SCIM Directory Integration

Learn how to configure and leverage the SCIM user directory integration.

SCIM schema and supported attributes

In order to leverage SCIM, you will need to create a new SCIM user directory integration within Settings > Integrations. 

SCIM Attributes

  • userName

    • Unique identifier for the user, typically used by the user to directly authenticate to the service provider. 

    • This attribute is required
  • name.formatted

    • The user's fully formatted name (for example, "John Doe")
    • This attribute or the display name attribute is required 
  • displayName
    • The user's fully formatted name (for example, "John Doe")
    • This attribute or the name.formatted attribute is required 
  • active

    • The user's status within the identity provider.
    • Users who are "soft deleted" or marked as inactive will be moved to the Archived Users section within Kandji.
  • emails.value

    • The user's email address as a subattribute of emails
    • Only the first email in the list will be stored; additional email values will be ignored. 

SCIM Authentication and Base URL 

The SCIM user directory integration leverages the common authentication method of an HTTP authorization header with a bearer token. You can retrieve this bearer token by creating a SCIM connection as shown below. Your SCIM base URL will generally be in the format of https://subdomain.clients.us-1.kandji.io/api/v1/scim

Create a New SCIM User Directory Integration

In order to leverage SCIM, you will need to create a new SCIM user directory integration within Settings > Integrations. 

  1. Click Settings in the left-hand navigation bar.
  2. Choose the Integrations tab at the top. 

    CleanShot 2021-06-02 at 11.47.57@2x
  3. Under User Integration choose Add New.

    CleanShot 2021-06-02 at 11.49.39 2@2x
  4. On the Add User Integration blade, click SCIM Protocol
  5. Click Next.
     
    CleanShot 2021-06-03 at 11.30.01@2x-1
  6. Give the user directory a name; this will be used to show which directory a user originates from.
  7. Click Generate.

    CleanShot 2021-06-03 at 11.32.29 2@2x

  8. After specifying the user directory name you will be shown your SCIM API token and the base SCIM URL.
    1. Copy the SCIM API token required for authentication SCIM requests.
    2. Confirm that you have copied your SCIM API token.
    3. Copy the base SCIM API URL; this will be required by your identity provider.

      CleanShot 2021-06-02 at 13.11.12@2x-1