to save Clearance users time in the user and group creation process.
The following information describes Azure Active Directory SCIM synchronization:
- Synchronization of SCIM attributes into Clearance identity attributes is INBOUND only.CAUTION: Any changes only made to identities in Clearance can be overwritten by the next synchronization from the Active Directory.
- Synchronization occurs automatically at the intervals specified in the Build a SCIM endpoint and configure user provisioning with Azure AD documentation.
- The first time a synchronization occurs, all Active Directory user attributes are synchronized.
- The next time a synchronization occurs, only Active Directory user attributes that have changed since the last time the agent ran are synchronized.
- Once connected, Azure AD runs a synchronization process every 40 minutes in which it queries the application's SCIM endpoint for assigned users and groups, and creates or modifies them according to assignment details.
-
CAUTION: If you try to provision a user whose email address is already used in Clearance, the provisioning will fail for that user.
-
Important: Please note that nested groups are not supported in Clearance. If you provision a group that has another group nested in it, they will be created as separate groups in Clearance.
- Group provisioning requires Azure AD Premium P1 or P2