This chapter focuses on specific configuration-related information regarding the SCIM Streaming Collector.
Multiple identity providers, such as Azure and OKTA , recommend or require integrators to support SCIM push capabilities to get identity information from them. Other identity providers, such as OpenText Directory Services, have the ability to push SCIM data to a consumer.
OpenText Identity Governance provides a way for an administrator to create, modify, and delete streaming identity sources. Streaming identity sources are non-mergeable identity sources that receive identities and groups through SCIM push requests. Each streaming identity source needs a unique ID and is associated with a service account. The unique ID allows the application to route incoming SCIM requests to the appropriate data source. When enabled, the Advanced Entity Viewer displays the synchronized users and groups on the data source page. Authorized administrators can also view users and groups from the streaming source in the identity catalog. Administrators can configure the Catalog settings to display the Streaming Identity Source column.
OpenText Identity Governance provides the ability to receive identity and group information from identity providers through the SCIM protocol specified in RFC 7643 and RFC 7644. Not all of the features of the RFCs are supported - only those listed below that are necessary to interact with the primary SCIM providers, such as OKTA, Azure, Microsoft Entra ID, OpenText Directory Services, and OpenText Core Identity Lifecycle Manager. OpenText Identity Governance supports:
Defining streaming identity sources to handle incoming SCIM requests using the SCIM Streaming collector template
Processing of incoming SCIM requests including:
Creation of Users and Groups using POST (RFC 7644, section 3.3)
Modificationn of Users and Groups using PUT (RFC 7644, section 3.5.1) and PATCH (RFC 7644, section 3.5.2).
Deletion of Users and Groups using DELETE (RFC 7644, section 3.6)
Retrieval of individual Users and Groups using GET (RFC 7644, section 3.4.1).
Query for Users and Groups using GET (RFC 7644, section 3.4.2) or POST (RFC 7644, section 3.4.3)
Bulk update requests using POST (RFC 7644, section 3.7)
Service provider requests using GET (RFC 7644, section 4)
Mapping of attributes from the following three primary SCIM schemas:
urn:ietf:params:scim:schemas:core:2.0:User. This is the core SCIM User schema (RFC 7643, section 4.1)
urn:ietf:params:scim:schemas:core:2.0:Group. This is the core SCIM Group schema (RFC 7643, section 4.2).
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User. This is the enterprise User schema extension (RFC 7643, section 4.3).
Not all attributes from these schemas are mapped by default. If you want to map additional attributes, it may be necessary to create extended OpenText Identity Governance attributes and map the additional SCIM attributes to those extended attributes. Mapping of attributes from custom SCIM schemas would likely require the same process.
Automatic detection of SCIM events
For more information about enabling streaming identity sources, see the following topics: