Non-Compliant Settings

The SCIM 2.0 source supports the configuration of a non-compliant SCIM server. In the SCIM 2.0 source UI, on the Relax Configuration sub-panel, enable the Non Compliant Server? option to skip SCIM 2.0 validation for each response from this server. Use this if your SCIM 2.0 Server is not fully compliant with SCIM 2.0 specifications.

The SCIM 2.0 source will not use the schema response; it will use the populated core or extended schema mentioned in the SCIM 2.0 specifications. Refer to the section for list of attributes at https://datatracker.ietf.org/doc/html/rfc7643#section-4.1

For any new attribute, you must add it in the schema and add its JSON path to the JSON Path Mapping.

For any other object type other than offered by default, such as Account, Group, Role, and Entitlement, you must manually add the schema and JSON path mapping in the source. Refer to Best Practices: REST API Authentication , REST API - Update Source (Partial), and Adding Attributes to a Source Schema.

If this configuration is enabled for an existing source, you must perform a Discover Schema operation to get the JSON path mapping from the source. The SchemaPropertyMapping configuration in the existing source will remain intact and can be removed manually, if required.

In the Aggregation Settings sub-panel, configure (Add, Remove, and Modify) the JSON path mapping.

If any attributes are read-only and don't need to be included in the create/update payload, add them in a list.

In the Provisioning Settings sub-panel, configure the read-only attributes.

You can configure a custom rootPath for aggregating Accounts if the rootPath of /Users does not comply with SCIM RFC. For example, if /Users rootPath is “resources” instead of the SCIM RFC standard “Resources", use the Update Source (Partial) API as shown below in the JSON Payload example:

Copy 
[
{
"op": "add",
"path": "/attributes/aggregation_rootPath",
"value": "$.resources[*]"
}
]