TABLE OF CONTENTS


Overview

System for Cross-Domain Identity Management (SCIM) is an open standard protocol used to automate the exchange of user and group information between Identity providers and Enterprises. SCIM ensures that users added to the Identity Management System should have their accounts automatically created in VIDIZMO when they are provisioned from the Identity Provider. User attributes and profiles are synchronized between the two systems while the updates and removal of users is based on the user status in Identity Management System. 


In VIDIZMO large number of users can be provisioned through Identity providers which has to be given a role that is a kind of a security policy which determines what access permissions a user and a group has to perform a specific task. Hence, while configuring SCIM settings users will be able to set rules determining the targeted role. This will help enterprises to assign specific roles to large organizational groups without manually assigning a role to each user. 


Before you start

  • Make sure you are logged in as Manager+ role in VIDIZMO Portal to be able to configure Rules for automatic role assignment using SCIM App in VIDIZMO.


Steps to Add New Rules 


1.  From the Portal's Navigation Menu:

i. Click on the Admin Tab to expand it.

ii. Navigate to the Portal Settings




2. On the Portal Settings page:

i. Click on the Apps tab on the left to expand it. 

ii. Further click on the Provisioning Tab.

iii.  Locate to the any of the SCIM supported Identity provider Apps,  and click on the Settings icon at the right hand side. 


3. On the SCIM settings page:

i. Click on the Add new Rules option

ii. Select the Attribute Path. 

iii. Select any one of the Condition that you want to set for the rule being created. 

iv. Provide a Matching text in response to the condition you have selected above. 

v. Select the Targeted Role that you want to set for the users belonging to the groups qualifying the above conditions. 



Limitations and Considerations

  • User will be able to create multiple rules. However, if multiple conflicting rules are created, for example a user belonging to two different groups in AD/OKTA, then the first rule would be applied. 
  • If the multiple rules are created and a group consisting of numerous users is provisioned from an Identity provider then the process may take a little longer than usual.