Scim connector issue

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi All,

We’re facing an issue with the SCIM integration between SailPoint and OpsRamp.

We’ve successfully integrated OpsRamp with Okta using SAML for authentication, and we’ve also built the provisioning workflow in SailPoint. However, during account aggregation from OpsRamp, all accounts are being pulled in as disabled, even though they are active in OpsRamp.

Here’s what we’ve observed:

  • The SCIM endpoint used for aggregation is:
    {{baseURL}}/Users
    This endpoint returns a list of users, but does not include key attributes like email or active.

  • On the other hand, when we query a specific user by ID using:
    {{baseURL}}/Users/{id}
    we do get all the required attributes, including email and active.

This leads to a situation where:

  • Bulk aggregation results in disabled accounts due to missing active status.

  • Individual identity aggregation (by ID) correctly reflects the active status.

We’re looking for guidance on how to resolve this inconsistency. Is there a way to:

  • Customize the SCIM aggregation in SailPoint to fetch user details using the GET /Users/{id} endpoint?

  • Or configure OpsRamp to include the required attributes in the bulk GET /Users response?

Any help or suggestions would be greatly appreciated.

Thank you!

2

I suspect that, although OpsRamp offers a SCIM compliant interface for provisioning, it doesn’t for aggregation. I would investigate using a Web Services connector to something like Search Tenant Users for aggregation and Create User for provisioning.

3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.