The System for Cross-domain Identity Management (SCIM) specification allows for the automation of user creation, updating, and deactivation from Okta and Microsoft Entra ID to Laserfiche Directory Server.
SCIM Protocol Support
- SCIM 1.1: Laserfiche Directory Server 10.4.4 and later.
- SCIM 2.0: Laserfiche Directory Server 11 Update 3 and later.
Currently, only selected users can be propagated to Laserfiche Directory Server. Laserfiche Directory Server will not propagate users back to the identity provider.
Note: Laserfiche Directory Server 11 Update 5 and earlier supports SCIM user operations. Laserfiche Directory Server 11 Update 6 adds support for SCIM group synchronization and group-based license assignment.
SCIM Terminology
- Okta and Microsoft Entra ID: Identity management services that can be used for SAML authentication in Laserfiche. These services can generate and send user provisioning instructions (for example, provision, update, and import) based on changes made in the identity provider.
- On Premises Provisioning Agent: A lightweight agent that gets provisioning instructions from Okta or Azure AD and sends SCIM requests to Laserfiche Directory Server.
- SCIM 1.1 and Okta: Please see the Installing the Provisioning Agent topic.
- SCIM 2.0: Laserfiche Directory Server 11 Update 3 and later includes a provisioning agent in the form of the Laserfiche Directory Server SCIM Service.
- SCIM Server: Laserfiche Directory Server is the SCIM server that can process SCIM requests sent by the provisioning agent.
Configuring SCIM
To learn more about SCIM and configuring SCIM, please see: