Additional Settings

Ensure that you configure the additional parameters.

  1. In the HTTP Request Headers panel, configure the HTTP Content-type header value that you can use for the SCIM requests. The default value is application/scim+json. In the Accept field enter the HTTP Accept header value that you can use for the SCIM requests. The default value is application/scim+json. The SCIM 2.0 source does not include the read-only attributes in HTTP PATCH requests.

  2. To send headers required for No Authentication type, add a header key and its corresponding value into the No Authentication Headers sub-panel in the OAuth Settings section.

    For example, you can add customParamKey and the corresponding customParamValue:

    <entry key="noAuthHeaders">
                <entry key="customParamKey" value="customParamValue"/>
                <entry key="password" value="$application.password_CA$"/>

    Don't configure sensitive attributes through the No Authentication Headers sub-panel in the UI configuration. They should be added through the IdentityNow Update Source Partial REST API and used with placeholders. When you add sensitive attributes to the headers, ensure that the attributes are added with the suffix, _CA. If the attributes are not suffixed with _CA, the SCIM 2.0 source might encounter unusual behavior. For more information on using IdentityNow Update Source Partial REST API, see IdentityNow REST API - Update Source (Partial).

    For example, to use a password in the header value, add the password_CA attribute using the source API and use $application.password_CA$ in header value. If the attribute updated is a password then it must be added to the header as follows:

    Before updating the encrypted list:

    {"encrypted":"refresh_token,oauthTokenInfo,client_secret,oauthBearerToken,additional_payload,private_key, private_key_password,oauth2password,noAuthHeaders"}

    After updating the encrypted list:

    {"encrypted":"refresh_token,oauthTokenInfo,client_secret,oauthBearerToken,additional_payload,private_key, private_key_password,oauth2password,noAuthHeaders,password_CA"}

  3. To send additional parameters for token generation in the OAuth 2.0 Authentication type, in the OAuth Request Parameters sub-panel panel in the OAuth Settings section, you can add a key and its corresponding value.

    For example, you can add Content-Type as key and the corresponding value as application/x-www-form-urlencoded.

  4. If you want to set up and add expected errors while generating a token, enter a list of retryable errors in the Retryable Errors field in the OAuth Settings section.

    For example, you can use "unauthorized", "401", "does not have access"

  5. For additional provisioning parameters in the Provisioning Settings sub-panel, enable the USE HTTP PATCH method if usePatch is required. While updating the existing attributes, the SCIM 2.0 source supports the Replacing operation instead of Adding, while using the PATCH method.

  6. Enable Skip Group Update to skip the redundant group update call, and instead, to use a 'create account with entitlement' request. The default behavior of SCIM 2.0 is to communicate with the Groups endpoint for modification of groups information, but you can configure the source to modify group information through the Users endpoint. To enable this feature, set the updateGroupsViaUsers attribute to true in the source XML file using IdentityNow REST API.

    <entry key="updateGroupsViaUsers" value="true"/>)

    Refer to Best Practices: IdentityNow REST API Authentication and IdentityNow REST API - Update Source (Partial) for more information on configuring via IdentityNow REST API.

    When enabled, the SCIM 2.0 source adds all the attributes in the create/upload payload regardless of its mutability. If any attributes are read-only, and should not be included in the create/update payload, add them in a list. For example:

    <entry key="readOnlyAttrs">