Connect to our QR Code Platform with SCIM (System for Cross-domain Identity Management)

book reader icon
3 Minutes
facebook logo gray
linkedin logo gray
mail logo gray
Connect to our QR Code Platform with SCIM (System for Cross-domain Identity Management)

This article will guide you how to connect your Identity Provider (IDP) to our
platform using SCIM (System for Cross-domain Identity Management). This feature is only available for enterprise
customers.

This article is covering the SSO SCIM integration with our platform based on an example with Okta.

This post contains technical details for IAM Admins or your IT department managing the IDP. Please get in touch with an IT expert on your end to help you setting up the SSO connection.

What is SCIM?

SCIM, or System for Cross-domain Identity Management, is an open standard protocol designed to simplify the management of user identities across different systems and platforms. It provides a standardized way to automate the exchange of user identity information between identity providers (IDPs) and service providers (SPs).

How the Integration works

In this SSO setup your company acts as a Identity Provider (IDP) that provides user data to us in realtime via the SCIM 2 protocol. Our White Label Platform acts as a Service Provider (SP) and provides a SCIM Server which  receives user data updates from your system which acts as a SCIM Client.

Simplified SCIM Integration overview with IDP like Okta/Active Directory/Entra ID
Simplified SCIM Integration overview with IDP like Okta/Active Directory/Entra ID

How to connect to our QR Code Platform using SCIM

1. Prerequisites

Before being able to set up SCIM please make sure that you successfully finished the Setup of SSO (Single Sign-On)

2. Contact us: To optimize your onboarding experience

Once you've successfully connected through SSO to our platform we will guide you through the steps necessary on how to enable SCIM in your account. Just contact us.

3. Configure your IDP to act as a SCIM Client

After you contacted us and we activated your SCIM access you have to configure your IDP to behave as a SCIM Client.

This is different for every IDP. Please follow the documentation of your IDP on how to set it up as a SCIM Client. In the following lines we will take a look at Okta as an example IDP.

Once we activated the SCIM functionality for your account you will see your SCIM Secret Key right above the Connect button. Remember this code as you will need it later in your SCIM Client to be entered.

You will see your SCIM Secret Key right above the Connect button
You will see your SCIM Secret Key right above the Connect button

Example Okta as IDP and SCIM Client

First of all we assume that you already set up the SSO connection to our Whitelabel Platform (see Prerequisites).

  1. Navigate into your created Application in Okta: Applications > Applications
  2. Open the tab General
  3. In the section App Settings click on Edit in the top right corner
  4. Check Enable SCIM provisioning
  5. Click on Save
Enable SCIM provisioning in the General App Settings
Enable SCIM provisioning in the General App Settings

Now a Provisioning tab shows up. Click on it.

Now you have to configure the SCIM connection settings:

  1. Navigate to the Provisioning tab.
  2. Under Settings > Integration, click Edit.
  3. Enter the details that you received from us in this form
  4. Choose OAuth2 as the Authentication Mode and enter the Endpoint URLs as well as Client ID and Client Secret that you received from us
  5. Click on Save
Enter the SCIM connection settings
Enter the SCIM connection settings

A new button Authenticate with QR Code Platform appears right below the form. Click on it.

Click on button Authenticate with QR Code Platform
Click on button Authenticate with QR Code Platform

Now we have to set the setting on updating changes in your IDP Okta to be synchronized to our Whitelabel Platform.

  1. Click on Settings > To App and click on the button Edit
  2. Select Update User Attributes and Deactivate User, so that changes on a user get synchronized to our Whitelabel Platform
  3. Click on Save

Enable To-App Settings
Enable To-App Settings

4. Get realtime updates for your user data

After you activated SCIM in your account user updates in your IDP like Okta, Active Directory/Entra ID or Keycloak will be pushed in realtime to our Service Provider (SP).

If you deactivate or delete a user in your IDP the user will be deactivated on our portal as well. All active sessions of the user will be pruned so he has no access to the platform immediately.

Last update 1 week ago