There is a variety of identity providers for user and identity management in the market. Regardless of the differences between systems, managing users across systems must be standardized and simple to perform. For that, the IETF has come up with a standard that helps organizations keep user management under a common schema and models, reducing the cost and complexity of integration between systems. This standard is the System for Cross-domain Identity Management (SCIM).
How to synchronize users
SCIM provides a schema for getting or setting users’ information. Based on that schema and its underlying standard model, Bizagi exposes a REST API with a set of operations to create, read, delete, or update users' information. Based on this you can either use these methods using two options:
•Invoking REST methods, for example, using Postman.
•Using an integration with an Identity Provider.
Supported Identity Providers
Bizagi has tested SCIM integration using Azure AD. Refer to Synchronizing users using Azure AD. Any other systems not listed and provided with examples are supported provided that is SCIM compliant.
•User synchronization using SCIM is only available for Bizagi projects using Automation Service (cloud) or Automation server (on-premises) using an SQL database.
We recommend understanding the SCIM Model first in the following section.
The structure in which data is encoded is based on the following model:
Resource: This object contains the information of all elements as a common denominator. Each resource is identified by its schema that contains the following elements: ID, name, description, attributes, and metadata. In Bizagi, there are two resource types:
•User: This resource contains all the basic user information that you can define for a Bizagi user using SCIM like the username or email, among others. Refer to User for more information about this schema.
•BizagiUserProperties: This resource is an extended schema for the User resource that contains all the user’s properties that are used for user configuration. You can for instance whether the user is enabled for assignments. Here you can also find extended user properties created in Bizagi. Refer to Extended Attributes for more details. (This option is not available in Azure AD).
For further information about schemas, see SCIM schemas.
The Bizagi SCIM services exposes a set of discovery services to get attributes, details and configuration, and another set of services for operations:
•Service Provider Config: Get information about available options, authentication schemes and data models.
•Resource Types: Get all the resource types.
•Schemas: Get the schemas in a JSON.
Get OAuth token service
This service is used to get the OAuth 2.0 authorization token:
•Create: Service to create one user.
•Read: Get information of a user.
•Update: Update the information of a user.
•Replace: This service is used to replace all the information of a user.
•Delete: This service is used to deactivate (logically) a user.
The following section describes the synchronization procedure.