Using System for Cross-domain Identity Management (SCIM), SAML users in Laserfiche Directory Server can be created, updated, and deprovisioned directly by an identity provider like Okta or Microsoft Entra ID. User data is stored in a consistent way and can be communicated as such to Laserfiche Directory Server. This enables IT departments to automate the user provisioning and deprovisioning process. Because of this, SCIM simplifies the user experience for customers utilizing SAML users.
How SCIM Works
SCIM is a REST and JSON-based protocol that defines a client and server role. A client is usually an identity provider (IdP), like Okta and or Microsoft Entra ID, that contains a directory of user identities. A service provider (SP) is usually an app, like Laserfiche Directory Server, that needs a subset of information from those identities. When changes to identities are made in the identity provider, including creation, updates, and deletion, they are automatically synced to the service provider according to the SCIM protocol. Laserfiche Directory Server auditing includes changes to identities based on SCIM messages and Directory Server SCIM configuration changes.
Note: To learn more about SCIM, please see Okta and Microsoft Entra ID reference documentation, for example, What is SCIM?, Okta and SCIM, or SCIM synchronization with Microsoft Entra ID.
Configuring SCIM
Here are the steps you need to take to configure SCIM: