View
480
Download
0
Category
Preview:
Citation preview
Using SCIM to Enable Cloud Identity
Silicon Valley IAM User GroupAugust 20, 2015
Provisioning IDaaS
SpeakerPat PattersonDeveloper Evangelist Architect, Salesforce@metadaddy
Agenda
1. What is User Provisioning?2. Benefits3. Standards4. Demo
User Provisioning – Managing the User Lifecycle
Create, Update,
Delete Users
User Provisioning – Managing the User Lifecycle
Create, Update,
Delete Users
Works with Other User Repositories Too
Create, Update, Delete Users
ActiveDirectory
On Premise
HRApp
Salesforce Identity Connect
Benefits
Benefits for Employee Use Cases
Security
Audit & Compliance
IT Productivity
User Termination
Who has access to what?
Automated account creation & update
Benefits for Customer and Partner Use Cases
User Onboarding
Keep User Info in Sync
Self Service
Provision user intomultiple web properties
Update email change across all apps
Access requestwith Approvals
Standards
Simple Cloud Identity Management http://www.simplecloud.info/ SCIM 1.0 released in 2011 SCIM 1.1 released in 2012 IETF working on SCIM 2.0
System for Cross-domain Identity Management
SCIM Use Cases
Provision and de-provision user accounts Update attributes on user accounts Synchronize accounts across services Manage group membership
SCIM Basics
Application-level, REST protocol OAuth recommended for
authentication/authorization Create, modify, retrieve, discover users and
groups Common user schema Extensible
SCIM Schema
Core schema– name, userName, emails etc
Enterprise extension– employeeNumber, department, manager etc
Custom extensions– e.g. urn:salesforce:schemas:extension:18CHARORGID
– Custom fields
SCIM in Action
SCIM Request – Retrieve a User
GET /services/scim/v1/Users/005E0000000HimUIAS HTTP/1.1Host: na1.salesforce.comAuthorization: Bearer ACCESS_TOKEN
SCIM Response - Core{ "displayName": "Adam Seligman", "userName": "adam@devorg.com", "id": "005E0000000HimUIAS", "emails": [ { "primary": true, "type": "work", "value": "ppatterson@salesforce.com" } ], ...
SCIM Response - Enterprise ... "urn:scim:schemas:extension:enterprise:1.0": { "employeeNumber": "156189", "manager": { "displayName": "Pat Patterson", "managerId": "005E0000000HiFiIAK" }, "organization": "00DE0000000HegHMAS" }, ...
SCIM Response - Custom
... "urn:salesforce:schemas:extension:00DE0000000HegHMAS": { "Favorite_Color__c": "Green" }, ...
SCIM Implementations
Demo
Use Case We’ll hire a new employee – Vikas Jain
– Create Salesforce account Vikas gets a promotion, with more
responsibility– Allow access to ERP system
After a long and successful career, Vikas retires– Deactivate all accounts
Q & APat PattersonDeveloper Evangelist Architect, Salesforce@metadaddy
Thank You
Recommended