Use SCIM to manage users and groups in Dutchie POS Backoffice
This article applies to Dutchie POS.
Provision a subset of users onto Dutchie with SCIM.
Dutchie supports a SCIM user endpoint to manage users. SCIM allows users to provision a subset of their organization onto the Dutchie platform with specific roles, permissions, and location access as well as deprovision employee access.
Things to consider
- User management is done using the SCIM endpoint: https://publicapi.leaflogix.net/scim/v2.
- This endpoint is provided in the public API and requires a separate auth token to work.
Generate a token
- Go to Settings > Integrations.
- Click SSO.
-
Select the SCIM Provisioning tab.
Basic vs. Bearer
Depending on the system you are accessing, you can get a Basic auth token or a Bearer one. The basic auth token will require you to set a password. Once your password is set, you will be given a username. You can use it with the password you previously set. Use this username and password when completing the Basic authentication process.
Similarly, you may also set up a bearer token. To do so, click the Bearer tab and select Generate Token. This will create a token that is usable for Bearer authentication in your system.
Configure Okta
- In Okta, go to Settings > Integration.
- Click the Provisioning tab.
- Fill out the necessary fields in the SCIM Connection section.
- If using the Basic authentication, enter your Username and Password in the Basic Auth section.
- In the Settings menu, click To App.
- Map the following Okta Attributes to App Attributes:
- LSPs (Group): The list of Lsp Names the user will have access to
- Locations (Group): The list of locations the user will have access to
- Groups (Group): The groups the user will belong to (Must exist in Dutchie app)
Configure Azure AD
- In Azure > AD > Enterprise App > SCIM app ad the following attributes:
Note: These attributes will be sent in the SCIM user request. - Go to Provisioning > Edit attribute mappings.
- Click Provision Azure Active Directory Users.
- Under Attribute Mapping check the Show advanced options checkbox.
- Click Edit Attribute list for customappsso.
- In the Edit Attribute List, add the necessary attributes and click Save.
Note: If applicable, mark attributes as Multi-value . - Navigate back to the Provisioning section.
- Click Add New Mapping.
Use groups endpoint
Provisioning a group creates a user group in the location where the token was generated. A group in the Identity provider represents a single group in a LSP location. If you want to map every group in every location, you’ll need to create multiple groups in the Identity provider. To learn more about creating permission groups, see User permission groups.