Configure the SCIM application

All settings relevant for access to the identity provider, the Alfabet the Alfabet RESTful services and the Alfabet SCIM application are managed in the settings of the file alfasettings.json in the SCIM/Config folder of the Alfabet installation directory. Open the file with a text editor and set the fields of the JSON file. The file already contains an example configuration which you can alter. Sections not mentioned in the following shall not be altered.

Configure access to the Alfabet RESTful services under AlfabetSyncConfiguration:

You have created a system user for the Alfabet RESTful services

scheduledExecution: Enter EachHour , EachHalfHour , EachQuarterHour , or EachFiveMinutes to define the interval between data synchronizations. Select a longer interval for synchronization of data for a high number of users.
scheduledExecutionEnabled: Select true to activate pushing of data to the Alfabet RESTful services, or false if data should not be pushed.
If you want to temporarily deactivate data synchronization, you do not need to re-set this parameter in the alfasettings.json file. You can use the mechanism for pausing data synchronization on the user interface of the Alfabet SCIM application instead.
alfabetApiBaseEndpoint: Enter the URL of the Alfabet API server followed by /api/.
alfabetApiScimEndpoint: Enter scim/.
alfabetScimUser: Enter the API User Name of the system user for access to the Alfabet API server.
alfabetScimUserToken: Enter the API User Password of the system user for access to the Alfabet API server.
alfabetVersion: Enter 10 . This is independent from the Alfabet release version you are using.

Configure database access for the Alfabet SCIM Application under DatabaseConfiguration:

You have created a SCIM application database with a login user on SQL Server or decided to use SQLite. Only use SQLite for testing and not in production environments.

For security reasons, you should have created environment variables for the database login.

DatabaseType: Enter MsSQL to use a database implemented on Microsoft SQL server or SQLite to use SQLite. If you selected SQLite, you can leave the data in the SQLite field as is. If you use Microsoft SQL server, you need to set the following fields in the MSSQL field:
DatabaseHost: Enter the database server name.
DatabaseName: Enter the database name.
UseIntegratedAuth: Set to false to log in to tehhe database with the user name and password defined in the UserName and Password fields. Set to true to log in with the system user used to started the SCIM application process. Access on the database on the database server must then be configured to allow access for the operating system user used to start the process. This database configuration is not part of this documentation. For the described configuration the field must be set to false.
UserName: Enter the database login user name or the environment variable containing the database login name as Env: followed by the variable name.
Password: Enter the database login user password or the environment variable containing the database login name as Env: followed by the variable name.

Configure access to the Alfabet SCIM application under AlfabetConfiguration:

EnableHttpLogging: Enter false . Only if issues occur can this parameter be set to true to generate extensive log files for debugging. Extensive logging can cause performance issues.
Alfabet/AlfabetUrl: Enter the URL of the Alfabet SCIM application. When the Alfabet SCIM application is started from the SCIM directory of the Alfabet installation directory, the URL is https://localhost:7160/.
Alfabet/AlfabetApiUrl: Enter https.
AuthenticationEnabled: Enter OAuth.
ResetAdminUser: Enter false . This setting shall only be set to true if the admin user specified with the two parameters below shall be changed. The user name and password is only read from the configuration file once for the first login of the user. It is then stored in the Alfabet SCIM application and shall be deleted from the configuration file for security reasons. If the administrator changes or the current administrator forgets the password, you can set this parameter to true and redefine user name and password to overwrite the user information stored in the Alfabet SCIM application.
AdminUserEmail: Enter the email address of the administrator that shall log in to the Alfabet SCIM application.
AdminCredentials: Enter a password for the administrator that shall log in to the Alfabet SCIM application.

Configure access to the identity provider under Token:

You have registered the Alfabet SCIM application access with oauth authentication at the identity provider.

Enabled: Enter Azure to use Azure® as identity provider or Okta to use Okta®.
TokenLifetimeInMins: Enter the oauth token lifetime in minutes.
Azure/TokenIssuer: Only for Azure as identity provider: Enter the URL of the URL of the Alfabet SCIM application.
Azure/TokenAudience: Only for Azure as identity provider: Enter a GUID that will be used for encryption. You can use any GUID generator tool to generate the GUID
OAuth/TokenIssuer: Enter the URL of the URL of the Alfabet SCIM application.
OAuth/ProviderAppName: Enter the app name at the identity provider.
OAuth/IssuerSigningKey: Enter the issuer signing key used by the identity provider.
OAuth/ClientId: Enter the client ID for access to the identity provider.
OAuth/ClientSecret: Enter the client secret for access to the identity provider.