SCIM Connector Endpoint Information

The SCIM Connector Endpoints view is used to configure information regarding what endpoints communicates through the SCIM Connector.

1. Select Add Endpoint to add a new endpoint to the SCIM Connector.

   

2. SCIM Connector Endpoint Information is required to provide the connecting endpoint a validation token and to keep auditing what endpoint is requesting or submitting information through the SCIM Connector.

3. Complete the Endpoint form by supplying an endpoint name.

   • The endpoint requires a token to communicate with the SCIM Connector.

4. Select the Generate Token Non-expiring token button to generate a new token.Additionally, you can click the Copy button to copy the token to paste it into the connecting applications connection information. Often this is labeled Authorization Token.

5. The Form validation message will display if any field is missed when you select Save.

   

   • The endpoint Name must be unique across all endpoints. A warning message will display if there is already a stored instance of the endpoint name and the information will not be saved. To correct the error, give the endpoint a unique name.

     

6. Select Save. If the Non-Expiring Token option is selected and no token was generated, a token will be generated. The form will remain visible so that you can copy the newly generated token to provide it to the connecting application.

7. Select Save a second time to close the form.

Endpoint Information Stored in Secret Server

• SCIM Connector Endpoint Form

  

• Associated Secret Server Secret

  

The Advanced tab on the SCIM Connector Endpoint form allows specific mappings for permission to a container or privileged data. This mapping assists with the translation between applications. For example, an endpoint may use admin to define elevated permissions to a container or privileged data.

• Elevated permissions in Secret Server uses the Owner to define the required permission. To make endpoint permissions to Secret Server Permissions select Add Permission.
  
  

• The Add Permissions form will display 3 required fields. The Permission Description (Container or PrivilegedData), the value the Endpoint uses to define a permission, and the associated Secret Server value.

• To create a mapping select the permission (Container or Privileged Data) where a mapping is desired.

  

• Enter the Endpoint value to be mapped to the Secret Server value, and then select the desired Secret Server value.

  

  The allowable Secret Server values will change if Container Permission or Privileged Data Permission is selected.

• Continue to add mappings until all Endpoint values have been mapped to Secret Server values. Note that different endpoint values may be mapped to the same Secret Server Values. In the following example, both the Admin and PowerUser values have been mapped to the Owner for Container permission.

  

• The SCIM Connector defaults to View for both Container and PrivilegedData permissions. If a mapping is not found, the default value of View will be used with applying permissions within Secret Server.

• Once an Endpoint has been added, you can edit the endpoint information or delete the endpoint entirely from the SCIM Connector. Note that once an endpoint has been deleted or the token regenerated the old token will no longer be valid and the log may display unauthorized errors if the old token is used to connect to the SCIM Connector.

  When updating existing container permission or privileged data permission (PUT Request), you must add mapping for permissions under the Advanced tab or it will set the default permission value to (View).

• The SCIM Connector Configuration Settings view allows the SCIM Connector administrator to adjust global settings.