Provisioning IDaaS - Using SCIM to Enable Cloud Identity

Click here to load reader

  • date post

    09-Feb-2017
  • Category

    Software

  • view

    479
  • download

    0

Embed Size (px)

Transcript of Provisioning IDaaS - Using SCIM to Enable Cloud Identity

Colors/Artwork (delete this slide when done)

Using SCIM to Enable Cloud Identity Silicon Valley IAM User GroupAugust 20, 2015Provisioning IDaaS

1

SpeakerPat PattersonDeveloper Evangelist Architect, Salesforce@metadaddy

AgendaWhat is User Provisioning?BenefitsStandardsDemo

User Provisioning Managing the User Lifecycle

Create, Update, Delete Users

4

User Provisioning Managing the User Lifecycle

Create, Update, Delete Users

Works with Other User Repositories Too

Create, Update, Delete Users

ActiveDirectoryOn Premise

HRApp

Salesforce Identity Connect

Benefits

Benefits for Employee Use CasesUser TerminationWho has access to what?Automated account creation & update

Benefits for Customer and Partner Use CasesProvision user intomultiple web propertiesUpdate email change across all appsAccess requestwith Approvals

9

Standards

Pat

Simple Cloud Identity Managementhttp://www.simplecloud.info/SCIM 1.0 released in 2011SCIM 1.1 released in 2012IETF working on SCIM 2.0

System for Cross-domain Identity Management

SCIM Use CasesProvision and de-provision user accountsUpdate attributes on user accountsSynchronize accounts across servicesManage group membership

SCIM BasicsApplication-level, REST protocolOAuth recommended for authentication/authorizationCreate, modify, retrieve, discover users and groupsCommon user schemaExtensible

SCIM SchemaCore schemaname, userName, emails etcEnterprise extensionemployeeNumber, department, manager etcCustom extensionse.g. urn:salesforce:schemas:extension:18CHARORGIDCustom fields

SCIM in Action

SCIM Request Retrieve a UserGET /services/scim/v1/Users/005E0000000HimUIAS HTTP/1.1Host: na1.salesforce.comAuthorization: Bearer ACCESS_TOKEN

SCIM Response - Core{ "displayName": "Adam Seligman", "userName": "adam@devorg.com", "id": "005E0000000HimUIAS", "emails": [ { "primary": true, "type": "work", "value": "ppatterson@salesforce.com" } ], ...

SCIM Response - Enterprise ... "urn:scim:schemas:extension:enterprise:1.0": { "employeeNumber": "156189", "manager": { "displayName": "Pat Patterson", "managerId": "005E0000000HiFiIAK" }, "organization": "00DE0000000HegHMAS" }, ...

SCIM Response - Custom ... "urn:salesforce:schemas:extension:00DE0000000HegHMAS": { "Favorite_Color__c": "Green" }, ...

SCIM Implementations

Demo

Use CaseWell hire a new employee Vikas JainCreate Salesforce accountVikas gets a promotion, with more responsibilityAllow access to ERP systemAfter a long and successful career, Vikas retiresDeactivate all accounts

Q & APat PattersonDeveloper Evangelist Architect, Salesforce@metadaddy

Thank You