# SCIM (Beta)
# Preamble
The EE server support user and group management with SCIM, in combination with SAML. SCIM allows external services
to create / delete / update users and groups. Psono doesn't implement the full SCIM specification and instead currently supports
the subset required by Azure.
This guide here will explain how to configure SCIM. We assume that your webclient is running on https://example.com, the server is reachable with
https://example.com/server
(e.g. https://example.com/server/info/
shows you some nice json output).
TIP
This feature is only available in the Enterprise Edition.
# Enable SCIM
Lookup the provider id of your SAML configuration. If your configuration looks like this:
SAML_CONFIGURATIONS:
1:
idp:
entityId: ...
...
Then your provider id is 1. So create a SCIM configuration that looks like this:
SCIM_CONFIGURATIONS:
1:
TOKEN: 'Replace me with a secure long random string'
AUTHENTICATION_METHOD: 'SAML'
PROVIDER_ID: 1
- Change
TOKEN
parameter and replace it with a secure random string. This will later be used by the SCIM provider as authentication. - Change
PROVIDER_ID
parameter to match your SAML configuration's provider id
Restart the server afterwards
The SCIM endpoint is now: https://example.com/server/scim/2.0/1
, so e.g.
https://example.com/server/scim/2.0/1/Schema
https://example.com/server/scim/2.0/1/Users
https://example.com/server/scim/2.0/1/Groups
Users and groups should now automatically provision.