SCIM keys

You can configure SCIM as required.

General

Key

Description

com.aris.umc.scim.active

Use SCIM

Enables SCIM support for User Management.

Valid input

true, false

Example

False

com.aris.umc.scim.endpoint.url

SCIM end point URL

Specifies the end point URL used for SCIM. You cannot change this property.

Valid input

<loadbalancerurl>/umc/scim/v2/{tenant}

com.aris.umc.scim.basic.auth.active

Basic authentication

Enables the authentication scheme using the HTTP basic standard. The default value is true.

Valid input

true, false

Example

True

com.aris.umc.scim.bearer.token.active

Bearer token

Enables the authentication scheme using the bearer token standard. The default value is true.

Valid input

true, false

Example

True

com.aris.umc.scim.token.expiry.day

Token lifetime (in days)

Specifies that the bearer token will expire after this period of time in days.

Valid input

Integer

Example

365

Advanced settings

Key

Description

Valid input

Example

com.aris.umc.scim.service.provider.advance.settings.patch.support

Patch support

The patch support is an optional server functionality that enables clients to update one or more attributes of a SCIM resource, for example a user or a user group, using a sequence of operations to add, remove, or replace values. The default value is true.

Valid input

true, false

Example

True

True, False

True

com.aris.umc.scim.service.provider.advance.settings.change.password.support

Change password support

Enables the support for changing a user password. This means that if a user changes the password in the SCIM system, the password is also changed for ARIS. The default value is false.

Valid input

true, false

Example

False

True, False

False

com.aris.umc.scim.service.provider.filter.support

Filter support

Specifies that clients can discover the filter capabilities of the service provider. Clients use the Filter attribute of the service provider's configuration end point. If filtering is enabled, not all users or user groups are transferred to ARIS, but only a subset. The default value is true.

Valid input

true, false

Example

True

True, False

True

com.aris.umc.scim.user.profile.photo.support

Profile picture support

Specifies whether a profile picture is supported. The default value is false.

Valid input

true, false

Example

False

True, False

False

SCIM client

Key

Description

Valid input

Example

com.aris.umc.scim.connection.enabled

Provisioning

Specifies whether the synchronization of users or user groups for the configured application is enabled. The default value is false.

Provisioning and re-provisioning from the SCIM client

A valid re-provisioning scenario is that users can be moved from the SCIM client to the SCIM server using the SCIM provisioning user interface. You must use the SCIM provisioning user interface to remove users from the SCIM server. You must use the SCIM provisioning user interface to add these users again to the SCIM server.

An invalid re-provisioning scenario is that users can be moved from the SCIM client to the SCIM server using the SCIM provisioning user interface. If the administrator logs into the SCIM server itself and deletes all users from the SCIM server but the list of associated users is still maintained in the SCIM client system This system does not know that users have been deleted from the SCIM server. Therefore, if the administrator wants to delete users directly in the server, the administrator must remove these users from the SCIM provisioning interface and add these users again using the SCIM provisioning interface. The default value is false.

True, False

False

com.aris.umc.scim.connection.name

Connection name

Specifies the connection name used for identifying the application with which the user accounts are synchronized.

String

myconnection

com.aris.umc.scim.connection.provision.mode

Provisioning mode

Specifies whether the creation and synchronization of user accounts based on user and group assignments is performed manually or automatically. The default value is Manual.

Manual, Automatic

Manual

com.aris.umc.scim.connection.url

Connection URL

Specifies the connection string used to communicate with the SCIM services.

URL

https://myserver.com

com.aris.umc.scim.connection.secret.token

Secret token

Is used to access the SCIM services to synchronize the user accounts.

String

37283011-bd3e-4efe-8ed4-5f207b094453

com.aris.umc.scim.connection.provision.options

Objects for provisioning

Specifies which objects are synchronized. The default value is true.

True, False

True

com.aris.umc.scim.connection.user.provision.actions

Supported user actions

Specifies what user actions are supported. The default value is true.

True, False

True

com.aris.umc.scim.connection.group.provision.actions

Supported group actions

Specifies what group actions are supported. The default value is true.

True, False

True

com.aris.umc.scim.connection.user.email.as.username

Use e-mail address as the user name

Specifies that the e-mail address is used as the user name. If you want to use this option, the e-mail addresses must be unambiguous. Otherwise, all actions performed for users or user groups will fail. The default value is false.

True, False

False