Topic
This article answers frequently-asked questions about using SCIM in NinjaOne.
Environment
- NinjaOne Integrations
- Identity providers (IDPs)
Questions
Select a question to review the answer:
- What is SCIM?
- Am I required to set up SCIM for NinjaOne?
- Can an existing NinjaOne user (email address) be converted to a SCIM user?
- Where are SCIM actions logged?
- Why can I not synchronize user phone numbers from the IDP?
Answers
If you cannot find the answer to your question, please contact NinjaOne Support.
What is SCIM?
SCIM provisioning can be used with an SSO integration. When you enable SCIM for NinjaOne, NinjaOne will create a user with attributes provided by the identity provider (IDP). For more information about the purpose of SCIM, refer to SCIM: System for Cross-domain Identity Management (external link).
Am I required to set up SCIM for NinjaOne?
You do not need to provision System for Cross-domain Identity Management (SCIM) in NinjaOne as a prerequisite to log in as a technician and end user. Provisioning SCIM is necessary if you would like your IDP to create users and manage their lifecycle. SCIM provisioning uses the Application Programming Interface (API) to authenticate the NinjaOne service account with the IDP.
You will use the attributes provided by the IDP to create a user in NinjaOne. Each IDP may require a different workflow to integrate these settings, which we will provide in this article for supported vendors. NinjaOne provides SCIM endpoint details that you will enter into your IDP SCIM application.
Once you provision SCIM, your users will log in to NinjaOne by leveraging their IDP session and browser redirection.
Can an existing NinjaOne user (email address) be converted to a SCIM user?
Yes, you can convert an existing user to a SCIM user. The IDP will identify that the user already exists within NinjaOne, but the user will still become SCIM-managed.
Where are SCIM actions logged?
SCIM actions are logged as system activities with the single-sign-on (SSO) type.
Why can I not synchronize user phone numbers from the IDP?
Unexpected changes to users' phone numbers can compromise their multi-factor authentication.
Additional Resources
Refer to the following resources to learn more about Identity Access Management processes in NinjaOne: