To enable SCIM support, you first need to generate an API key for a Superuser. As a superuser, go to the user menu near the upper-right, and choose "Manage API keys." Click "Create New Token." Copy the token and paste that in as a "Bearer Token" on your SCIM client's configuration pages. Sometimes this means you may have to add the word "Bearer" with a space and then your API token. The full authorization header should look something like:
Authorization: Bearer abcdefghijklmnopqrstuvwxyz1234567890
The SCIM client will be able to create users from your directory, and Snipe-IT will try to map every field it can to the appropriate field within Snipe-IT.
The Snipe-IT SCIM URL’s will start with https://your_servername/scim/v2/ - in most SCIM providers, you need to just place that prefix of https://your_servername/scim/v2 and the SCIM protocol will handle the rest for you.
Snipe-IT can only sync Users, not Groups
Snipe-IT only has built-in mappings for Users, but not yet for the Groups section. Snipe-IT cannot sync Groups via SCIM at this time.
- Mobile Phone Number
DELETE is not supported by the underlying library yet
Azure SCIM and User Databases
If you restore from a backup, or regenerate your Users table somehow, you may need to delete your provisioning profile and re-create it. This is because Azure will "remember" your old user ID's and will refuse to "learn" the new ones. The only way to make it "forget" is to delete your provisioning profile and re-create it.
|Snipe-IT Users field
|(Lookup by name to set department_id)
.env file, you can specify two new environment values that modify how Snipe-IT's SCIM server works.
|When set to
true, all SCIM requests and responses will be logged to a
scim.log file in the storage/logs directory
|When set to
true, Snipe-IT tries to more closely follow the SCIM specifications. Definitely needed for OneLogin. When set to
false, Snipe-IT maintains its original behavior. (This seems to rarely need to be changed)
SCIM support did not previously support changing email addresses via Azure and some other SCIM clients. Since v6.2, that has been fixed, but if you were depending on the previous behavior, you may get unexpected results.
If you get an error message of "User Account is Inactive" when trying to synchronize the 'login enabled' checkbox, make sure to enable "Deactivate Users" in the "Provisioning Settings" within the App settings on Okta. Read more in their support document here: https://support.okta.com/help/s/article/Smartsheet-provisioning-error-Automatic-provisioning-of-user-to-app-Smartsheet-failed-User-account-is-inactive?language=en_US
Updated 3 months ago