SCIM integration

Discover users and groups in external applications through the SCIM protocol.

Early Access: To configure a SCIM integration, the "OAA on Veza" feature must be enabled for your Veza platform.

Overview

Many applications support the System for Cross-domain Identity Management (SCIM) protocol for provisioning and managing users and groups by API. Veza can often use SCIM APIs to populate the Authorization Graph with user and group information.

This document explains how add an SCIM integration to collect user and group entities from compatible applications.

Requirements

The source application's SCIM API must support listing from at least the Users endpoint to identify supported resources and list Users.
To discover User Groups, the SCIM API must support the /Groups endpoint and the response must include the members section.
Not all SCIM implementations support listing operations or return all desired fields. See the Supported Integrations list for applications known to be supported via SCIM.

Application Setup

To ingest data, you will need to ensure that the SCIM API in your target system is enabled, and generate an API token with the appropriate permissions.

Refer to the individual application's documentation to:

Configure and activate the application's SCIM API, if it is not already enabled.
Obtain an API token for calling the API, with permission to list users and groups.
Take note of the base SCIM URL (such as https://api.fivetran.com/scim/v2).
Take note of the Users and Groups endpoints (typically /Users and /Groups).

Veza setup

To enable Veza to gather data from a SCIM-compatible application, go to Integrations > Add New and pick SCIM for the integration type.

Fill out the required fields:

Field Description

Field	Description
Name	A unique display name of the Veza Provider to create.
App Name	The name of the application that will be created. If you are discovering multiple instances of the same application, this name should be unique per instance.
App Type	The type for the app, users and groups that are created. Typically the application or vendor name.
App Description	Optional description for the application.
SCIM URL	The full URL to the SCIM API endpoint, excluding the resource type (such as`https://app.example.com/scim/v2`).
SCIM Token	Bearer token string, used to call the API.
Users Endpoint	Optional override for the User's listing endpoint, default `/Users`.
Groups Endpoint	Optional verride for the Group's listing endpoint, default `/Groups`
Provider Icon	Optional application icon file to use on Veza. Icons must be PNG or SVG and smaller than 64KB.

Name

A unique display name of the Veza Provider to create.

App Name

The name of the application that will be created. If you are discovering multiple instances of the same application, this name should be unique per instance.

App Type

The type for the app, users and groups that are created. Typically the application or vendor name.

App Description

Optional description for the application.

SCIM URL

The full URL to the SCIM API endpoint, excluding the resource type (such ashttps://app.example.com/scim/v2).

SCIM Token

Bearer token string, used to call the API.

Users Endpoint

Optional override for the User's listing endpoint, default /Users.

Groups Endpoint

Optional verride for the Group's listing endpoint, default /Groups

Provider Icon

Optional application icon file to use on Veza. Icons must be PNG or SVG and smaller than 64KB.

Click Create Integration to save the configuration and queue an extraction.

PreviousRamp NextServiceNow

Last updated 2 months ago