We use KnowBe4 as a Phishing test platform.
From KnowBe4’s SCIM configuration guide, they essentially only READ from their SCIM tables, and do not write anything into it… meaning that I have to do the needful in Sailpoint IDN or viia Postman.
I can fairly easily manage adding and removing users, or assigning them to groups in IDN…
But what I can not seem to do is create new groups / add to the existing list of entitlements.
is there a way to rig up IDN to add a group into the SCIM? scim is basically JSON over REST API anyway, and I can do it by hand (postman call to POST to https://(scim host)/v2/Groups,
so:
I can assign users into groups via IDN
I can create/archive users via IDN
What can I do in order to add to the Groups list in a SCIM? I am very much hoping that I do not need to maintain a token in Postman and manually call the API.
my Source explicitly abdicates all responsibility for user/group creation once SCIM is enabled, since “your identity provider will do that!”
IdentityNow refuses, even though there is a large “ADD” button on the entitlements page (which simply links to the Entitlement Aggregation page… its not illogical to assume that the Add button should Add)
So, as far as I understand it then, I am forced to keep API Keys in an insecure format, and manually handle my creation via sketchy use of the SCIM / REST API.
I know this is an old thread, but have there been updates here? We are also facing this problem with several SCIM applications in our environment.
Once a SCIM provider is connected, the application assumes that groups will be created by the SCIM provider and doesn’t permit you to create them directly. Much like @sholinaty, we are forced to keep API keys on the side and build / send the group create payload using Postman. This doesn’t scale well.