The System for Cross-domain Identity Management
The System for Cross-domain Identity Management (SCIM) is an open standard formulated to oversee user and group identity information in a seamless manner. SCIM introduces a well-defined schema for the representation of users and groups, accompanied by a RESTful API tailored for executing CRUD operations on user and group assets.
The central objective of SCIM revolves around the secure and automated facilitation of user identity data interchange between your company’s Identity Provider (IdP) and Collibra.
Collibra has developed SCIM capabilities to align with industry standards, providing advantages such as:
- Efficient user and group management through automation of user and group provisioning, deprovisioning, and updates.
- Real-time data synchronization so you can keep user and group data in sync between your identity providers or identity governance tools and Collibra.
- Reduced manual effort to update identity data in Collibra and reduced risk of errors.
- Better user experience, with no need to wait to interact with any new user until the user has logged in for the very first time, known as Just in Time (JIT) provisioning.
- Reduced IT development needs, with no need for customized solutions.
Use cases
Use case | Details | How SCIM helps |
---|---|---|
User provisioning | Automatically create user accounts in Collibra when new users are added to your company’s IdP. | Enables your company’s IdP to trigger the creation of corresponding user accounts in Collibra. This eliminates manual account setup and ensures that users can access your application seamlessly, with no need to wait for JIT provisioning. |
User deprovisioning | Disable user accounts in Collibra when users are deactivated or deleted from your company’s IdP. | Facilitates the synchronization of user account status between your company’s IdP and Collibra. When a user is deactivated or deleted in the IdP, the corresponding user account in Collibra can be similarly disabled. |
User updates | Keep user information up-to-date across both your company’s IdP and Collibra, including changes to attributes such as name, email, phone number, and so on. | Enables synchronization of user attributes between your company’s IdP and Collibra. Any changes made in your company’s IdP, such as a user email address or department, can be automatically updated in Collibra. |
Group provisioning | Automatically create groups in Collibra based on group information defined in your company’s IdP. | Allows you to establish consistent group structures across both your company’s IdP and Collibra. Any new groups created in the IdP can be automatically replicated in Collibra. |
Group deprovisioning | Delete groups in Collibra when they are no longer active or relevant in your company’s IdP. | Enables the removal of corresponding groups in Collibra when they are deleted or deactivated in your company’s IdP. This helps maintain data consistency. |
Group updates | Keep group information synchronized between your company’s IdP and Collibra, including changes to group membership and attributes. | Ensures that any changes to group membership or attributes made in your company’s IdP are reflected in Collibra for accurate access control. |
Prerequisites
- You have a global role that has the System administration global permission.
- Administrator-level access to your company’s IdP.
- Basic understanding of how SCIM APIs work.
- A supported authentication and authorization method for SCIM.
- You have disabled the Groups DGC managed Console configuration option if you want to manage groups in your IdP.
Because the Collibra SCIM feature relies on an underlying API, proper authentication and authorization are prerequisites. Currently, our SCIM feature offers support for the following methods:
- Basic authentication
- JWT