SCIM provisioning

SCIM is an HTTP REST API and protocol used by identity providers to manage the users across a variety of software products, including Elimity Insights. This SCIM implementation targets version 2.0 of the protocol.

Authentication

The SCIM API of Elimity Insights requires authentication using a bearer token (HTTP Bearer Authentication). As such, the client must send this token in the Authorization header when making requests to protected resources:

Authorization: Bearer {token}

Use the 'SCIM API' tab on the 'Advanced settings' page to generate this token:

Roles and access profiles

Elimity Insights works with two authorization concepts:

1. Roles like member, editor, connectorAdmin and admin determine the functionality that user can access.

2. Access profiles determine which data sources a user is permitted to see.

A user in Elimity Insights is always assigned to exactly 1 role, to the default access profile and to 0 or more custom access profiles. SCIM on the other hand works with the concept of groups and Elimity Insights models roles and access profiles as groups in the following way:

• We model roles as groups with an id in the format role:{roleId}. This list of roles currently exists:

  • role:member

  • role:editor

  • role:changeRequestManager

  • role:accessReviewManager

  • role:connectorAdmin

  • role:admin

• We model access profiles as groups with an id in the format of profile:{profileId}; {profileId} represents the access profile's numeric identifier. You can find this value in the URL of the access profile's details page.

• The default access profile is not available in the SCIM API and cannot be assigned or revoked explicitly.

Supported endpoints

The table below lists the endpoints supported by the SCIM API of Elimity Insights. We intentionally don't support other related actions like deleting or creating access profiles via the SCIM API, for those you'll have to use the UI.