SCIM Management

SCIM is a standard for cross-domain identity management and an important part of identification management in cloud environments. Alfabet 11.9 supports SCIM management with Okta® or AzureAD® as identity provider.

SCIM integration will push user data from the identity provider to the Alfabet database, updating the user information regularly in configurable intervals. SCIM should be implemented in combination with SSO for user authentication in Alfabet to ensure that user login is always in accordance with company policies.

Update of user data in the Alfabet database includes:

• When data is changed at the identity provider, the mapped user data in the Alfabet database is automatically updated. Mapping of user data is configurable.
• New users at the identity provider are added as anonymous users to the Alfabet database. Access as Named User needs to be granted in Alfabet by a user administrator.
• If users are disabled at the identity provider, they will be marked with a flag Deletion Requested in the Alfabet database. User administrators can then establish a process to remove the user from the Alfabet database. Assignments of tasks and access permissions to objects may need to be moved to other users prior to removing the user. The user can either be deleted or anonymized and kept for ensuring consistency in the history data.

  Users are disabled in Azure if their Account Status is set to disabled.

• Identification of users depends on the User Principal Name in Azure. If the User Principal Name is changed, the existing user is marked with a flag Deletion Requested in the Alfabet database and a new user is created as anonymous user.
• The user profile assignment to users in Alfabet is updated based on identity provider group affiliation.

Data transfer and administration are handled via a web based SCIM application.