Community

Access Management based on SCIM v2 interface for Portal

2114
9
11-15-2018 08:09 AM
Status: Under Consideration
SchipholArchitect
by
New Contributor III

We need a Access Management interface, based on SCIM v2 for separating the Identity en the Access management layers.

Portal has already support for the standards for Single Sign On:  SAML. This is for Identity management  (authentication).

Our security standards require to separate the Access management (authorization). THis is company wide implemented via the SCIM interface. All applications within our company are now required to have a SAML and a SCIM interface.

My request/idea is to implement this SCIM interface to Portal.

Basic workflow when working with SAML + SCIM:

  1. User is registered in Portal using his company Identity
  2. Portal can verify login using the trusted SAML interface between portal and the OpenID/ADFS server using SAML
  3. This way user can log in using Company Identity
  4. Groups are created in Portal
  5. Groups are synced with Accessmanagement (IAM) using SCIM
  6. Groups are filled with the authorized Identities within IAM
  7. Filled Groups are synced with Portal
  8. Logged in user can access the authorized groups.

1 - 4 are now in place.

5 -7 have to be implemented using new SCIM v2 interface.

SCIM v2 is an open standard, and worldwide.

System for Cross-domain Identity Management - Wikipedia 

SCIM: System for Cross-domain Identity Management 

9 Comments
SchipholArchitect
by
‎11-20-2018 03:54 AM

Above examples include groups. It must also include roles/licenses (lvl1/lvl2 with the new names for Creator, Fieldworker etc..) and the special licenses (arcgis pro, navigator, etc..)

JörgHeidemeier
by
‎03-09-2021 01:59 AM

To manage user identities in cloud based applications and services easier we need an access management interface base on SCIM V2.

The idea is the same as already mentioned in the idea https://community.esri.com/t5/arcgis-enterprise-ideas/access-management-based-on-scim-v2-interface-f...

We need that for groups and roles.

Martin1
by
‎07-15-2021 06:39 AM

We would also need this functionality.

ChrisPVella
by
‎11-08-2022 07:21 PM

Strongly support the integration of SCIM for user and group provisioning. This is a core feature and requirement of our other enterprise applications, so would be good to see this developed.

ChrisPVella
by
‎11-08-2022 07:21 PM

Strongly support the integration of SCIM for user and group provisioning. This is a core feature and requirement of our other enterprise applications, so would be good to see this developed.

John_Spence
by
‎11-09-2022 07:41 AM

I support this one too! Enterprise needs to support modern Enterprise IT tools for IAM.

pheede-esri
by Esri Contributor
‎08-09-2023 08:47 AM
Status changed to: Under Consideration
 
pheede-esri
by Esri Contributor
‎08-09-2023 08:49 AM
Status changed to: Closed

Closing as a duplicate of https://community.esri.com/t5/arcgis-enterprise-ideas/access-management-based-on-scim-v2-interface-f.... Please vote on that idea!

John_Spence
by
‎08-15-2023 10:18 AM

In case anyone needs it, here is a user management script that can be extended to give you near SCIM capabilities. It's not perfect, but it was the solution I came up with to deal with the user issue.

https://github.com/wagisdev/AGOLPortalUserManagement