Sign up for the quarterly Flings Newsletter here!

Workspace ONE UEM SCIM Adapter

Workspace ONE UEM SCIM Adapter provides SCIM user/group management capabilities to Workspace ONE UEM. The middleware translates the System for Cross-Domain Identity Management, SCIM, to a CRUD REST framework that Workspace ONE UEM can interpret. This capability allows Workspace ONE UEM to synchronize cloud-based identity resources (users/groups/entitlements) without the need for an LDAP endpoint (service to service model). Examples include Azure AD, Okta, and Sailpoint.

1. Node.js v7.6+ persistent runtime environment
2. Reverse proxy with SSL certificate (i.e. Apache, NGINX, HAproxy, etc)
  * The service does not accept SSL certificates and must be secured thru an SSL reverse proxy
  * Consider 60 minute timeouts depending on directory size
3. Connectivity from directory source (Okta, Azure AD, etc) to service over HTTPS 443
4. Workspace ONE UEM API information:
  * Base API URL
  * Customer OG tenant code (REST API key)
5. Workspace ONE UEM 1810 or higher
6. Resource object source anchors:
  * User -> ExternalId = ImmutableId (objectGUID or Ms-Ds-Consistency-Guid)
  * Group -> ExternalId = displayName
7. Workspace ONE UEM Directory Services ->
  * 'Directory Type' must be set to 'None' at a minimum
  * 'Enable SAML Authentication For' set to 'Enrollment' at a minimum

Please see the ws1_uem_scim_adapter_notes.pdf.
Report a Bug