Setup

The following are the setup requirements for SCIM Connector.

SCIM Connector Installation Requirements

The Delinea System for Cross-Domain Identity Management (SCIM) connector is a Web application that can be installed on a server machine, which exposes SCIM-defined endpoints and Secret Server APIs.

If the previously installed SCIM version is 4.0 or above and you want to upgrade the SCIMConnector version, download and install the latest MSI file. The installation will back up the configuration file and restore it after replacing the SCIMConnector. If you encounter an issue while upgrading to the latest version, or if your version is below SCIM 4.0, uninstall the previous version first. During installation, the new version automatically replaces the old one without requiring an explicit update button.

Before installing the SCIM connector you should have:

  • Secret Server Local Administrator Account.
  • Secret Server Application Account.

  • Windows 2012R2, 2016 or 2019 Server with:

    • IIS Web Server ASP.Net Core Hosting Bundle (for Windows, it is required to install the Hosting Bundle, which includes .NET Runtime and IIS support. Also, IIS must be installed prior the Hosting Bundle installation. The Hosting Bundle might require a repair if you run it first).
    • The ability to connect to Secret Server (use the browser on the web server you intend to install SCIM Connector on and log into Secret Server to ensure the Web Server can connect to the Secret Server Server/Website).
    • The ability to connect to SCIM Endpoints (for example, Sailpoint and Okta).
    • The account information to connect to each SCIM Endpoint.
    • URL to SCIM Endpoint.

Minimum System Requirements

To install and run the SCIM Connector as a Web application in your environment, Delinea recommends installing the SCIM Connector on a server machine that meets at least these requirements.

Hardware Details
Storage 300 MB of free space
Drives 7200 RPM IDE drives
Processor 2 GHz Pentium 4 CPU
Memory 4 GB RAM
Software Details
OS Windows Server 2012/2016/2019
IIS Enabled
Framework .NET 6.0
Browsers Chrome, Edge, Firefox, IE
License Valid Secret Server licenses: Professional or Platinum

Account Permissions

Logging in to the SCIM Connector through Secret Server

If you log in to the SCIM Connector through Secret Server, you must have the following accounts and account permissions:

  • A local administrator account to initially set up the SCIM Connector and connect it to Secret Server.

  • An application account in Secret Server to configure Secret Server. The application account must have the following permissions:

    • Add Secret

    • Administer Folders

    • Administer Groups

    • Administer Reports

    • Administer Role Assignment

    • Administer Secret Templates

    • Administer Users

    • Bypass Direct API Authentication Role

    • Create Root Folders

    • Deactivate Secret

    • Edit Secret

    • Own Secret

    • View Advanced Secret Options

    • View Roles

    • View Secret

    • View Users

Logging in to the SCIM Connector through the Delinea Platform

If you log in to SCIM Connector through Secret Server configured on the Delinea Platform, you must have the following accounts and account permissions:

  • A platform administrator account to set up the SCIM Connector and connect it to Secret Server. Ensure that this account has all Secret Server administrator permissions.

  • A platform service account to use in the SCIM Connector to configure Secret Server.The platform service account that the SCIM Connector uses must have the following permissions:

    • Add Group Role Assignment

    • Add Roles

    • Add Secret

    • Add Session Recording Comments

    • Add User Role Assignments

    • Administer Secret Server Folders

    • Administer Secret Server Reports

    • Administer Secret Templates

    • Bypass Direct API Authentication Restriction

    • Create Root Folders in Secret Server

    • Create a Site

    • Deactivate Secret

    • Delete Group Role Assignment

    • Delete Roles

    • Delete Secret Server On Premises Templates

    • Delete User Role Assignment

    • Edit Command Group

    • Edit Secret

    • Manage Identity settings

    • Own Secret

    • Personal Folder in Secret Server

    • Read Another Users Profile Settings

    • Update Another Users Profile Settings

    • Update Roles

    • View Advanced Secret Options

    • View Command Group

    • View Group Role Assignment

    • View Identity settings

    • View Other User/Group Permissions

    • View Roles

    • View Secret

    • View Secret Server Reports

    • View Secrets

    • View User Role Assignments