SCIM API

The SCIM RESTful API is used to administer users, groups, devices, and roles for a tenant.

System for Cross-domain Identity Management (SCIM) is an open standard for automating the exchange of user identity information between identity domains or IT systems. Ionic supports the SCIM protocol for this provisioning.

The SCIM API contains five resources: users, groups, devices, roles, and scopes.

In addition, you can perform multiple operations on these resources through one request by using the Bulk API request.

NOTE: Management of these resources can be accomplished through either the API or the Ionic dashboard. For instructions on using the Ionic.com dashboard, see the Administrator Console Guide.

Supported Features:

  • Protocol: SCIM 1.1
  • Authentication: HTTP Basic Authentication

Restrictions:

  • Nested Groups are not currently supported.

SCIM Server and Client

The Ionic SCIM API functions as a SCIM Server, meaning it receives and processes SCIM messages sent by some other party. If you want to integrate your Active Directory user stores into Ionic, you will need to either use a third party identity provider (for example, Ping Identity) or write you own connection layer as the SCIM client. These “provisioning interfaces” typically run on a local server at a site of your choosing and connect directly to your Active Directory instance. Upon first establishing a connection with Ionic, all Users and Groups configured in the Provisioning Software will be translated into SCIM messages and sent to our API.

Take the example of using Ping as your identity provider. When you connect via the third identity provider (Ping), it first does an initial push of all users to the SCIM API to synchronize the third party identity sources (Ionic) with the root source of identity (Active Directory). After the two identity stores (Ionic and the root source Active Directory) are synchronized, the Identity Provider only makes marginal updates to the users that are modified. These changes are in turn automatically propagated via PUT (update) messages to the SCIM API.

If you wish to write your own connection layer, you will need to use the SCIM API.

Ionic SCIM Implementation Details

Ionic’s SCIM API is compliant with the 1.1 version of the protocol. Please see the SCIM Core Schema 1.1 for more information on the protocol.

Authentication and Authorization

See API Authentication and Authorization.