Your SlideShare is downloading. ×
  • Like
CIS13: SCIM Interop
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

CIS13: SCIM Interop

  • 229 views
Published

The System for Cross-Domain Identity Management (SCIM) protocol is the last best hope for crossing the provisioning interoperability chasm—for on-premises and cloud-based applications. Visit the …

The System for Cross-Domain Identity Management (SCIM) protocol is the last best hope for crossing the provisioning interoperability chasm—for on-premises and cloud-based applications. Visit the interop room to learn more about SCIM and chat with participating companies.

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
229
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
8
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. SCIM  1.1  Interop   Cloud  Iden1ty  Summit  2013  
  • 2. example  SCIM  topology   Externally  Hosted On-­‐Premises Create  user (HTTP  POST) Identity  system (SCIM  consumer) SaaS  application (SCIM  service  provider)
  • 3. example  SCIM  topology   Externally  Hosted On-­‐Premises Active   Directory Create  user (HTTP  POST) Directory  syncIdentity  system (SCIM  consumer) SaaS  application (SCIM  service  provider)
  • 4. SCIM  iden1ty  bridge   Externally  Hosted On-­‐Premises Active  Directory LDAP SCIM SCIM  consumer API Partner’s  provisioning  IDaaS Web  application API  or  SCIM SCIM  consumer SCIM  provider Directory  sync OAuth  resource  server Identity Bridge
  • 5. Interoppers   service  provider consumer cisco sailpoint pi  pingfederate sailpoint pi  pingfederate unboundid pi  pingone nexus pi  pingone wso2 salesforce sailpoint salesforce nexus salesforce wso2 salesforce pi  pingfederate unboundid pi  pingfederate unboundid pi  pingone unboundid wso2 wso2 sailpoint
  • 6. Interop  tests   Category Test # Test Name User creation 1.1 Create five users. 2.1 List one user (1.1) with attributes parameter via query to resource. 2.2 List one user (1.1) with filter via query to resource endpoint. 2.3 List users (1.1) with attributes parameter via query to resource endpoint. 3.1 Update user (1.1) via PUT. 3.2 Update user (1.1) via PATCH. 3.3 Change password for user (1.1). Verify by authenticating with server natively if possible Group creation 4.1 Create two groups. 5.1 List one group (4.1) with attributes parameter via query to resource. 5.2 List one group (4.1) with filter via query to resource endpoint. 5.3 List groups (4.1) with attributes parameter via query to resource endpoint. 6.1 Add user (1.1 ) to group (4.1) via PUT. 6.2 Remove user (1.1) from group (4.1) via PUT. 6.3 Add user (1.1) to group (4.1) via PATCH. 6.4 Remove user (1.1) from group (4.1) via PATCH. User deletion 7.1 Delete user (1.1). 8.1 Create two users. 8.2 Update two users (8.1) via PATCH. 8.3 Create two users via PUT, then create group via PUT with users' id attribute. 8.4 Remove users (8.3) from group (4.1) via PATCH, then delete two users (8.3). ServiceProviderConfig retrieval 9.1 Retrieve service provider config. Schema retrieval 10.1 Retrieve user and group schemas. Group update Bulk operation User list User update Group list
  • 7. unbound(sp)<-­‐>pingfederate   Category Test Number Test Name unboundid pingfederate User creation 1.1 Create five users. yes yes 2.1 List one user (1.1) with attributes parameter via query to resource. yes no 2.2 List one user (1.1) with filter via query to resource endpoint. yes no 2.3 List users (1.1) with attributes parameter via query to resource endpoint. yes no 3.1 Update user (1.1) via PUT. yes yes 3.2 Update user (1.1) via PATCH. yes no 3.3 Change password for user (1.1). Verify by authenticating with server natively if possible. yes no Group creation 4.1 Create two groups. yes no 5.1 List one group (4.1) with attributes parameter via query to resource. yes no 5.2 List one group (4.1) with filter via query to resource endpoint. yes no 5.3 List groups (4.1) with attributes parameter via query to resource endpoint. yes no 6.1 Add user (1.1 ) to group (4.1) via PUT. yes no 6.2 Remove user (1.1) from group (4.1) via PUT. yes no 6.3 Add user (1.1) to group (4.1) via PATCH. yes no 6.4 Remove user (1.1) from group (4.1) via PATCH. yes no User deletion 7.1 Delete user (1.1). yes yes 8.1 Create two users. yes no 8.2 Update two users (8.1) via PATCH. yes no 8.3 Create two users via PUT, then create group via PUT with users' id attribute. yes no 8.4 Remove users (8.3) from group (4.1) via PATCH, then delete two users (8.3). yes no ServiceProviderConfig retrieval 9.1 Retrieve service provider config. yes no Schema retrieval 10.1 Retrieve user and group schemas. yes no User list User update Group list Group update Bulk operation
  • 8. unboundid(sp)<-­‐>pingone   Category Test Number Test Name unboundid pingone User creation 1.1 Create five users. yes yes 2.1 List one user (1.1) with attributes parameter via query to resource. yes yes 2.2 List one user (1.1) with filter via query to resource endpoint. yes 2.3 List users (1.1) with attributes parameter via query to resource endpoint. yes 3.1 Update user (1.1) via PUT. yes yes 3.2 Update user (1.1) via PATCH. yes 3.3 Change password for user (1.1). Verify by authenticating with server natively if possible.yes Group creation 4.1 Create two groups. yes yes 5.1 List one group (4.1) with attributes parameter via query to resource. yes 5.2 List one group (4.1) with filter via query to resource endpoint. yes 5.3 List groups (4.1) with attributes parameter via query to resource endpoint. yes 6.1 Add user (1.1 ) to group (4.1) via PUT. yes yes 6.2 Remove user (1.1) from group (4.1) via PUT. yes yes 6.3 Add user (1.1) to group (4.1) via PATCH. yes 6.4 Remove user (1.1) from group (4.1) via PATCH. yes User deletion 7.1 Delete user (1.1). yes yes 8.1 Create two users. yes 8.2 Update two users (8.1) via PATCH. yes 8.3 Create two users via PUT, then create group via PUT with users' id attribute. yes 8.4 Remove users (8.3) from group (4.1) via PATCH, then delete two users (8.3). yes ServiceProviderConfig retrieval 9.1 Retrieve service provider config. yes yes Schema retrieval 10.1 Retrieve user and group schemas. yes yes User list User update Group list Group update Bulk operation
  • 9. salesforce(sp)<-­‐>sailpoint   Category Test Number Test Name salesforce sailpoint User creation 1.1 Create five users. yes yes 2.1 List one user (1.1) with attributes parameter via query to resource. yes no 2.2 List one user (1.1) with filter via query to resource endpoint. no 2.3 List users (1.1) with attributes parameter via query to resource endpoint. yes yes 3.1 Update user (1.1) via PUT. no 3.2 Update user (1.1) via PATCH. yes no 3.3 Change password for user (1.1). Verify by authenticating with server natively if possible. no Group creation 4.1 Create two groups. yes 5.1 List one group (4.1) with attributes parameter via query to resource. no 5.2 List one group (4.1) with filter via query to resource endpoint. no 5.3 List groups (4.1) with attributes parameter via query to resource endpoint. list only yes 6.1 Add user (1.1 ) to group (4.1) via PUT. no 6.2 Remove user (1.1) from group (4.1) via PUT. no 6.3 Add user (1.1) to group (4.1) via PATCH. yes(Entitlements) no 6.4 Remove user (1.1) from group (4.1) via PATCH. yes(Entitlements) no User deletion 7.1 Delete user (1.1). yes(Deactivate) yes 8.1 Create two users. no 8.2 Update two users (8.1) via PATCH. no 8.3 Create two users via PUT, then create group via PUT with users' id attribute. no 8.4 Remove users (8.3) from group (4.1) via PATCH, then delete two users (8.3). no ServiceProviderConfig retrieval 9.1 Retrieve service provider config. yes yes Schema retrieval 10.1 Retrieve user and group schemas. user only yes User list User update Group list Group update Bulk operation
  • 10. salesforce(sp)<-­‐>wso2   Category Test Number Test Name salesforce wso2 User creation 1.1 Create five users. yes yes 2.1 List one user (1.1) with attributes parameter via query to resource. yes No 2.2 List one user (1.1) with filter via query to resource endpoint. no yes(for userNa 2.3 List users (1.1) with attributes parameter via query to resource endpoint. yes No 3.1 Update user (1.1) via PUT. no Yes 3.2 Update user (1.1) via PATCH. yes No 3.3 Change password for user (1.1). Verify by authenticating with server natively if possible. no Yes Group creation 4.1 Create two groups. yes Yes 5.1 List one group (4.1) with attributes parameter via query to resource. no No 5.2 List one group (4.1) with filter via query to resource endpoint. no Yes 5.3 List groups (4.1) with attributes parameter via query to resource endpoint. list only No 6.1 Add user (1.1 ) to group (4.1) via PUT. no Yes 6.2 Remove user (1.1) from group (4.1) via PUT. no Yes 6.3 Add user (1.1) to group (4.1) via PATCH. yes(Entitlements) No 6.4 Remove user (1.1) from group (4.1) via PATCH. yes(Entitlements) No User deletion 7.1 Delete user (1.1). yes(Deactivate) Yes 8.1 Create two users. no Yes 8.2 Update two users (8.1) via PATCH. no No 8.3 Create two users via PUT, then create group via PUT with users' id attribute. no No 8.4 Remove users (8.3) from group (4.1) via PATCH, then delete two users (8.3). no No ServiceProviderConfig retrieval 9.1 Retrieve service provider config. yes No Schema retrieval 10.1 Retrieve user and group schemas. user only No Group update Bulk operation User list User update Group list
  • 11. salesforce(sp)<-­‐>pingfederate   Category Test Number Test Name salesforce pingfederate User creation 1.1 Create five users. yes yes 2.1 List one user (1.1) with attributes parameter via query to resource. yes no 2.2 List one user (1.1) with filter via query to resource endpoint. no no 2.3 List users (1.1) with attributes parameter via query to resource endpoint. yes no 3.1 Update user (1.1) via PUT. no yes 3.2 Update user (1.1) via PATCH. yes no 3.3 Change password for user (1.1). Verify by authenticating with server natively if possible. no no Group creation 4.1 Create two groups. yes no 5.1 List one group (4.1) with attributes parameter via query to resource. no no 5.2 List one group (4.1) with filter via query to resource endpoint. no no 5.3 List groups (4.1) with attributes parameter via query to resource endpoint. list only no 6.1 Add user (1.1 ) to group (4.1) via PUT. no no 6.2 Remove user (1.1) from group (4.1) via PUT. no no 6.3 Add user (1.1) to group (4.1) via PATCH. yes(Entitlements) no 6.4 Remove user (1.1) from group (4.1) via PATCH. yes(Entitlements) no User deletion 7.1 Delete user (1.1). yes(Deactivate) yes 8.1 Create two users. no no 8.2 Update two users (8.1) via PATCH. no no 8.3 Create two users via PUT, then create group via PUT with users' id attribute. no no 8.4 Remove users (8.3) from group (4.1) via PATCH, then delete two users (8.3). no no ServiceProviderConfig retrieval 9.1 Retrieve service provider config. yes no Schema retrieval 10.1 Retrieve user and group schemas. user only no User list User update Group list Group update Bulk operation
  • 12. pingfederate(sp)<-­‐>sailpoint   Category Test Number Test Name pi pingfederate sailpoint User creation 1.1 Create five users. yes yes 2.1 List one user (1.1) with attributes parameter via query to resource. yes no 2.2 List one user (1.1) with filter via query to resource endpoint. no 2.3 List users (1.1) with attributes parameter via query to resource endpoint. no 3.1 Update user (1.1) via PUT. yes yes 3.2 Update user (1.1) via PATCH. no 3.3 Change password for user (1.1). Verify by authenticating with server natively if possible.yes yes Group creation 4.1 Create two groups. no 5.1 List one group (4.1) with attributes parameter via query to resource. no 5.2 List one group (4.1) with filter via query to resource endpoint. no 5.3 List groups (4.1) with attributes parameter via query to resource endpoint. no 6.1 Add user (1.1 ) to group (4.1) via PUT. no 6.2 Remove user (1.1) from group (4.1) via PUT. no 6.3 Add user (1.1) to group (4.1) via PATCH. no 6.4 Remove user (1.1) from group (4.1) via PATCH. no User deletion 7.1 Delete user (1.1). yes yes 8.1 Create two users. no 8.2 Update two users (8.1) via PATCH. no 8.3 Create two users via PUT, then create group via PUT with users' id attribute. no 8.4 Remove users (8.3) from group (4.1) via PATCH, then delete two users (8.3). no ServiceProviderConfig retrieval 9.1 Retrieve service provider config. yes yes Schema retrieval 10.1 Retrieve user and group schemas. no User list User update Group list Group update Bulk operation
  • 13. wso2(sp)<-­‐>pingone   Category Test Number Test Name wso2 pingone User creation 1.1 Create five users. yes yes 2.1 List one user (1.1) with attributes parameter via query to resource. No NA 2.2 List one user (1.1) with filter via query to resource endpoint. yes(for userName attribute only) yes 2.3 List users (1.1) with attributes parameter via query to resource endpoint. No NA 3.1 Update user (1.1) via PUT. Yes yes 3.2 Update user (1.1) via PATCH. No NA 3.3 Change password for user (1.1). Verify by authenticating with server natively if possible. Yes yes Group creation 4.1 Create two groups. Yes yes 5.1 List one group (4.1) with attributes parameter via query to resource. No NA 5.2 List one group (4.1) with filter via query to resource endpoint. Yes yes 5.3 List groups (4.1) with attributes parameter via query to resource endpoint. No NA 6.1 Add user (1.1 ) to group (4.1) via PUT. Yes yes 6.2 Remove user (1.1) from group (4.1) via PUT. Yes yes 6.3 Add user (1.1) to group (4.1) via PATCH. No NA 6.4 Remove user (1.1) from group (4.1) via PATCH. No NA User deletion 7.1 Delete user (1.1). Yes yes 8.1 Create two users. Yes yes 8.2 Update two users (8.1) via PATCH. No NA 8.3 Create two users via PUT, then create group via PUT with users' id attribute. No No 8.4 Remove users (8.3) from group (4.1) via PATCH, then delete two users (8.3). No NA ServiceProviderConfig retrieval 9.1 Retrieve service provider config. No NA Schema retrieval 10.1 Retrieve user and group schemas. No NA User list User update Group list Group update Bulk operation
  • 14. Ac1ve  Directory   Oracle  Directory  Server   Monitor  Directory  for  User  Changes   (Create,  Update,  Delete/Disable)   SCIM   SCIM  Consumer   SCIM  Service  Provider   Create,  Update,  Delete  Users   SaaS   Provider   Benefits   •  Synchronize  local  corporate  directory   accounts  with  the  UnboundID  Iden1ty   Data  PlaOorm     Iden-ty  Data  Pla2orm  
  • 15. Ac1ve  Directory   Oracle  Directory  Server   Monitor  Directory  for  User  Changes   (Create,  Update,  Delete/Disable)   SCIM  Consumer   SCIM  Service  Provider   Benefits   •  Synchronize  local  corporate  directory   accounts  with  Salesforce   •  Enable  Single  Sign-­‐On  between   workforce  to  Salesforce   SCIM   Create,  Update,  Disable  Users   SAML  SSO  
  • 16. Active   Directory Hosted On-­‐Premises PingFederate IdentityIQ SCIM Service  Provider SCIM Consumer SCIM Service  Provider (1)  Identity  pull  via  SCIM (2)  Identity  push  via  SCIM (3)  Add/Delete/Modify (5)  SAM L  SSO User (4)  Kerberos  SSO Benefits *  Authoritative  cloud   identity  store *  Workflow,  identity   and  access  governance *  SSO  from  Desktop  to   SaaS Seamless  provisioning
  • 17. CRUD  users  and  access   using  SSO   Authen1cate   RDP   HTTP   SAML   X509   SAML   User  Storages   User  aYributes   User  data   Benefits:   •   Easier  onboarding  of  new  services   •   Iden1ty  life  cycle  management     •   Easier  single  sign  on   •   Control  access  to  local  or  cloud  systems    
  • 18. CRUD  users  and  access   using  SSO   RDP   HTTP   HTTP   Authen1cate   X509   SAML   User  Storages   User  aYributes   User  data   Benefits:   •   Easier  onboarding  of  new  services   •   Iden1ty  life  cycle  management     •   Easier  single  sign  on   •   Control  access  to  local  or  cloud  systems