Provision a subset of users onto Dutchie with SCIM.

Dutchie supports a SCIM user endpoint to manage users. SCIM allows users to provision a subset of their organization onto the Dutchie platform with specific roles, permissions, and location access as well as deprovision employee access. 

Things to consider

Generate a token

  1. Go to Settings > Integrations.
  2. Click SSO
  3. Select the SCIM Provisioning tab. 
    2023-03-28_10-37-53.png
     

Basic vs. Bearer

Depending on the system you are accessing, you can get a Basic auth token or a Bearer one. The basic auth token will require you to set a password. Once your password is set, you will be given a username. You can use it with the password you previously set. Use this username and password when completing the Basic authentication process.

 

Similarly, you may also set up a bearer token. To do so, click the Bearer tab and select Generate Token. This will create a token that is usable for Bearer authentication in your system. 

Configure Okta

  1. In Okta, go to Settings > Integration.
  2. Click the Provisioning tab. 
  3. Fill out the necessary fields in the SCIM Connection section. 
  4. If using the Basic authentication, enter your Username and Password in the Basic Auth section. 
  5. In the Settings menu, click To App. 
  6. Map the following Okta Attributes to App Attributes:
    • LSPs (Group): The list of Lsp Names the user will have access to
    • Locations (Group): The list of locations the user will have access to
    • Groups (Group): The groups the user will belong to (Must exist in Dutchie app)

Configure Azure AD

  1. In Azure > AD > Enterprise App > SCIM app ad the following attributes:
    Note: These attributes will be sent in the SCIM user request. 
  2. Go to Provisioning > Edit attribute mappings.
  3. Click Provision Azure Active Directory Users.
  4. Under Attribute Mapping check the Show advanced options checkbox.  
  5. Click Edit Attribute list for customappsso.
  6. In the Edit Attribute List, add the necessary attributes and click Save.
    Note: If applicable, mark attributes as Multi-value . 
  7. Navigate back to the Provisioning section.
  8. Click Add New Mapping

Use groups endpoint

Provisioning a group creates a user group in the location where the token was generated. A group in the Identity provider represents a single group in a LSP location. If you want to map every group in every location, you’ll need to create multiple groups in the Identity provider. To learn more about creating permission groups, see User permission groups.