Using SCIM to Enable Cloud Identity Cloud Identity Summit, La Jolla

June 9, 2015

Provisioning IDaaS

Speakers Vikas Jain Product Management Director, Salesforce

@vikasjaintweet

Pat Patterson Developer Evangelist Architect, Salesforce @metadaddy

Edward Sutter Director, Product Development Ping Identity

Agenda

1.  What is User Provisioning? 2.  Benefits

3.  Standards

4.  Demo

User Provisioning – Managing the User Lifecycle

Create, Update, Delete

Users

User Provisioning – Managing the User Lifecycle

Create, Update, Delete

Users

Benefits

Benefits for Employee Use Cases

Security

Audit & Compliance

IT Productivity

User Termination

Who has access to what?

Automated account creation & update

Benefits for Customer and Partner Use Cases

User Onboarding

Keep User Info in Sync

Self Service

Provision user into multiple web properties

Update email change across all apps

Access request with Approvals

Standards

§  Simple Cloud Identity Management §  http://www.simplecloud.info/§  SCIM 1.0 released in 2011

§  SCIM 1.1 released in 2012

§  IETF working on SCIM 2.0

§  System for Cross-domain Identity Management

SCIM Use Cases

§  Provision and de-provision user accounts §  Update attributes on user accounts

§  Synchronize accounts across services

§  Manage group membership

SCIM Basics

§  Application-level, REST protocol §  OAuth recommended for authentication/authorization

§  Create, modify, retrieve, discover users and groups

§  Common user schema

§  Extensible

SCIM Schema

§  Core schema –  name, userName, emails etc

§  Enterprise extension –  employeeNumber, department, manager etc

§  Custom extensions –  e.g. urn:salesforce:schemas:extension:18CHARORGID

–  Custom fields

SCIM Request – Retrieve a User

GET /services/scim/v1/Users/005E0000000HimUIAS HTTP/1.1Host: na1.salesforce.comAuthorization: Bearer ACCESS_TOKEN

SCIM Response - Core { "displayName": "Adam Seligman", "userName": "adam@devorg.com", "id": "005E0000000HimUIAS", "emails": [ { "primary": true, "type": "work", "value": "ppatterson@salesforce.com" } ], ...

SCIM Response - Enterprise

... "urn:scim:schemas:extension:enterprise:1.0": { "employeeNumber": "156189", "manager": { "displayName": "Pat Patterson", "managerId": "005E0000000HiFiIAK" }, "organization": "00DE0000000HegHMAS" }, ...

SCIM Response - Custom

... "urn:salesforce:schemas:extension:00DE0000000HegHMAS": { "Favorite_Color__c": "Green" }, ...

SCIM Implementations

Demo

Use Case

§  We’ll hire a new employee – Vikas Jain –  Create Salesforce account

§  Vikas gets a promotion, with more responsibility –  Allow access to ERP system

§  After a long and successful career, Vikas retires –  Deactivate all accounts

Q & A Vikas Jain Product Management Director, Salesforce

@vikasjaintweet

Pat Patterson Developer Evangelist Architect, Salesforce @metadaddy

Edward Sutter Director, Product Development Ping Identity

Thank You