Skip to main content

System for Cross-domain Identity Management (SCIM)

Flexera One supports System for Cross-domain Identity Management (SCIM) for automated user provisioning and deprovisioning from your identity provider (IdP) to Flexera One.

SCIM is an open standard that enables the automation of user provisioning. By enabling SCIM, you can connect Flexera One to external identity providers to seamlessly import, export, and synchronize identity resources. This streamlines user onboarding and offboarding based on changes in your external system and helps control access by limiting the number of users with high-level privileges in Flexera One.

info

Currently, SCIM integration with Microsoft Entra ID (formerly Azure Active Directory) is supported.

important
  • Users provisioned via SCIM can only sign in using single sign-on (SSO). They cannot sign in using a username and password.
  • When a user is deleted via SCIM, they are removed from the organization only to prevent accidental deletion across multiple organizations when a user belongs to multiple organizations.

Prerequisites for SCIM Provisioning

Organization Requirements

  • No new capabilities are required. The SCIM feature is available to all customers with existing Identity and Access Management (IAM) capability.
  • A new role, SCIM Operator, is used to manage SCIM API resources.

API Information

A new set of APIs are available under the scim namespace with the following base URL format:

api.flexera.{TLD}/scim/v2/orgs/{orgId}/*

Example Endpoints:

  • api.flexera.com/scim/v2/orgs/1105/ServiceProviderConfig
  • api.flexera.eu/scim/v2/orgs/28018/Users
  • api.flexera.au/scim/v2/orgs/28018/Groups/123

Supported SCIM Operations

Configurations

  • List Service Provider Configurations
  • List Schemas
  • Show Schema
  • List Resource Types
  • Show Resource Type

Users

  • List Users (filter by ID or username)
  • Show User
  • Create User (only if domain is verified)
  • Update User
  • Replace User
  • Disable User
  • Delete User

Groups

  • List Groups (filter by ID or display name)
  • Show Group
  • Create Group
  • Update Group
  • Replace Group
  • Delete Group

Next Steps