Skip to main content

SCIM Configuration

Beta Feature

SCIM (System for Cross-domain Identity Management) is in beta for select customers and prospects. Please contact your Customer Success Manager or support@datagrail.io for more information.

SCIM, the System for Cross-domain Identity Management, is an open protocol that automates management of user information between identity providers (IdPs, e.g. Okta, Auth0, Microsoft Entra) and service providers (SPs, e.g. DataGrail). It can be used to control access to the DataGrail application and automate the creation, update, and offboarding of users.

Note: DataGrail only supports connections with SCIM v2.0.

Allocating Keys

Setting up SCIM requires an API key. Instructions on SCIM key creation are below.

Overview on API keys: V2 Authentication Documentation.

  1. In the DataGrail sidebar, select Settings and then API Keys.

    API Keys Main Screen

  2. Select Create API Key. Name the key, and select all SCIM permissions.

    API Keys Create

  3. Select Create API Key. Make sure to copy the key before closing the modal; the key is not recoverable after the dialog closes.

    API Key Fetch

Standard Configuration For Okta

This section documents the standard configuration for Okta to manage the DataGrail app using SCIM. This section assumes that you've already configured a DataGrail Application with SAML authentication.

  1. Sign in to Okta as an admin.

  2. In the left-hand menu, select Applications and then Applications.

  3. Select your DataGrail Application from the dropdown.

  4. The application should have Provisioning set to SCIM. SCIM General in Okta

  5. Once that is saved, open the Provisioning tab and update the configuration to the following, where customer_name is the string that precedes .datagrail.io in your DataGrail login URL (e.g. acme for acme.datagrail.io).

    FieldValue
    SCIM connector base URLhttps://customer_name.datagrail.io/scim/v2/
    Unique identifier field for usersemail
    Import New Users and Profile UpdatesChecked
    Push New UsersChecked
    Push Profile UpdatesChecked
  6. Select Test Connector Configuration.

    SCIM Test Results

  7. Select Save. This should bring you back to the Provisioning to App screen. Select Edit. Ensure that Create Users, Update User Attributes and Deactivate Users are all enabled, and save.

info

While this offers a basic setup of SCIM Provisioning, management is very flexible and your particular workflow will be dependent on organizational goals.

 

Need help?
If you have any questions, please reach out to your dedicated CSM or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.