SCIM: Platform-specific connectors
In addition to the SCIM: System for Cross-domain Identity Management connector (agtscim) the following platform specific connectors are available:
SCIM is a system for cross-domain identity management that uses a REST API for the exchange of user identity information between identity domains such as to provision or de-provision user accounts in an external system, reset passwords for the accounts, or modify group memberships.
Connector name |
|
Connector type | Executable |
Type (UI field value) | Oracle ERP Cloud |
Connector status / support | Bravura Security-Verified This connector has been tested and is fully supported by Bravura Security. |
Upgrade notes | Requires Bravura Security Fabric 12.3 and above. |
Connector name |
|
Connector type | Executable |
Type (UI field value) | Salesforce (SCIM) |
Connector status / support | Bravura Security-Verified This connector has been tested and is fully supported by Bravura Security. |
Upgrade notes | Requires Bravura Security Fabric 12.3 and above. |
Connector name |
|
Connector type | Executable |
Type (UI field value) | Amazon Web Services (SCIM) |
Connector status / support | Bravura Security-Verified This connector has been tested and is fully supported by Bravura Security. |
Upgrade notes | Requires Bravura Security Fabric 12.3 and above. |
The following Bravura Security Fabric operations are supported by these connectors:
get server information
user change password
administrator reset password
create account
delete account
update attributes
list account attributes
add user to group
delete user from group
List:
accounts
attributes
groups
members
Preparation
Note
These connectors require Bravura Security Fabric 12.3 and above.
The platform specific connectors are initially installed into the samples folder when you install the SCIM: system for Cross-domain Identity Management (agtscim) connector and must be loaded manually before they can be used. See Adding and removing connectors if you need to install the agtscim connector.
To install the samples:
Login as an administrator to the Bravura Security Fabric instance server.
Navigate to <instance>\samples\.
Locate the relevant .con file for the scim connector you wish to install:
Oracle ERP Services (
agtoraerp.con)Salesforce (
agtsalesforcescim.con)Amazon Web Services (
agtscimaws.con)
Copy the *.con file from the samples folder to the agent folder.
Open a command window and navigate to the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ util\ folder.
Run the command:
loadplatform -force -a <AGENT NAME>`For example:
loadplatform -force -a agtoraerp
Setting the administrator credentials
A SCIM target may require one or two sets of administrative credentials depending on the specifications of the target. The basic authentication method will normally only require one set of administrator credentials, while OAuth usually requires two, one of which must use a system password.
For the first administrator, set the Administrator ID and Password to the login ID of an administrative user of the SCIM application server.
For the second administrator, set the Administrator ID and Password to administrative system credentials on the OAuth server. This must match client_id and client_secret on the OAuth server. Ensure that the System password checkbox is checked.
Create a template account
Bravura Security Fabric uses template accounts as models or "blueprints" for creating new accounts on the SCIM server.
Ensure that a user exists on the SCIM server that may be used as the template account.
Targeting platform specific SCIM connectors
Add a target system in Bravura Security Fabric (Manage the System > Resources > Target systems):
Type
Oracle ERP Cloud
Amazon Web Services (SCIM)
Salesforce (SCIM)
Address uses options described in the SCIM address configuration table.
Administrator credentials require administrative and system credentials as described in Setting the administrator credentials .
The full list of target parameters is explained in Target System Options .
Option | Description |
|---|---|
Options marked with a | |
Server | The IP address/domain name of the SCIM server. (key: server) |
Connection over SSL | Select to enforce SSL connections. Default is "true". (key: ssl) |
Service Path | The service path for the SCIM server. Example: services/scim/v1 (key: basePath) |
Port | Port number for the SCIM server. Default is 443 when Connection over SSL is checked. (key: port) |
Validate the server's certificate when connecting | Determines whether to validate the server’s security certificate for SSL connections. Default is "true". (key: checkCert) |
HTTP Network Proxy | Specifies a proxy URL to use for connecting. (key: proxy) |
OAuth server | The IP address/domain name of the OAuth server. (key: oauthServer) |
OAuth service path | The service path for the OAuth server.Example: services/oauth2/token (key: oauthTokenPath) |
OAuth port | Port number for the OAuth server.(key: oauthPort) |
Authentication method | Choose whether to use the basic or OAuth authentication method. This is dependent on the target platform’s specification. (key: authmethod) |
Records per page | Affects the number of records returned during listing. Default: 200. (key: pagesize) |
Group module | Specify where to get the groups for group management. This is dependent on the target platform’s specification. (key: grpmodule) |
Credential works as bearer token | Select to indicate that the admin credentials should also be used as the bearer token. This is dependent on the target platform’s specification and requires OAuth authentication. (key: credasbearer) |
