We need a Access Management interface, based on SCIM v2 for separating the Identity en the Access management layers.
Portal has already support for the standards for Single Sign On: SAML. This is for Identity management (authentication).
Our security standards require to separate the Access management (authorization). THis is company wide implemented via the SCIM interface. All applications within our company are now required to have a SAML and a SCIM interface.
My request/idea is to implement this SCIM interface to Portal.
Basic workflow when working with SAML + SCIM:
- User is registered in Portal using his company Identity
- Portal can verify login using the trusted SAML interface between portal and the OpenID/ADFS server using SAML
- This way user can log in using Company Identity
- Groups are created in Portal
- Groups are synced with Accessmanagement (IAM) using SCIM
- Groups are filled with the authorized Identities within IAM
- Filled Groups are synced with Portal
- Logged in user can access the authorized groups.
1 - 4 are now in place.
5 -7 have to be implemented using new SCIM v2 interface.
SCIM v2 is an open standard, and worldwide.
System for Cross-domain Identity Management - Wikipedia
SCIM: System for Cross-domain Identity Management