Sign Up for the Quarterly Newsletter

Workspace ONE UEM SCIM Adapter

Workspace ONE UEM SCIM Adapter provides SCIM user/group management capabilities to Workspace ONE UEM. The middleware translates the System for Cross-Domain Identity Management, SCIM, to a CRUD REST framework that Workspace ONE UEM can interpret. This capability allows Workspace ONE UEM to synchronize cloud-based identity resources (users/groups/entitlements) without the need for an LDAP endpoint (service to service model). Examples include Azure AD, Okta, and Sailpoint.

1. Node.js v7.6+ persistent runtime environment
2. Reverse proxy with SSL certificate (i.e. Apache, NGINX, HAproxy, etc)
  * The service does not accept SSL certificates and must be secured thru an SSL reverse proxy
  * Consider 60 minute timeouts depending on directory size
3. Connectivity from directory source (Okta, Azure AD, etc) to service over HTTPS 443
4. Workspace ONE UEM API information:
  * Base API URL
  * Customer OG tenant code (REST API key)
5. Workspace ONE UEM 1810 or higher
6. Resource object source anchors:
  * User -> ExternalId = ImmutableId (objectGUID or Ms-Ds-Consistency-Guid)
  * Group -> ExternalId = displayName
7. Workspace ONE UEM Directory Services ->
  * 'Directory Type' must be set to 'None' at a minimum
  * 'Enable SAML Authentication For' set to 'Enrollment' at a minimum

Please see the ws1_uem_scim_adapter_notes.pdf.

20.03 Release Notes:
Please Note: If you have already setup WS1 SCIM Adapter, it is possible that moving to 20.03 will create new accounts. Please consider resetting Directory Services configuation for the OG you are connecting to.

New Features:

  • Windows 10 OOBE Enrollment now supported
  • Bitnami Node.js 12.16.1-0 now supported with embedded install
  • Various Enterprise and Custom SCIM Schema attributes now supported (see below table)

Bugs Fixed:

  • Resources with special characters in immutableId do not update