The SCIM account and permission collectors use unique authentication methods. In addition to specifying the authentication method, you might need to change attribute mapping when configuring the template. SCIM supports singular attributes, complex singular atttibutes, complex multi-valued attributes, and extensions. However, if your application supports any other attributes or extensions different from those mentioned in the SCIM protocol, you can change the attribute mapping in the template by using delimiters. You can use ‘:’ (colon) for attributes, for example, emails:work:value, and ‘+’ (plus) for extensions, for example, urn:ietf:params:scim:schemas:extension:enterprise:2.0:User+department.
To successfully map SCIM accounts and permissions to identities, you must use email as the mapping attribute during identity, accounts, and permissions collection. SCIM collects records in batches of up to 999 records, and the default batch collection session timeout value is set to 60 seconds.
By default, the generic SCIM permission collector collects groups as permission for the resource type. However, you can configure the collector to collect other permissions by setting the Resource Type and mapping the attributes of that resource type. For example, if you want to add printers as permission you can give the endpoint of that resource type and map the required attributes to perform the collection.