What is SCIM?
SCIM is a REST and JSON-based protocol that defines a client and server role. A client is usually an identity provider (IdP), like Okta and or Microsoft Entra ID, that contains a directory of user identities. A service provider (SP) is usually an app, like Laserfiche Directory Server, that needs a subset of information from those user identities. When changes to user identities are made in the identity provider, including creation, updates, and deletion, they are automatically synced to the service provider according to the SCIM protocol. Laserfiche Directory Server auditing includes changes to identities based on SCIM messages and Directory Server SCIM configuration changes.
Note: To learn more about SCIM, please see Okta and Microsoft Entra ID reference documentation, for example, What is SCIM?, Okta and SCIM, or SCIM synchronization with Microsoft Entra ID.
SCIM Protocol Support
- Directory Server 12 supports SCIM 1.1 and SCIM 2.0.
Currently, only selected users can be propagated to Laserfiche Directory Server. Laserfiche Directory Server will not propagate users back to the identity provider.
SCIM Terminology
- Okta and Microsoft Entra ID: Identity management services that can be used for SAML authentication in Laserfiche. These services can generate and send user provisioning instructions (for example, provision, update, and import) based on changes made in the identity provider.
- On Premises Provisioning Agent: A lightweight agent that gets provisioning instructions from Okta or Azure AD and sends SCIM requests to Laserfiche Directory Server.
- SCIM 1.1 and Okta: Please see the Installing the Provisioning Agent topic.
- SCIM 2.0: Laserfiche Directory Server provides a provisioning agent in the form of the Laserfiche Directory Server SCIM Service.
- SCIM Server: Laserfiche Directory Server is the SCIM server that can process SCIM requests sent by the provisioning agent.