Workspace ONE UEM SCIM Adapter
Workspace ONE UEM SCIM Adapter provides SCIM user/group management capabilities to Workspace ONE UEM. The middleware translates the System for Cross-Domain Identity Management, SCIM, to a CRUD REST framework that Workspace ONE UEM can interpret. This capability allows Workspace ONE UEM to synchronize cloud-based identity resources (users/groups/entitlements) without the need for an LDAP endpoint (service to service model). Examples include Azure AD, Okta, and Sailpoint.
1. Node.js v7.6+ persistent runtime environment
2. Reverse proxy with SSL certificate (i.e. Apache, NGINX, HAproxy, etc)
* The service does not accept SSL certificates and must be secured thru an SSL reverse proxy
* Consider 60 minute timeouts depending on directory size
3. Connectivity from directory source (Okta, Azure AD, etc) to service over HTTPS 443
4. Workspace ONE UEM API information:
* Base API URL
* Customer OG tenant code (REST API key)
5. Workspace ONE UEM 1810 or higher
6. Resource object source anchors:
* User -> ExternalId = ImmutableId (objectGUID or Ms-Ds-Consistency-Guid)
* Group -> ExternalId = displayName
7. Workspace ONE UEM Directory Services ->
* 'Directory Type' must be set to 'None' at a minimum
* 'Enable SAML Authentication For' set to 'Enrollment' at a minimum
20.08 Release Notes & Update:
**Please Note:** If you have already setup WS1 SCIM Adapter, it is possible that moving to 20.08 will create new accounts. Please consider resetting Directory Services configuation for the OG you are connecting to.
- Deployments now exclusively supported on Docker. See install instructions for more details on how to orchestrate the deployment using the included Helm chart.
- createGroup returns unexpected error due to missing payload return
- Bitnami deployment script introduced in 20.03 has been deprecated. Although it is still possible to deploy on Appliance form-factors, future development will be exclusively supported on Docker.
20.03 Release Notes:
Please Note: If you have already setup WS1 SCIM Adapter, it is possible that moving to 20.03 will create new accounts. Please consider resetting Directory Services configuation for the OG you are connecting to.
- Windows 10 OOBE Enrollment now supported
- Bitnami Node.js 12.16.1-0 now supported with embedded install
- Various Enterprise and Custom SCIM Schema attributes now supported (see below table)
- Resources with special characters in immutableId do not update