FAQ

How to work with disabled user accounts?

The SCIM Connector is an API application that receives API requests from the IAM provider and cannot alter the API sequence. By default, the SCIM Connector does not work with disabled user accounts. If you need to retrieve disabled users forcibly, you should manually modify the Secret Server report scripts. To do this, uncheck the "Enable=1" and "Active=1" checkboxes in SCIM All Users, SCIM All User Groups, and SCIM All Groups report scripts in the Secret Server.

What if the administrator that set up the SCIM Connector has left the company? How can I access the SCIM Connector?

In Secret Server share the SCIM Connector secret with the new administrator and make them the “Owner” of the Secret. Once this is done, they will be able to log into the SCIM Connector with their Secret Server credentials.

What happens while adding a new user when a username is already in Secret Server?

First SCIM Connector checks for a unique email address. If the email address does not exist in Secret Server and the attempt to add a user fails due to a username conflict, the user will be created in Secret Server using the email address for the username.

What if the endpoint tab is not Active or I can’t click on the Endpoint tab in the SCIM Connector UI?

SCIM Connector is disabled. Check the configuration settings, correct any errors in the log, and re-enable SCIM Connector and Endpoint tab should be available.

If the Application Account has not been configured, configure the application account and the tab should be available.

Does a user get deleted permanently in Secret Server by using the SCIM user DELETE endpoint?

No, the user gets disabled instead of permanent delete in Secret Server.

What happens when the password field value is empty or null while creating a new user in Secret Server using the user POST endpoint?

If the password value is null or empty, then SCIM Connector passes the new GUID followed by sCIM@123 string as a value of the password.