SCIM Connector Installation

The Delinea SCIM Connector uses Windows Installer to install and configure the SCIM Connector website. There are 3 main paths that the installer uses to set up the website.

SCIM Connector Installer Download

Click here to download the latest version of the SCIM Connector installer.

Basic Installation

1. Run the SCIMConnector.msi as administrator on the server where IIS is available. If the Run As Administrator option is unavailable when right-clicking on the installer file, open the command prompt with administrator and run the installer. The installation performs basic readiness checks and guides you through the website setup.
2. After the initial welcome dialog, select the mode of installation to perform.

3. If you want to set up the SCIM Connector with high availability and a load balancer, select Multiple Instance installation mode. Otherwise, select Single Instance mode.

4. If you prefer a Multiple Instance mode, select Next, then a new window will open to enter the following details:

   1. Passphrase: You must enter any string the user wants in order to generate an encryption key. This value must be the same in all instances.

   2. Shared Folder Path: For this mode, you need to create a shared folder accessible in read/write mode to all SCIM Connector instances for storing configuration files and logs. Enter the shared folder path here. You can make this folder accessible to everyone or domain users. If using a domain, ensure all machines are logged in using the same domain user and set the same user as the identity for the SCIM Connector application pool in IIS. Otherwise, keep it LocalSystem as it is.

   3. Load Balancer Machine Host Name: As per existing functionality, all secrets related to the SCIM Connector are stored under the folder in Secret Server and this folder name is based on the machine host name on which the SCIM Connector is installed like SCIM <Machine Host Name>. But the multiple instance mode contains multiple instances. Hence, you create a folder based on the machine hostname on the load balancer running. Enter the load balancer machine hostname here.

5. Once all required values are entered, select Next.

6. After configuring the instance mode, select the type of installation to perform.

Standard Installation

The standard installation process is used to install the SCIM Connector into a new website in IIS. This requires a custom port, if port 443 and port 80 (standard HTTPS/HTTP ports) are not bound to any site, the SCIM Connector site will be bound to them by default. If Ports 443 or 80 are already bound to a website on the IIS server, a new port will be selected for the SCIM Connector site. Port selection for HTTPS will start from 8443 and increment by one (for example, 8444) until an available port is found. For HTTP, the port selection will start at 8080 and increment up by one. Use the Advanced option if you want to pick the ports that SCIM Connector will use.

1. Select the Standard option to create a new website in IIS and click Next.

2. Review the End-User License Agreement. Once satisfied, check the I accept the terms and the License Agreement checkbox and click Next.

3. Provide the path where the application files will be installed. A subdirectory (SCIMConnector) will be created in the specified path (for example, C:\inetpub\wwwroot\SCIMConnector). Click Next.

4. The SCIM Connector installation is now ready to create the website. Click Install and follow the installation prompts.

5. After the installation is complete the default browser will launch and SCIM Connector is ready to be configured. See the Configuration section for additional details.

6. The install creates a subdirectory called SCIMConnector and the application files are displayed as follows and can be seen in the following folder.

   

7. A new website has been created and can be seen in the IIS Manager.

   

8. An SCIMConnectorAppPool application pool has been created and can be viewed in the IIS Manager.

   

9. Review the Basic Settings of the SCIMConnector website. The site is associated with the application pool that was created.

   

10. The site bindings (HTTP and HTTPS) have been created for the website.

    

The ports may differ from the standard HTTP/HTTPS ports. This is because another website in IIS has already taken the standard ports for HTTP and HTTPS (80/443).

The installation will search for a certificate with the hostname and use this for configuring HTTPS. This can be changed after the installation to any certificate that is desired and available. If no certificate is found, the installation will create one that is self-signed.

Advanced Installation

The advanced installation process uses the default website.

The Advanced option allows the SCIM Connector to be installed as either a virtual directory under the default website or the creation of a new website while defining the binding ports. The advanced installation process is the same as the standard installation process.

1. To install the SCIM Connector as a virtual directory under the default website select the Advanced option and click Next.

2. Select Use Default Web Site and click Next.

3. Review the End-User License Agreement. Once satisfied, check the I accept the terms and the License Agreement checkbox and click Next.

4. Provide the path where the application files will be installed. A subdirectory (SCIMConnector) will be created in the specified path (for example, C:\inetpub\wwwroot\SCIMConnector) then click Next.

5. For Virtual Directory installations, it’s recommended to change the path or the IIS Manager will show both the folder and the virtual directory.

   

6. Select Install to start the SCIM Connector installation to create the website.

7. When the installation is complete, the default browser is launched, and the SCIM Connector is ready to be configured. See the Configuration section for additional details.

Instead of creating a new website, the installation has created a virtual directory under the default website. The bindings or ports associated with the virtual directory are the same as the default website.

The URL to access the SCIM Connector is different. To access the SCIM Connector when it is a Virtual Directory, use the hostname or IP address and append/SCIMConnector.

Creating a New Website

The installation with the Create New Website with port option is the same as the standard installation process but enables you to predefine the ports to be used.

1. Select Create new website and click Next.

   There may already be a default website in IIS. If there is a port conflict, the following dialog will display. You can choose a custom port to enter in the HTTPS Port field.

2. By default, HTTPS communication is recommended. However, if SCIM endpoints don’t work with HTTPS, select the Enable http checkbox to enable HTTP.

3. Provide the custom available port for HTTP and select Next.

   

Once the installation is complete, the Login page for SCIM Connector should be displayed in the default browser. If the browser does not launch, you can access the SCIM Connector by the website or virtual application. The Login page requires the URL to the Secret Server and either a local or domain Secret Server Administrator account.

The status will appear as “Multiple Instance Setup: true, Shared Path: \\XX.XX.XX.XXX\SCIM_Config” at the bottom for multiple instance mode. If it is showing false, check whether the shared folder is accessible and verify the permissions.

"XX.XX.XX.XXX" refers to a valid IP address.

The status will appear as “Multiple Instance Setup: false” for a single instance mode.

Repairing the SCIM Installation

The repair installation process is used to restore lost files and mend the installation if it has been hampered. Right-click on the installer and run as Admin.

Post-Installation Tasks

• Logging In to the SCIM Connector

• Verifying the Secret Server SSL Certificate

• Configuring Proxy Server to Redirect Network Traffic to Secret Server

• Replacing or Assigning a New SSL Certificate for the SCIM Connector in IIS