SCIMConnector Configuration Settings

If endpoints support sending Bulk operations, use this setting to set the maximum allowable operations that will be performed in a single Bulk operation call. Setting this value too high will result in poor server performance and may result in performance. Due to this, the max number of operations supported in a single bulk operations call is 1000.

Like the number of operations supported in a single bulk operation call, SCIM Connector allows the administrator to configure the max payload size associated with a Bulk Operation call. The Max payload size is 1048576 bytes (as determined by Request.Content.Headers ContentLength). Any message exceeding the max operations, or the max payload will be rejected and an error, “Status 413 Error".

• The size of the bulk operation exceeds the maxOperation (1000),” will be returned to the caller, logged in the log, and if the Messages tab is open, displayed in the messages view.

• Expiry Token is the number of minutes a user can remain logged into the user interface before their login expires.

• Non-Expiry Token is the number of days the endpoint token is valid before the SCIM Connector Endpoint must receive a new token. Note that all tokens generated before any updates will not be changed and their expiry time will be the original time that was selected when the token was generated.

• Error Threshold is the number of sequential errors that the SCIM Connector will allow before it disables itself, waiting for corrective actions. This prevents unnecessary noise over the network and helps ensure optimal performance of Secret Server.

• Each field that can be modified has validation. If the incorrect data type or an out-of-band value is entered, an error will display next to the setting. To correct any errors, view the error description and adjust the value accordingly.

  

• Log Frequency is used to determine when a new log file should be generated. Because some instance logs can become very large, the default is to create a new log file every hour. In low-volume instances daily or weekly logs may be preferred. Select the option that best fits your environment, storage limitations, backup requirements, and audit requirements.

• SCIM Connector by default (and recommended) communicates over HTTPS. In some cases, endpoints fail to be able to connect over HTTPS. The Allow HTTP Endpoint enables the SCIM Connector to accept HTTP requests/calls.

  

• If there is a single endpoint configured to use HTTP and the Allow HTTP Endpoint option is unselected an error will display, and the setting will not be saved.

  

• To correct this error, locate the endpoint that is configured to use HTTP on the SCIM Connector Endpoints tab and change the URL to HTTPS.

• SCIM Connector Disabled is used to pause the calling of Secret Server due to too many failed requests. If the SCIM Connector has SCIM Connector Disabled selected, review the logs for errors and correct them before re-enabling the SCIM Connector.

  

If SCIM Connector is disabled when logging into SCIM Connector, you will be immediately directed to the Configuration Settings page where the warning is displayed.

While most API calls are disabled if the SCIM Connector is disabled, there are some exceptions. The APIs that can still be called when SCIM Connector is disabled are found in the IgnoreEndpoints.json file \SCIMConnector\Responses\IgnoreEndpoints.json.

Do not modify this file unless instructed to by Delinea Support or professional services.

The following endpoints must remain active to log in and re-enable SCIM Connector.

• “Method”: “get”, “endpoint”: “/ssendpoint”

• “Method”: “get”, “endpoint”: “/secretserverlist”

• “Method”: “get”, “endpoint”: “/webconfigsettings”

• “Method”: “post”, “endpoint”: “/webconfigsettings”

• In Secret Server the Email ID field is not mandatory. If Is EmailId Optional is checked, you can create/update users in Secret Server without EmailId using SCIMConnector users endpoint. By default, it's unchecked.

  

• If the Fetch User Roles checkbox is selected the user roles will be fetched into the GetUserById or GetAllUsers endpoint response.

  

• If the Fetch Groups in UserGetById checkbox is selected the user groups will be fetched into the GetUserById endpoint response.

  

How to Get a Token from Federated Directory

1. Click here to go to Federated Directory and log in with your credentials.

2. Create a new directory or use an existing directory.

3. Open the directory and go to the Key tab.

4. Go to Create New Key > enter the key name and description > select Create.

5. Copy the access token and take a backup of this token.

6. Under Api Integration tab select the endpoint that you created in SCIM Connector Endpoints. All the details will automatically populate once you select the endpoint.

7. Select Sync Users Secret Server To Third-party to sync users from Secret Server to the third-party application.

8. Select Sync Users Third-party To Secret Server to sync the users’ third-party application to Secret Server.

   

   

9. Once syncing is complete all logs will display.

   

How to View the SCIMConnector API Request Data

By selecting the Enable Verbose Logging checkbox, you can view detailed SCIMConnector API request data and responses on the message tab. This includes internal API calls from SCIMConnector to the Secret Server. The Message tab displays the request body for POST, PUT, and PATCH requests, and it shows the response body only if the request fails. These logs are also stored in a log file under the Log folder.