SCIM 2.0 Configuration
SCIM (System for Cross-domain Identity Management) is an open standard used for automating user and group provisioning across systems.
SCIM 2.0 is the current version of the standard and defines REST-based APIs for identity provisioning and lifecycle management.
SCIM 2.0 Support in Kyvos
To meet enterprise identity management and security requirements, Kyvos supports SCIM 2.0 for automated user and group provisioning.
With SCIM 2.0 enabled, Kyvos integrates seamlessly with external Identity Providers (IdPs) with Okta.
This automatically creates, updates, deactivates, and manages users and groups in Kyvos.
Benefits
Eliminates manual user administration
Reduces operational overhead
Improves security through centralized identity control
Ensures compliance with enterprise IAM (Identity and Access Management) best practices
Important to know
Kyvos supports Okta SCIM provisioning only for Kyvos Web Portal. It is not applicable to Kyvos Manager.
Kyvos environment must be public to use it for SCIM provisioning.
Change of user role works only for authentication type set to Remote Authentication System
To configure SCIM in created SAML app. Refer-Add SCIM provisioning to app integrations | Okta Identity Engine
Kyvos supports below authentication modes used in Okta SCIM app.
Basic Auth
OAuth2 with client credentials
Note
The SCIM protocol does not support role mapping.
As a result, a default role must be assigned to all users provisioned through SCIM.
To configure a default role for SCIM users, perform the following steps.
For this, click the cluster name > Security > Kyvos Authentication on the navigation pane.
Click the Actions menu (…) > User Onboarding Configurations. The User Onboarding -Advanced Configurations dialog is displayed.
In the First Login Actions text box, enter the following configuration to define a default user role.
{ "roleName": "Business User", "sendWelcomeMailToUser": false, "updatePreferences": false, "defaultEntities": { } }Click Save to apply the configuration.