SCIM - Cross Domain Identity Management
SCIM is a System for Cross Domain Identity Management allowing external user management systems to publish user information into i-net Clear Reports. This is especially useful for importing user data from Microsoft Entra ID to create users beforehand and then allow them to log in using Azure OAuth. SCIM is defined in RFC 7643 and 7644.
The access to SCIM as a client is integrated into i-net Clear Reports using the Web API. For restrictions against the RFC, please check the Web API Notes and Limitation section.
SCIM Access
Service providers allowing to synchronize their user database using SCIM, such as MS Entra ID, can access the i-net Clear Reports SCIM client using a publicly available URL https://<server>/api/scim/v2
. Please note that your server has to be publicly available by any means, so external providers can access i-net Clear Reports.
Of course, since the Web API is widely available, you may also use the endpoint to fetch user and group information in custom implementations.
Authentication
Since the SCIM implementation is available using the Web API, service providers can authenticate using the standard login mechanisms of i-net Clear Reports. However, it is suggested to use the Token Authentication plugin together with a Bearer token.
It is advised to use a dedicated user for SCIM synchronization.
-
Go into the Users and Groups application.
-
Click
Create New → User
from the top navigation. -
Add a username in the tab General.
-
In the tab Permissions, check the following boxes:
-
Manage Users and Groups
-
Web API Access
-
Token Authentication
-
Click save, so the Dialog updates.
-
-
In the tab Authentication Token, add a Bearer Token
-
Check the box SCIM
-
-
Save the User