Provisioning IDaaS - Using SCIM to Enable Cloud Identity

Click here to load reader

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Provisioning IDaaS - Using SCIM to Enable Cloud Identity

Colors/Artwork (delete this slide when done)

Using SCIM to Enable Cloud Identity Silicon Valley IAM User GroupAugust 20, 2015Provisioning IDaaS


SpeakerPat PattersonDeveloper Evangelist Architect, Salesforce@metadaddy

AgendaWhat is User Provisioning?BenefitsStandardsDemo

User Provisioning Managing the User Lifecycle

Create, Update, Delete Users


User Provisioning Managing the User Lifecycle

Create, Update, Delete Users

Works with Other User Repositories Too

Create, Update, Delete Users

ActiveDirectoryOn Premise


Salesforce Identity Connect


Benefits for Employee Use CasesUser TerminationWho has access to what?Automated account creation & update

Benefits for Customer and Partner Use CasesProvision user intomultiple web propertiesUpdate email change across all appsAccess requestwith Approvals




Simple Cloud Identity Management 1.0 released in 2011SCIM 1.1 released in 2012IETF working on SCIM 2.0

System for Cross-domain Identity Management

SCIM Use CasesProvision and de-provision user accountsUpdate attributes on user accountsSynchronize accounts across servicesManage group membership

SCIM BasicsApplication-level, REST protocolOAuth recommended for authentication/authorizationCreate, modify, retrieve, discover users and groupsCommon user schemaExtensible

SCIM SchemaCore schemaname, userName, emails etcEnterprise extensionemployeeNumber, department, manager etcCustom extensionse.g. urn:salesforce:schemas:extension:18CHARORGIDCustom fields

SCIM in Action

SCIM Request Retrieve a UserGET /services/scim/v1/Users/005E0000000HimUIAS HTTP/1.1Host: na1.salesforce.comAuthorization: Bearer ACCESS_TOKEN

SCIM Response - Core{ "displayName": "Adam Seligman", "userName": "", "id": "005E0000000HimUIAS", "emails": [ { "primary": true, "type": "work", "value": "" } ], ...

SCIM Response - Enterprise ... "urn:scim:schemas:extension:enterprise:1.0": { "employeeNumber": "156189", "manager": { "displayName": "Pat Patterson", "managerId": "005E0000000HiFiIAK" }, "organization": "00DE0000000HegHMAS" }, ...

SCIM Response - Custom ... "urn:salesforce:schemas:extension:00DE0000000HegHMAS": { "Favorite_Color__c": "Green" }, ...

SCIM Implementations


Use CaseWell hire a new employee Vikas JainCreate Salesforce accountVikas gets a promotion, with more responsibilityAllow access to ERP systemAfter a long and successful career, Vikas retiresDeactivate all accounts

Q & APat PattersonDeveloper Evangelist Architect, Salesforce@metadaddy

Thank You