{"id":75899,"date":"2023-05-31T20:54:18","date_gmt":"2023-06-01T00:54:18","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=75899"},"modified":"2024-11-13T02:49:48","modified_gmt":"2024-11-13T07:49:48","slug":"get-started-identity-management-connectors","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/get-started-identity-management-connectors","title":{"rendered":"Get Started: SCIM Identity Management"},"content":{"rendered":"\n
Our Identity Management (IdM) Connectors manage application user accounts through the System for Cross-domain Identity Management (SCIM) protocol. These integrations allow you to automate, and centralize user and group management, depending on the application’s group management support, through the full lifecycle from your JumpCloud Administrator Portal. <\/p>\n\n\n\n
After you integrate an application with JumpCloud, depending on an application’s IdM action support, you can provision, update, and deprovision users. <\/p>\n\n\n\n
Select an application you want to connect with JumpCloud through SCIM. Ensure it has an Identity Management label in the Supported Functionality column – not all applications have both SSO\/JIT and IdM functionality at this time. If you do not see your application listed, you may configure a custom SCIM integration or submit a request<\/a> to have it added to the JumpCloud Integration Catalog<\/a>.<\/p>\n\n\n\n <\/p><\/div> In the Identity Management<\/strong> tab, you may see some application connectors with a Beta flag. We’re evaluating these connectors in various real-world environments so we can gather feedback to ensure and enhance their performance. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n You will need to enable SCIM for your Service Provider, obtain the Base URL (if needed) and generate a Token Key. Groups may also be supported.<\/p>\n\n\n\n If users have been created in the SP, but not in JumpCloud, a manual import may be initiated after SCIM configuration. <\/p>\n\n\n\n The following actions are supported with JumpCloud IdM Connectors:<\/p>\n\n\n\n <\/p><\/div> Not all applications support all three IdM actions.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n <\/p><\/div> SCIM Provisioning<\/a> differs in both its implementation and output from another type of web app provisioning, Just-in-Time<\/a>. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n Application support for provisioning means that JumpCloud can create user accounts in the connected application. This means that after you integrate an application with JumpCloud, and bind a new user to the application in JumpCloud, a new account is created for the user in the connected application with the following attributes:<\/p>\n\n\n\n Addresses<\/p>\n Addresses<\/p>\n Phones<\/p>\n Phones<\/p>\n Application support for updating means that JumpCloud can update accounts on the connected application. This means that after you integrate an application with JumpCloud and bind a new user to the application in JumpCloud, anytime you update the user in JumpCloud, the user is updated in the application.<\/p>\n\n\n\n Application support for deprovisioning means that JumpCloud can remove user accounts from the connected application. This means that after you integrate an application with JumpCloud and unbind a user from the application in JumpCloud, the user is deactivated in the application; the account still exists in the application, but it is placed in an inactive state. <\/p>\n\n\n\n For the most up-to-date list of supported IdM connectors, see JumpCloud’s Integration Catalog<\/a>.<\/p>\n\n\n\n Applications that you can integrate with JumpCloud through an IdM Connector can be found on the Configure New Applications panel with the Identity Management<\/strong> badge displayed. <\/p>\n\n\n\n2 \u2013 Configure Your App<\/strong><\/h3>\n\n\n\n
3 \u2013 Import Users<\/strong><\/h3>\n\n\n\n
IdM Actions<\/strong><\/h2>\n\n\n\n
\n
Provisioning<\/strong><\/h3>\n\n\n\n
\n\n
\n \n SCIM Attribute Name <\/th>\n \n JumpCloud Attribute Name <\/th>\n \n Notes <\/th>\n <\/tr>\n \n \n ExternalID <\/td>\n \n id <\/td>\n \n - <\/td>\n <\/tr>\n \n \n Username <\/td>\n \n Username <\/td>\n \n If a user with the specified username and email are found in the service provider application, JumpCloud takes over the account. If no user is found in the service provider application with the specified username and email, a new user is provisioned in the application with these attributes. <\/td>\n <\/tr>\n \n \n Password <\/td>\n \n Password <\/td>\n \n Users are provisioned with a temporary password. When the user sets their password, it is pushed to the application. Subsequent password updates are also pushed to the application. <\/td>\n <\/tr>\n \n \n GivenName <\/td>\n \n Firstname <\/td>\n \n - <\/td>\n <\/tr>\n \n \n FamilyName <\/td>\n \n Lastname <\/td>\n \n - <\/td>\n <\/tr>\n \n \n MiddleName <\/td>\n \n Middlename <\/td>\n \n - <\/td>\n <\/tr>\n \n \n Displayname <\/td>\n \n Displayname <\/td>\n \n - <\/td>\n <\/tr>\n \n \n Emails <\/td>\n \n Email - primary <\/td>\n \n If a user with the specified username and email are found in the service provider application, JumpCloud takes over the account. If no user is found in the service provider application with the specified username and email, a new user is provisioned in the application with these attributes. <\/td>\n <\/tr>\n \n \n Active <\/td>\n \n not Suspended and not PasswordExpired <\/td>\n \n - <\/td>\n <\/tr>\n \n \n \n
\n \n
\n - <\/td>\n <\/tr>\n \n \n \n
\n \n
\n - <\/td>\n <\/tr>\n \n \n EmployeeNumber <\/td>\n \n EmployeeIdentifier <\/td>\n \n - <\/td>\n <\/tr>\n \n \n Department <\/td>\n \n Department <\/td>\n \n - <\/td>\n <\/tr>\n \n \n Organization <\/td>\n \n Company <\/td>\n \n - <\/td>\n <\/tr>\n \n \n Title <\/td>\n \n JobTitle <\/td>\n \n - <\/td>\n <\/tr>\n <\/table>\n<\/div><\/div>\n\n\n\n Updating<\/strong><\/h3>\n\n\n\n
Deprovisioning<\/strong><\/h3>\n\n\n\n
Connecting IdM Applications to JumpCloud<\/strong><\/h2>\n\n\n\n