Hi, I am working on IdentityNow SCIM connector to integrate self hosted CyberArk
PAM. I am able to do test service, aggregation of accounts and entitlements. I am not getting how to configuration create account. I have worked on web service connector where I saw http operation, in that we have option to configure create account but in SCIM I am little confused. Could you please guide me.
Basic use case here is, when I add a user to a role/access profile, his/her account creation should be on SCIM service.
With a SCIM connector, I believe you just need to update the Create Account page with the attributes you would like to populate on account creation. Are you getting an error?
Here’s the documentation on account creation with SCIM 2.0 - Provisioning Policy
Which SCIM based connector are you using here. Eventhough SCIM connector uses a webservice connector in the backend it will not have the configurations that you see on web service connector. If you have configured a create policy on your source validate if that is working and giving the required details. Also for this connector to use based on the version you have to allow serivce account certain permissions I hope you have went through that. If not i am placing the links for SCIM 2.0 and 1.1
Hi All, I am able to do test connection and account aggregation from Sailpoint IDN to CyberArk. I have an issue with entitlement aggregation from Sailpoint service configuration page, I see that we have an option to do entitlement aggregation, when I click on it, I am getting below error:
"class":"openconnector.connector.scim2.SCIM2Context","method":"getResourceType","level":"WARN","message":"ResourceType not found:Entitlement , {\"schemas\":[\"urn:ietf:params:scim:api:messages:2.0:Error\"],\"status\":500,\"detail\":\"No resource type exists - Entitlement\"}\n",
When I try /CyberArk/scim/v2/Entitlements from postman I am getting 404 not found error. Could you please suggest fix on this.
From postman I am successfully able to do group aggregation using /CyberArk/scim/v2/Groups
One more thing, over forum I found one URL /CyberArk/scim/v2/ServiceProviderConfig to check config info, when I try this I am getting error message “Credentials are required to access this resource”
I am able to create an account from Sailpoint IDN using SCIM 2.0 Connector. Post this activity, I want to create safe and put the id in that safe, could you please suggest me how can I do this.
Hi All,
I am able to create an account for web service connector service using before rule. I am generating jwt token during create account operation which is internally done by before rule. Now I am facing challenge to refer jwt token in same way for account aggregation because in my account aggregation api it needs similar jwt token.
Could you please suggest me how can I have access token assigned to http operation like account aggregation and entitlement aggregation.
Stumbled upon this post while I was searching something regarding a SCIM implementation that I was working on. It seems like you already fixed the issue, but to your question on the create operation, unlike webservices connector, SCIM is a provisioning standard and all creation payload would be identical. It’s upto the SCIM server to interpret the data you send. You just have to add the attributes in the create profile and provisioning should work. Same with enable/disable/updates and groups.