SCIM provisioning is available for identity management in Elements. This integration may be requested on the Marketplace page.
Integrations require a license and may affect the system operating costs. Contact your VAR for more information.
Integration with an identity provider system requires
- The SCIM URL to be set to https://api.elementssecure.com/scim/v2/ and
- A key, which is a unique identifier that allows other systems to connect to Elements
Generate the SCIM Integration Key
- On the Marketplace page, under SCIM Provisioning, select Manage.
- Select Generate Keys. API keys are generated and may be copied to the clipboard to be pasted when configuring the system.
- API keys may be regenerated by selecting Regenerate on the Manage details screen. Doing so causes the previous key to no longer be usable. The new key must be used for integration with the system.
Interactions Between the Identity Provider and Elements
- When a person is added in the identity provider system, they must be assigned to the application to use Elements. When assigned or synchronized, their email address/username is evaluated. If the email address/username exists, their record is updated and converted to be an externally managed user. If the email address/username does not exist, a new externally managed user is added.
- If multiple users have same email address or username, the provision or synchronization will not occur. The resulting error can be viewed in the identity provider system.
- People provisioned through SCIM have a username and can be searched for within Elements.
- In the identity provider system, if a person is removed or unassigned from the application, their status is changed to inactive in Elements and will be active once they are added again.
- People groups pushed from the identity provider are added as externally managed people groups.
- When a group containing members is provisioned, those members are automatically assigned to the application and will appear in Elements.
Delete the SCIM Key
Deleting the key disconnects external systems from the Elements security system.
If you convert externally managed people to locally managed after deleting a key, and then integrate this security system with that same external system again, this may cause the addition of duplicate people.
- Under SCIM Provisioning, select Manage.
- On the key detail screen, select .
Select Delete. The number of externally managed people or groups that will be disassociated from the external system is displayed.
- Select one of the delete options:
- Remove Key and Convert People - After the system is disconnected, the externally managed people and groups will be converted to locally managed (editable).
- Remove Key Only - The system is disconnected but the externally managed people and groups remain in Elements and cannot be edited.
- Otherwise, to keep the key, select Cancel.