SCIM on the console

beta icon Beta release 2022-10-04

The System for Cross-domain Identity Management, better known as SCIM, is a specification that is specifically designed to simplify managing user identities in cloud-based settings. The primary purpose of SCIM is to automate (in a secure fashion) exchanging user identities between cloud applications and service providers.

On this page, you’ll learn how to:

Prerequisites

  • You must have the SCIM feature enabled at the organization level.

  • You must have have root access to your organization’s ReachFive Console.

Currently, only ReachFive administrators can configure and set mappings. This could change in the future. Please check this page for further updates.

SCIM workflow

The SCIM workflow with ReachFive goes as follows:

scim workflow

  1. You must first create the SCIM configuration and get your API key in the console.

    See Set up SCIM for more details.
  2. Then, you create the App in your internal user management tool and define provisionning with the API key generated in Step 1.

  3. Next, you should create your groups within your user management tool.

  4. Finally, you’ll need to map those groups to give ReachFive roles.

    See Configure SCIM mappings for more details on mapping in the console. Or for a general overview of mapping, see SCIM.

Set up SCIM

To use SCIM with ReachFive, you must first set it up.

To configure SCIM from the ReachFive Console:

  1. Go to the root level for your organization’s ReachFive account.

  2. Go to SCIM > Configuration.

  3. Click New SCIM configuration or edit icon edit an existing configuration.

  4. In the dialog:

    1. Add a Name for your SCIM configuration.

    2. Select the ReachFive accounts you want to include in the configuration.

    3. Generate the API Key for the configuration by clicking Generate.

      More info

      When you generate the API key, you can click the eye icon to reveal the key. This key is needed for your internal user management tool (such as Azure AD). Be sure to make note of this key when setting up the connection with ReachFive.

      When you go to edit an existing SCIM configuration, you cannot reveal the API key, so it’s important you made note of it when first creating the configuration.
    4. Ensure the Active box is checked.

    5. Don’t forget to Save your input.

scim configuration setup

Next steps

Go to your internal user management tool and ensure the API key generated in in the configuration above is properly brought across so that your user management tool can make calls to the ReachFive SCIM API endpoints.

The steps needed at this point vary as each customer uses a different internal user management tool. If you have any questions, reach out to your ReachFive support contact.

After you complete the step of connecting the ReachFive SCIM API with your internal user management tool, you can move on to mapping your brand employees.

Configure SCIM mappings

User mappings are an integral part of SCIM. With ReachFive’s SCIM offering, you can easily map your brand’s users with roles on the ReachFive Console. This typically means that you can take your user groups, for example admins, developers, read-only users, and so on and forth and map them to ReachFive roles.

To configure your SCIM mappings on the ReachFive Console:

  1. Go to the root level for your organization’s ReachFive account.

  2. Go to SCIM > Mappings.

  3. Click New mapping or edit icon edit an existing mapping.

  4. In the dialog:

    1. Add a Name for your SCIM mapping.

    2. Select an existing SCIM configuration from the dropdown.

    3. Select the groups you want to map from the dropdown.

      These groups are from your internal user management tool and are available because you copied across the API Key generated during your SCIM setup from the console.
    4. Select the ReachFive roles you want to grant the groups.

    5. Select the accounts you want these groups to have access to.

    6. Don’t forget to Save your input.

scim configuration mappings