Using the New Inbound SCIM Connector in Active Roles

Hello. And welcome to One Identity Unite, Deep Dive of Active Roles Server and the New Inbound SCIM Connector. My name is Wayne Smiley. I'm the principal architect for One Identity's Active Roles product. And today, I'm going to talk to you about a new feature of Active Roles 7.44, the Inbound SCIM Connect. The Inbound SCIM Connector is the next logical leap from the outbound SCIM connector and the addition of the linkage to One Identity's Starling Connect product. Now we're going to allow you to come into active roles from something like, say, NHR system or something along those lines, and actually use that to do provisioning or whatnot. This is done through a connector that we put into the synchronization service, or what used to be called a Quick Connect. And what I'm going to do is I'm going to walk you through a little bit of that. This is really going to be just more of an overview. It's not going to be a real heavy, deep dive, just kind of an overview as to how this works. And you can try it yourself from here. OK, so let's dig in. First of all, let's take a look at the actual connector that we've created. So if I click over here and click on Add Connection, you'll see we have a new connection type. And that is SCIM Connector. And here, I just need to tell it what version, the URL, the authentication type, whatever it is. So just as an example, let's use, probably, the most useful thing inside of our organization, and that is our Starling Connect product. One of the things that a lot of people don't know about Starling Connect is that in fact, what it's doing is it is actually talking SCIM back to the other system. So let's say I wanted to Starling Connect to connect to, say, ServiceNow right here. Right here is actually my URL, has my subscription number and all that stuff in it, the URL, and then obviously, my username and password for Starling Connect. But I can put all that stuff in here, and I can then use that in order to connect to it. And if I were to put all that data in right here and all my authentication type and whatnot, then I would go ahead and be able to set up a connection. Let's take a look at one I've already connected. This particular one is Successfactors HR. And I've actually connected directly to it. You can see I'm just going right into theirs. Here's my stuff. I can click Test Connection, and you can see that all settings are valid. So I now have a usable SCIM connection inside of Active Roles. And I can use that just as if I would use a connection to a database or a CSV, or whatever else I might do on any given-- any given time. Then, of course, we need to do-- and so this is probably repetitive for a lot of you guys. We need to do a mapping pair. And actually, you can see I've already done that. I have a mapping pair from Successfactors HR, from Enterprise User, which is their particular user table, to the Active Roles user. And if I click on that, I'm using display name equals display name, although that's probably not the best one. But that's a discussion, I suppose, for another day. And then we can just simply set up a workflow. So here, I have success factors creation to HR. And we go through the entire process you guys are all familiar with, and we have the creation rules. And I haven't setup any here, but you know the basic plan here. So here's all my-- all my attributes. And I can map everything over to the target eye attributes. And again, this is not meant for someone who's not used the synchronization service before. It's just meant to kind of show you what's new here. So what you can see here is you have a really powerful tool to allow you to do a lot of things. Now there's a couple of things that you need to keep in mind that's specific to this version of the SCIM Connector. It only works with SCIM environments that adhere to the 1.0/2.0 standard directly. If they use a custom schema, then it actually will have errors. So let's talk for a second about ones that work and ones that don't work. So for example, a lot of very useful ones out there, like if you're talking to a third party provisioning tool-- God forbid, you use a product that's not ours like Centrify or SailPoint or Octa or Oracle, Identity Manager, or any of those, we can talk directly to those because they're using the SCIM standard. Same with Salesforce, Net IQ, CA Identity Manager, Ping, Radiant Logic-- kind of looking through a list-- VMware Identity Manager, all kinds of different ones out there, and ServiceNow as well, as you guys saw in here. But my point here is that we do support a lot. There are some that we don't support in this, but we're going to add support for those in the near future. In any case, I hope this has been really helpful and I hope you've learned a lot about our new inbound SCIM connector for Active Roles, and how it can make provisioning users a lot easier for you. Thank you very much.