SCIM active directory integration

Learn how to connect to Collaboard's SCIM endpoint and sync your AD users with Collaboard.

Introduction and SCIM scope

SCIM, or System for Cross-domain Identity Management is an open standard designed to manage user identity information. SCIM provides a defined schema for representing users and groups, and a RESTful API to run CRUD operations on those user and group resources.

The goal of SCIM is to securely automate the exchange of user identity data between your company's cloud applications and any service providers, such as enterprise SaaS applications.

For detailed information regarding SCIM, please look at https://scim.cloud/

Our Auth API server supports the SCIM specification by providing a SCIM API. Using the SCIM API, the client application can get and modify all the information available in auth.

All the API methods require authentication in order to be used, and the authentication token will provide the context of the calling user.

We support the entire SCIM scope listed at https://scim.cloud/ except Bulk: POST https://example.com/{v}/Bulk.

Find the supported SCIM methods in this document.

Setup process in a nutshell

Homework: you need to configure your AD user provisioning
1. define groups/ members/ etc.
  1. Determine which groups will get a license and thus become subscription members and which groups will contain free users without a license.
2. create the provisioning application
Use the SCIM self-service to create an auth token and thus establish the SCIM connection
Use the access token and the SCIM endpoint URL at your provisioning application to establish the connection with our SCIM endpoint.
Continue with the Discovery chapter below.

Discovery

The SCIM endpoints are located under https://{AUTH_API_BASE_URL}/scim/v2

Environment	AUTH_API_BASE_URL
WEB	https://api.collaboard.app/auth
DE	https://de.collaboard.app/server/auth
CH	https://ch-api.collaboard.app/auth

The discovery endpoints of the SCIM API can be found in the following urls:

ServiceProviderConfig

Specification compliance, authentication schemes, data models.
Endpoint: GET https://{AUTH_API_BASE_URL}/scim/v2/ServiceProviderConfig

ResourceTypes

Returns the types of resources available.
Endpoint: GET https://{AUTH_API_BASE_URL}/scim/v2/ResourceTypes

Supported Methods

The IBV.Auth SCIM API supports the following methods:

Users

Create

POST https://{AUTH_API_BASE_URL}/scim/v2/Users

Read

GET https://{AUTH_API_BASE_URL}/scim/v2/Users/{id}

Replace

PUT https://{AUTH_API_BASE_URL}/scim/v2/Users/{id}

Delete

DELETE https://{AUTH_API_BASE_URL}/scim/v2/Users/{id}

Update

PATCH https://{AUTH_API_BASE_URL}/scim/v2/Users/{id}

Search

GET https://{AUTH_API_BASE_URL}/scim/v2/Users?ﬁlter={attribute}{operator}{value}&startIndex=1&count=10

Supported attributes: Username, FirstName, LastName, Email, PhoneNumber
Supported operators: eq (equals), sw (starts with), ew (ends with), co (contains)
Paging: Supported
Sort: Not supported

Bulk

Not supported

Groups

Create

POST https://{AUTH_API_BASE_URL}/scim/v2/Groups

Read

GET https://{AUTH_API_BASE_URL}/scim/v2/Groups/{id}

Replace

PUT https://{AUTH_API_BASE_URL}/scim/v2/Groups/{id}

Delete

DELETE https://{AUTH_API_BASE_URL}/scim/v2/Groups/{id}

Update

PATCH https://{AUTH_API_BASE_URL}/scim/v2/Groups/{id}

Search

GET https://{AUTH_API_BASE_URL}/scim/v2/Groups?ﬁlter={attribute}{operator}{value}&startIndex=1&count=10

Supported attributes: DisplayName
Supported operators: eq (equals), sw (starts with), ew (ends with), co (contains)
Paging: Supported
Sort: Not supported

Bulk

Not supported