Provision user with SCIM.

When using Dutchie’s SCIM provisioning tool, you can enable SCIM Preview to preview your changes before running them against a live environment. SCIM Preview introduces a Preview Mode setting that allows you to send SCIM Requests to a preview table instead of directly to the live database. This important step allows you to preview the results of SCIM requests and validate assumptions on how users will be provisioned. By using SCIM Preview you can answer several questions about your customers before running SCIM live including: 

  • Are my employees being provisioned into their proper locations and with proper permissions?
  • Are any of my LSPS or Locations misspelled or misconfigured in a way that will prevent my users from being properly provisioned?
  • Are any employees that need to be de-provisioned done-so properly?

Things to consider

  • All SCIM requests made while in “Preview Mode” are rejected by our SCIM endpoint so that the host server doesn’t treat them as accepted and knows to retry them when the SCIM is configured for Live Mode.  
  • In order to use SCIM Preview for groups the correct settings need to be enabled. Contact your Dutchie Administrator to make sure you can use SCIM Preview groups.
  • Once you have validated your SCIM requests in Preview Mode you can safely switch to Live Mode and ensure that provisions will happen as expected.

Enable SCIM Preview

Enabling SCIM preview means that any SCIM requests sent from the configured EntityID will be sent to our SCIM Preview tables.  

  1. Go to Settings > Integrations.
  2. Click SSO
  3. On the IDP tab, check the Use SCIM Preview Mode checkbox.
  4. Click Update

Test, Run, Verify, and Run SCIM

Test

  1. Enable SCIM Preview Mode. 
  2. Ensure that the EntityID issuing the request is the same as the request configured on the IDP 1 tab.
  3. Click the SCIM Provisioning tab and review your request. Users added to an LSP/Location are shown in +GREEN. Users removed from an LSP/Location are shown in -RED.
  4. If all looks well, send multiple SCIM requests while in preview mode and verify the results.

Verify

  1. Verify that all LSPs, Locations, and Groups are named properly and configured for SSO with the same Entity ID as configured previously. There should be zero (0) ERRORS shown for any users.
  2. Verify that all users are provisioned as expected.
  3. Verify that any deprovisioned users appear as expected.

Run SCIM

  1. Uncheck the checkbox for Use SCIM Preview Mode.
  2. Click Update to save changes.
  3. Run a single SCIM Request to verify that a single user is provisioned properly.
  4. Run SCIM with multiple users and verify that multiple users are provisioned properly.
  5. Turn SCIM on for all users.

Configure SCIM preview 

  • Provisioned requests show as +Green and  Deprovisioned requests shown in -Red.
  • You can filter SCIM Requests by username / LSP or Location.
  • Filter to show all users with Errors.
  • Delete all SCIM Users.

SCIM Preview for Groups

Create a SCIM Preview group in Okta

SCIM Preview groups have to be created in Okta before linking them in Dutchie Backoffice. To create a group:

  1. Go to Directory > Groups in your Okta environment.
  2. Click the Add group button and enter a group name and description.
    Note: Your group name has to follow the urn:LL Training Co.:LL* format
  3. Click Save. 
  4. Select Application from the side Navigation. 
  5. Click app3.
  6. Under the Assignments tab, click Group and select Assign to Groups from the Assign dropdown.
  7. Select Assign next to the group name. 
  8. Click the Save and Go Back button then click Done. 

Once you have assigned to groups you are ready to push the group which will allow you to link it to Dutchie. 

  1. Under the Push Groups tab, select Find groups by name from the Push Groups dropdown.
  2. Enter the group name and click Save. 
  3. You will get an error in Okta letting you know that the SCIM is in preview mode. The SCIM Preview Groups tab is now available in the Dutchie Backoffice. 
     
  4. In order to make this group active and available in the Dutchie Permission groups. You’ll need to disable SCIM Preview mode:
      1. In Dutchie go to the IDP 1 tab under the SSO integration. 
      2. Uncheck the Use SCIM Preview Mode box and click Update. 
      3. Return to your Okta push environment.
      4. Click the Error dropdown and select Activate group push to make the group Active.
          
      5. In Dutchie, go to Users > Permission groups and find the created Group in the Permission groups list.