System for Cross-domain Identity Management (SCIM) is an open standard protocol that automates the exchange of user identity information between Fullcast and your SAML Identity Provider (IdP). Configure SCIM mappings in Fullcast to synchronize with your IdP.
Key features
Automated provisioning: Allows for the automated creation and modification of user accounts and group memberships.
Reduced errors: Minimizes manual errors and inconsistencies in user management.
Improved security: Ensures that user accounts are properly deprovisioned when they are no longer needed, reducing the risk of unauthorized access and data breaches.
Before you begin
Configure SSO with Fullcast: You must have SSO configured with your IdP.
Login to your IdP: You must be logged in so you can update the settings for SCIM with Fullcast.
Tip
Log in to your IdP in a separate tab or window so you can complete the configuration with Fullcast simultaneously.
Configure SCIM with SSO
Configure SSO with Fullcast.
From your IdP, enable SCIM.
Under the SCIM Configuration section, click Configure SCIM.
.png)
Copy the SCIM URL and paste it in the appropriate field in your IdP.
.png)
Click Create Token.
On the Token Created! window, click Copy to copy the generated bearer token and paste in the appropriate field in your IdP.
Tip
Once the Token Created! window is closed, you cannot access the token again. Save the token on your local device as a back up in case you need to access it again for any reason.
.png)
Click Close.
In the User ID attribute field, add the SCIM attribute path for the unique user identifier from your IdP.
Note
If you add the incorrect path, you can click Restore Default to reset the field.
.png)
Add and updated path mappings for optional attributes, if needed.
Click Save Settings.
Update path mappings to required attributes
For each Fullcast attribute you need to add the SCIM path which filters the required information from the SCIM response to synchronize the fields between Fullcast and your IdP.
Note
These attribute paths are required for Fullcast to synchronize with your IdP and cannot be changed.
In the Identity Provider (IdP) column, click the example paths and replace with the paths from your IdP, if different.
.png)
Description of required attribute mappings
Refer to the following table for a description of the required attributes and mappings:
Fullcast attribute name | Mapping description | Mapping example |
|---|---|---|
username | A unique identifier chosen by the user to log in to a system or application. | userName |
The user's electronic mail address, typically used for communication and account recovery. | emails[primary eq true].value | |
given_name | The user's first name or forename. | name.givenName |
family_name | The user's last name or surname. | name.familyName |
Add optional attribute mappings
You can add additional attribute mappings to include with the SCIM.
Click Add Row.
In the Fullcast column, click the new attribute and select the attribute you want to add from the dropdown.
.png)
In the Identity Provider (IdP) column, click on the example path and replace with the path from your IdP.
.png)
Description of optional attribute mappings
Refer to the following table for a description of available attributes:
Attribute name | Mapping description | Mapping example |
|---|---|---|
app_metadata.external_id | A unique identifier for the user within an external system or application. | externalId |
blocked | A boolean (true/false) indicating whether the user's access or account is currently blocked. | active |
nickname | An informal or alternative name used by the user. | nickName |
name | The full name of the user. | displayName |
picture | A URL or link to the user's profile picture or avatar. | photos[type eq "photo"].value |
app_metadata.work_phone_number | The user's workplace phone number. | phoneNumbers[type eq "work"].value |
app_metadata.home_phone_number | The user's personal or residential phone number. | phoneNumbers[type eq "home"].value |
app_metadata.mobile_phone_number | The user's cellular phone number. | phoneNumbers[type eq "mobile"].value |
app_metadata.street_address | The street component of the user's physical address. | addresses[type eq "work"].streetAddress |
app_metadata.city | The city component of the user's physical address. | addresses[type eq "work"].locality |
app_metadata.state | The state or province component of the user's physical address. | addresses[type eq "work"].region |
app_metadata.postal_code | The zip code or postal code component of the user's physical address. | addresses[type eq "work"].postalCode |
app_metadata.postal_address | A more complete or formatted version of the user's postal address. | addresses[type eq "work"].formatted |
app_metadata.country | The country component of the user's physical address. | addresses[type eq "work"].country |
app_metadata.profile_url | A URL or link to the user's public profile on a website or platform. | profileUrl |
app_metadata.user_type | A categorization of the user (such as employee, customer, or administrator). | userType |
app_metadata.title | The user's professional job title. | title |
app_metadata.language | The user's preferred language. | preferredLanguage |
app_metadata.locale | A specific geographical or cultural region associated with the user, often including language and regional preferences. | locale |
app_metadata.timezone | The time zone in which the user is located. | timezone |
app_metadata.entitlements | Specific permissions, licenses, or access rights granted to the user. | entitlements |
app_metadata.roles | Defined sets of permissions or responsibilities assigned to the user within a system. | roles |
app_metadata.employee_id | A unique identification number assigned to the user by their employer. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.employeeNumber |
app_metadata.cost_center | A specific department or unit within an organization to which the user's costs are attributed. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.costCenter |
app_metadata.organization | The name of the company or organization the user belongs to. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization |
app_metadata.division | A larger organizational unit within a company. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.division |
app_metadata.department | A specific functional team or group within an organization. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.department |
app_metadata.manager | The identifier (likely an ID or username) of the user's direct supervisor or manager. | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager |
Remove optional attributes
Click Delete to remove optional attributes from the SCIM configuration.
.png)
Delete SCIM Configuration
If you delete the SCIM configuration it will permanently remove all SCIM paths and settings.
Click Delete Configuration.
In the Delete SCIM Configuration confirmation window, click Delete.
Click Save Settings.