Scim Me Up, Scotty
SCIM is the solution for smart identity management in cloud applications and services.
by Marvin Christ
Bringing users into a system - even if it is not a starship from Star Trek - is a recurring but by no means repetitive task. Every new system in a system landscape requires corresponding access for users of the system and normally comes with its own user administration. In the case of a system like Thing-it, which is generally used by all of a customer's employees, it is preferable not to create the relevant users manually. It is quicker and more secure to add them to the system digitally.
Adding users via manual import: time-consuming and error-prone
Anyone who wants to create user data in a system likes to do this with the help of a simple import. The source file for the import is usually created quickly, the transfer is carried out quickly and there is no need to create individual data records manually. Nevertheless, there are also drawbacks:
What happens to new employees who also need access?
What happens when a user leaves the company?
What happens if a user's rights change - for example, if they are granted additional access rights?
In principle, each of these standard situations requires a new import. This makes the task very time-consuming and prone to errors. With both manual user maintenance and import, users quickly reach the limits of what can be reliably represented as a process - although Thing-it naturally supports both methods. But what alternatives are there?
The SCIM standard simplifies the management of users
The IETF (Internet Engineering Task Force, an organization for the technical development of the Internet) provides an answer to this question: The "System for Cross-Domain Identity Management" SCIM for short. This is an IETF standard that has been available in version 2.0 since 2015. The aim is to simplify identity management in cloud applications and services. The SCIM standard consists of a programming interface, a so-called API, which enables the following things in a standardized way:
Creating and deleting users
Maintenance of user master data
Authorizing users and assigning roles
Thing-it implements the essential aspects of this standard, making it possible to easily manage users (for example from an AD) in Thing-it. The API that Thing-it provides for this is here comprehensively documented here.
Simple integration and synchronization
Many identity platforms support SCIM, including Okta or Azure AD (Active Directory). Integration with the Thing-it API is therefore very simple. Azure AD, for example, provides a provisioning service: This makes it possible to synchronize users and authorizations in Azure AD with other systems that support SCIM. Thing-it fulfills all Azure AD requirements. By default, users and authorizations are synchronized every 20 minutes via the Azure AD Provisioning Service. This standardized integration also enables the use of basic AD technologies. Examples include assigning certain applications to certain users (based on group assignments in AD), assigning rights in the application based on group assignments or extended attributes and many other scenarios.
Opt for a reliable and efficient solution
Thing Technologies thus offers customers a standardized solution with which Thing-it can be easily integrated into the system landscape. Regardless of whether Captain Kirk beams down or up: Thing-it enables prompt and reliable updating of user management via SCIM. Do you have any questions on this topic or are you interested in a demo of our Smart Real Estate Platform? Please feel free to contact us!
GET IN TOUCH
You have questions?
Message or call us - or request your demo today.