Overview
This article provides step-by-step instructions for configuring SCIM 2.0 registration to enable outbound provisioning from the Beyond Identity's Secure Work platform. By connecting your organization’s SCIM endpoint, Beyond Identity can automatically provision and manage user identities within your identity management system. This integration is not tailored to specific platforms like Okta, Azure AD, or Ping, but instead uses the standard SCIM 2.0 protocol, allowing it to work with any SCIM-compliant identity provider. It supports automated user lifecycle management and ensures alignment between your directory and Secure Work’s authentication workflows.
Important Note
The current SCIM 2.0 implementation sets a single custom attribute called byndidRegistered in your SCIM-compliant identity provider. This attribute signals whether a user has registered a passkey with Beyond Identity. It is set to true when the number of registered passkeys for a user is greater than zero. This lightweight setup allows downstream identity providers to identify users who are ready to authenticate with Secure Work. This is not a full SCIM implementation and does not include broader user provisioning or lifecycle management.
What You'll Learn
The article will walk you through the process of adding SCIM 2.0 settings in the Secure Work admin console to complete the integration.
Configuring Generic SCIM 2.0 Registration
Steps
1. Log in to your Secure Work tenant.
2. Click Integrations from the left-hand navigation menu.
3. Select the Outbound provisioning tab.
4. Click the Install this service icon for the SCIM 2.0 Registration configuration.
5. Enter the URL of your SCIM server. These URLs usually end (but not always) with /scim or /scim/v2.
6. Select your preferred Authentication Type from the drop-down menu:
Basic – Uses a SCIM server account’s username and password. Note: For security reasons, we recommend avoiding Basic authentication unless absolutely necessary.
Client Credentials – Uses a client ID and client secret generated by your SCIM server. This method is more secure than Basic and is commonly used in OAuth 2.0-based integrations.
Bearer Token – Uses a bearer token generated in your SCIM server. This method offers strong security and is often preferred for integrations that require minimal credential exposure.
7. For this walk-through, we select Bearer Token and enter the token in the corresponding field.
8. For the SCIM Attribute enter, byndidRegistered.
9. The Extension Namespace identifies the schema used for custom SCIM attributes, allowing your SCIM server to recognize that it's receiving data from Beyond Identity. The Extension Namespace that you should use is:
urn:scim:schemas:extension:custom:1.0:beyondIdentityAuthenticated
10. After pasting the Extension Namespace, an ID field will appear displaying the associated identifier. You will also see an Uninstall Configuration option at the bottom of the dialog box, which you can use if you wish to cancel and remove the current setup.
11. Ensure that the Set as active SCIM configuration box is checked, then click Save Changes.
That's it! You've successfully configured your organization's SCIM server to work with Beyond Identity.
Comments
0 comments
Article is closed for comments.