Add a custom SCIM connection
Last updated June 26th, 2024
You can add a custom SCIM connection for user sync by your enterprise’s directory. To add a custom SCIM connection:
-
Go to Setting > Identity & Directory > Connection in the Knox Manage console.
-
On the Connection page, click Add.
-
On the Add Connection page, enter basic information about a connection.
-
Connection Type — Select Custom SCIM to specify connection type.
-
Connection Name — Enter the connection name, with a maximum length of 25 characters and consisting of letters, numbers, and special characters (- or _ only). This name is used to distinguish each connection and also used when selecting connections in User, Group, and Organization.
-
Target — Select User or Group for the connection target.
-
-
On the Server tab, do the following:
-
User Authentication — If you have added a User authentication connection in advance, choose Use.
-
Authentication Target — Select the connection added in advance.
-
Copy and save the Tenant URL and Secret Token, making sure you can access them later for use in the IDP portal. Once lost or forgotten, the secret token cannot be retrieved, but it can be reissued.
To reissue it, on the Connection page, click the connection name to view its information, click Details for Token Expiration, and click Replace Token in the Token Details dialog.
-
-
On the User tab, do the following:
- Apply auto Profile — Specify whether a profile is applied to user’s device automatically when their organization details change.
- Click Select to the right of each item to search for the attributes defined in the directory server.
- Click Refresh to the right of each item to reset the saved values back to the default values.
- Select the check box next to User Static Input Value to delete the default mapped values and to allow you to enter values manually.
-
On the Group tab, do the following:
-
Assign or Unassign Auto Profile/App — select a value:
-
When deleting a user, profiles and apps will be unassigned from the user.
-
When deleting a group, profiles and apps will be unassigned from the group.
-
When adding a user, profiles and apps will be applied to the user.
-
-
Click next to Detail in the Mapping Information area and enter information for mapping the group attributes of the directory server and the group attributes entered when registering groups in Knox Manage. The most common values of a directory server are entered automatically, but you can change them according to the directory server.
-
Group Name — Enter the name for the group.
-
Member — Select a member for the group.
-
Organization — Select the organization to which the group belongs. If left unspecified, the group does not belong to any organization.
-
DN (Distinguished Name) — Enter the unique name of the LDAP object.
-
Object Identifier — Enter the ID used to distinguish the synced group.
-
Group Identifier — Enter the name used to distinguish the synced group.
Click Select to the right of each item to search for the attributes defined in the directory server.
Click Refresh to the right of each item to reset the saved values back to the default values.
Select the check box next to User Static Input Value to delete the default mapped values and to allow you to enter values manually.
-
-
-
Click Save.
Is this page helpful?