habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d5172d18ad1f28f66ea88d7090a5795912cdef5
authentik/website/docs/users-sources/sources/protocols/scim/index.md
Tana M Berry 6d5172d18a website: latest PR for new Docs structure (#11639) 
* first pass

* dependency shenanigans

* move blueprints

* few broken links

* change config the throw errors

* internal file edits

* fighting links

* remove sidebarDev

* fix subdomain

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix relative URL

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix mismatched package versions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix api reference build

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test tweak

* links hell

* more links hell

* links hell2

* yep last of the links

* last broken link fixed

* re-add cves

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add devdocs redirects

* add dir

* tweak netlify.toml

* move latest 2 CVES into dir

* fix links to moved cves

* typoed title fix

* fix link

* remove banner

* remove committed api docs

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* integrations: remove version dropdown

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Update Makefile

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* change doc links in web as well

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix some more docs paths

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fix more docs paths

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* ci: require ci-web.build for merging

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* Revert "ci: require ci-web.build for merging"

This reverts commit b99a4842a9.

* remove sluf for Application

* put slug back in

* minor fix to trigger deploy

* Spelled out Documentation in menu bar

* remove image redirects...

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove explicit index.md

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove mdx first

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* then remove .md

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add missing prefix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Tana M Berry <tana@goauthentik.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2024-10-09 09:33:40 -05:00

2.7 KiB
Raw Blame History

title
title
SCIM Source

:::info This feature is in technical preview, so please report any bugs on GitHub. :::

The SCIM source allows other applications to directly create users and groups within authentik. SCIM provides predefined schema for users and groups, with a RESTful API, to enable automatic user provisioning and deprovisioning, SCIM is supported by applications such as Microsoft Entra ID, Google Workspace, and Okta.

The base SCIM URL is in the format of https://authentik.company/source/scim/<source-slug>/v2. Authentication is done via Bearer tokens that are generated by authentik. When an SCIM source is created, a service account is created and a matching token is provided.

First steps

To set up an SCIM source, log in as an administrator into authentik. Navigate to Directory->Federation & Social login, and click on Create. Select the SCIM Source type in the wizard, and give the source a name.

After the source is created, click on the name of the source in the list, and you will see the SCIM Base URL which is used by the SCIM client. Use the Click to copy token button to copy the token which is used by the client to authenticate SCIM requests.

Supported Options & Resource types

/v2/Users

Endpoint to list, create, update and delete users.

/v2/Groups

Endpoint to list, create, update and delete groups.

There is also the /v2/ServiceProviderConfig and /v2/ResourceTypes, which is used by SCIM-enabled applications to find out which features authentik supports.

SCIM source property mappings

See the overview for information on how property mappings work.

Expression data

Each top level SCIM attribute is available as a variable in the expression. For example given an SCIM request with the payload of

{
    "schemas": [
        "urn:scim:schemas:core:2.0",
        "urn:scim:schemas:extension:enterprise:2.0"
    ],
    "userName": "foo.bar",
    "name": {
        "familyName": "bar",
        "givenName": "foo",
        "formatted": "foo.bar"
    },
    "emails": [
        {
            "value": "foo.bar@authentik.company",
            "type": "work",
            "primary": true
        }
    ],
    "title": "",
    "urn:scim:schemas:extension:enterprise:2.0": {
        "department": ""
    }
}

The following variables are available in the expression:

  • schemas as a list of strings

  • userName as a string

  • name as a dictionary

  • emails as a dictionary

  • title as a string

  • urn_scim_schemas_extension_enterprise_2_0 as a dictionary

    :::info Top-level keys which include symbols not allowed in python syntax are converted to _. :::