idea Access Management based on SCIM v2 interface for Portal in ArcGIS Enterprise Ideas

Access Management based on SCIM v2 interface for Portal

SchipholArchitect — Thu, 15 Nov 2018 16:09:56 GMT

We need a Access Management interface, based on SCIM v2 for separating the Identity en the Access management layers.

Portal has already support for the standards for Single Sign On: SAML. This is for Identity management (authentication).

Our security standards require to separate the Access management (authorization). THis is company wide implemented via the SCIM interface. All applications within our company are now required to have a SAML and a SCIM interface.

My request/idea is to implement this SCIM interface to Portal.

Basic workflow when working with SAML + SCIM:

User is registered in Portal using his company Identity
Portal can verify login using the trusted SAML interface between portal and the OpenID/ADFS server using SAML
This way user can log in using Company Identity
Groups are created in Portal
Groups are synced with Accessmanagement (IAM) using SCIM
Groups are filled with the authorized Identities within IAM
Filled Groups are synced with Portal
Logged in user can access the authorized groups.

1 - 4 are now in place.

5 -7 have to be implemented using new SCIM v2 interface.

SCIM v2 is an open standard, and worldwide.

System for Cross-domain Identity Management - Wikipedia

SCIM: System for Cross-domain Identity Management

Re: Access Management based on SCIM v2 interface for Portal

SchipholArchitect — Tue, 20 Nov 2018 11:54:01 GMT

Above examples include groups. It must also include roles/licenses (lvl1/lvl2 with the new names for Creator, Fieldworker etc..) and the special licenses (arcgis pro, navigator, etc..)

SCIM V2 based access management

JörgHeidemeier — Tue, 09 Mar 2021 09:59:30 GMT

To manage user identities in cloud based applications and services easier we need an access management interface base on SCIM V2.

The idea is the same as already mentioned in the idea https://community.esri.com/t5/arcgis-enterprise-ideas/access-management-based-on-scim-v2-interface-for-portal/idi-p/934792

We need that for groups and roles.

Re: SCIM V2 based access management

Martin1 — Thu, 15 Jul 2021 13:39:05 GMT

We would also need this functionality.

Re: Access Management based on SCIM v2 interface for Portal

ChrisPVella — Wed, 09 Nov 2022 03:21:17 GMT

Strongly support the integration of SCIM for user and group provisioning. This is a core feature and requirement of our other enterprise applications, so would be good to see this developed.

Re: SCIM V2 based access management

ChrisPVella — Wed, 09 Nov 2022 03:21:28 GMT

Strongly support the integration of SCIM for user and group provisioning. This is a core feature and requirement of our other enterprise applications, so would be good to see this developed.

Re: Access Management based on SCIM v2 interface for Portal

John_Spence — Wed, 09 Nov 2022 15:41:31 GMT

I support this one too! Enterprise needs to support modern Enterprise IT tools for IAM.

Re: Access Management based on SCIM v2 interface for Portal - Status changed to: Under Consideration

pheede-esri — Wed, 09 Aug 2023 15:47:24 GMT

Re: SCIM V2 based access management - Status changed to: Closed

pheede-esri — Wed, 09 Aug 2023 15:49:25 GMT

Closing as a duplicate of https://community.esri.com/t5/arcgis-enterprise-ideas/access-management-based-on-scim-v2-interface-for/idi-p/934792. Please vote on that idea!

Re: Access Management based on SCIM v2 interface for Portal

John_Spence — Tue, 15 Aug 2023 17:18:37 GMT

In case anyone needs it, here is a user management script that can be extended to give you near SCIM capabilities. It's not perfect, but it was the solution I came up with to deal with the user issue.

https://github.com/wagisdev/AGOLPortalUserManagement