Directory Sync
Directory Sync, also known as User and Group Provisioning, automates the synchronization of users and groups between your identity provider (IDP) and the Qualytics platform. This ensures that your user data is consistent across all systems, improving security and reducing the need for manual updates.
Directory Sync Overview
Directory Sync automates the management of users and groups by synchronizing information between an identity provider (IDP) and your application. This ensures that access permissions, user attributes, and group memberships are consistently managed across platforms, eliminating the need for manual updates.
How Directory Sync Works with SCIM
SCIM is an open standard protocol designed to simplify the exchange of user identity information. When integrated with Directory Sync, SCIM automates the creation, updating, and de-provisioning of users and groups. SCIM communicates securely between the IDP and your platform's API using OAuth tokens to ensure only authorized actions are performed.
General Setup Requirements
To set up Directory Sync, the following are required:
- Administrative access to both the identity provider and Qualytics platform
- A SCIM-enabled identity provider or custom integration
- The OAuth client set up in your IDP
- SCIM URL and OAuth Bearer Token generated from the Qualytics platform
Getting Started
Prerequisites for Setting Up Directory Sync
Before setting up Directory Sync, ensure you have the following:
- A SCIM-supported identity provider
- Administrative privileges for both your IDP and Qualytics
- A SCIM URL and OAuth Bearer Token, which will be generated from your Qualytics instance
Quick Start Guide
- Set up an OAuth client in your IDP.
- Configure the SCIM endpoints with the SCIM URL and OAuth Bearer Token.
- Assign users and groups to provision in the IDP.
- Monitor the synchronization to ensure proper operation.
What is SCIM?
SCIM is a standardized protocol used to automate the exchange of user identity information between IDPs and service providers. Its goal is to simplify the process of user provisioning and management.
SCIM improves efficiency by automating user lifecycle management (creation, updating, and de-provisioning) and ensures that data remains consistent across platforms. It also enhances security by minimizing manual errors and ensuring proper access control.
SCIM includes endpoints that are configured within your IDP and your platform. It uses OAuth tokens for secure communication between the IDP and the Qualytics API, ensuring that only authorized users can manage identity data.
Benefits of Using SCIM for User and Group Provisioning
By leveraging SCIM (System for Cross-domain Identity Management), Directory Sync simplifies user management with:
- Automated Provisioning — Automatically create and de-provision users across platforms, eliminating manual account setup and removal.
- Improved Security — Reduce manual intervention and minimize human errors, ensuring proper access control at all times.
- Real-Time Updates — Keep user data accurate and compliant with real-time synchronization between your identity provider and Qualytics.
- Scalable Management — Support user management across organizations of any size, from small teams to enterprise-scale deployments.
Supported Providers
Our API supports SCIM 2.0 (System for Cross-domain Identity Management) as defined in RFC 7643 and RFC 7644. It is designed to ensure seamless integration with any SCIM-compliant identity management system, supporting standardized user provisioning, de-provisioning, and lifecycle management. Additionally, we have verified support with the following providers:
-
Microsoft Entra
Azure Active Directory integration with full SCIM 2.0 support for user and group provisioning.
-
Okta
Okta identity management with OAuth Bearer Token-based SCIM provisioning.
-
OneLogin
OneLogin SCIM Provisioner with SAML for automated user and group management.
-
JumpCloud
JumpCloud SCIM provisioning within existing SAML applications.