Synchronizing users using SCIM's REST methods

<< Click to Display Table of Contents >>

Navigation:  Bizagi Studio > Security definition > Work Portal Security > Synchronizing users >

Synchronizing users using SCIM's REST methods

Overview

There is a variety of identity providers for user and identity management in the market. Regardless of the differences between systems, managing users across systems must be standardized and simple to perform. For that, the IETF has come up with a standard that helps organizations keep user management under a common schema and models, reducing the cost and complexity of integration between systems.  This standard is the System for Cross-domain Identity Management (SCIM).

 

How to synchronize users

SCIM provides a schema for getting or setting users’ information. Based on that schema and its underlying standard model, Bizagi exposes a REST API with a set of operations to create, read, delete, or update users' information. Based on this you can either use these methods using two options:

 

Invoking REST methods, for example, using Postman.

Using an integration with an Identity Provider.

 

Supported Identity Providers

Bizagi has tested SCIM integration using Azure AD. Refer to Synchronizing users using Azure AD. Any other systems not listed and provided with examples are supported provided that is SCIM compliant.

 

Prerequisites

User synchronization using SCIM is only available for Bizagi projects using Automation Service (cloud) or Automation server (on-premises) using an SQL database.

 

We recommend understanding the SCIM Model first in the following section.

 

The model

The structure in which data is encoded is based on the following model:

 

SCIM_1A

 

Resource: This object contains the information of all elements as a common denominator. Each resource is identified by its schema that contains the following elements: ID, name, description, attributes, and metadata. In Bizagi, there are two resource types:

User: This resource contains all the basic user information that you can define for a Bizagi user using SCIM like the username or email, among others. Refer to User for more information about this schema.

BizagiUserProperties: This resource is an extended schema for the User resource that contains all the user’s properties that are used for user configuration. You can for instance whether the user is enabled for assignments. Here you can also find extended user properties created in Bizagi. Refer to Extended Attributes for more details. (This option is not available in Azure AD).

 

For further information about schemas, see SCIM schemas.

 

Services

The Bizagi SCIM services exposes a set of discovery services to get attributes, details and configuration, and another set of services for operations:

 

Discovery services

Service Provider Config: Get information about available options, authentication schemes and data models.

GET [Project_URL]/scim/v2/ServiceProviderConfig

Resource Types: Get all the resource types.

GET [Project_URL]/scim/v2/scim/v2/ResourceTypes

Schemas: Get the schemas in a JSON.

GET [Project_URL]/scim/v2/Schemas

 

Get OAuth token service

This service is used to get the OAuth 2.0 authorization token:

POST [Project_URL]/oauth2/server/token

 

Operation services

Create: Service to create one user.

POST [Project_URL]/scim/v2/Users

Read: Get information of a user.

GET [Project_URL]/scim/v2/Users/{userName}

Update: Update the information of a user.

PATCH [Project_URL]/scim/v2/Users/{userName}

Replace: This service is used to replace all the information of a user.

PUT [Project_URL]/scim/v2/Users/{userName}

Delete: This service is used to deactivate (logically) a user.

DEL [Project_URL]/scim/v2/Users/{userName}

 

The following section describes the synchronization procedure.