Skip to main content

Provisioning with SCIM

This feature replaces the provisioning of user profiles through Federated SSO with API calls based on the System for Cross-domain Identity Management (SCIM) standard. Moving from Federated SSO to SCIM involves shifting from a trust-based authentication model to a standardized provisioning and deprovisioning model.

To enable user provisioning via SCIM API calls:

  1. In the Customer Portal, go to the Administration menu and select Account and Security Management.

    note

    The Administration menu is visible only to Administrators.

  2. Click Federated Single Sign-On to view the Federation details screen. Alternatively, you can go to https://federation.equinix.com/.

  3. Select the Provisioning tab. This option will be available if you have successfully set up a federated connection and logged in using federated authentication.

  4. Click the toggle to enable SCIM API for provisioning user profiles. Enabling SCIM API calls will disable Federated SSO access for your users. During this process, no other actions can be performed in the Self-Service Federation (SSF) portal.

  5. The processing time may take up to 5 minutes, depending on the number of users in your organization. Once automatic provisioning is successfully enabled, you can proceed to set up the SCIM API.

  6. To generate a token for SCIM API access, click Generate New Token. You can have up to two tokens at a time. If you need a new one, delete an existing token first. Submit the generated token along with the Endpoint URL to your identity provider (IdP) to establish the connection.

  7. Token details will be displayed. Copy and save the token in a secure location. You will need the token in order access the API endpoint.

    note

    This is the only time token details will be displayed. If you lose the token, you will need to delete an existing token and regenerate a new one.

  8. To begin provisioning setup, roll over Provisioning Setup to choose your provisioning type.

  1. Select Not restricted to provision all users, or Restrict by group membership to limit provisioning to specific IdP groups. This finalizes automated user management for your environment.

  1. Hover over a section to edit or delete it, or click Pause to stop syncing. You can click Enable at any time to resume syncing.

To find out how to configure EntraID and Okta, refer to: