SCIM 2.0 entitlement aggregation issue

Hello,

We’ve configured SCIM 2.0 connector. The account schema has ‘groups’ as an entitlement attribute type Group. When we do account aggregation, we are not able to see any values in groups attribute as well as it not shown up the entitlement membership.

Is anyone implemented SCIM 2.0 and faced such issues?

Hi @Shonnegowda,

are you sure the target system comply with all standards of SCIM 2.0?

1 Like

@Shonnegowda,

We’re starting to work in SCIM 2.0 connectors into our environment as well, ours are more home grown though.

Did you build this app yourself or is it something vendor provided?

Thanks!

We’re using OOTB SCIM 2.0. Do we have any list, which standard has to meet other than connector guide, that seems not much helpful. I see they have user and group provisioning APIs in place

I had this issue when implementing StrongDM over SCIM. You are able to read from the source with entitlements and etc, but it doesn’t process over which accounts have what entitlement, that is due to the source itself not supporting this. TLDR: you can read from the source into IDN, but ownership of entitlements or roles aren’t provisioned over, nor are changes back to the main source.

For be shure, you can configure it in postman, build the call and see the response.
So you can exclude a problmen on webservice side.

I know it can be a waste of time, but a lot of company say that own webservice is in SCIM 2.0 but it isn’t

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.