Login
      Contents x
      Configure the Axiad SCIM Connector for ForgeRock
      • 13 Dec 2024
      • 4 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      Configure the Axiad SCIM Connector for ForgeRock

      • Updated on 13 Dec 2024
      • 4 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Article summary

      What is the Axiad SCIM Connector?

      The Axiad SCIM Connector enables automatic provisioning of users and groups between Axiad Conductor and ForgeRock using the secure and standard protocol, System for Cross-Domain Identity Management (SCIM). The Axiad SCIM Connector allows partners to leverage certificate-based authentication (CBA), which is the most secure phishing-resistant form of multi-factor authentication (MFA) that is increasingly deployed in enterprises as well as in the public sector. Many enterprise employees, as well as the majority of federal agencies and defense employees/contractors, use a strong authenticator (such as a smart card or hardware device) for authentication. 

      CBA streamlines the process of authenticating users with a variety of authenticators while improving overall protection.

      Axiad provides this SCIM Connector as a starting point for integrating ForgeRock and Axiad Conductor. Since every ForgeRock implementation is different, we provide a basic mapping of ForgeRock attributes for SCIM provisioning. Your organization's implementation may have differences which will require updates to ensure the SCIM connector works properly.

      Your Axiad SCIM Connector may also not require all the attributes that are described below or your ForgeRock implementation may not have all the data populated for all attributes listed. The SCIM attribute mapping must be updated as appropriate for your data and business requirements.

      Prior to implementing the Axiad SCIM Connector, contact Axiad Customer Success to obtain the attribute list and credentials for your Axiad Conductor tenant.

      To Configure the Axiad SCIM Connector

      NOTES
      • If your Axiad Conductor tenant is already configured with the required mappings attributes, there is no additional Axiad configuration needed.
      • If you need assistance with your Axiad Conductor environment, contact Axiad Customer Success.
      1. Ensure you have the latest SCIM Connector configuration.
        1. Download the latest SCIM Connector configuration and mapping file from our Git directory.
        2. Copy the provisioner.openicf-AxiadSCIMConnector.json file into the confdirectory where ForgeRock Identity Management is deployed.
          • If the sync.json file exists in the conf directory, copy the contents of mapping-AxiadSCIMConnector.json in the mappings array to the conf\sync.json file. 
          • If the sync.json file doesn't exist, copy the sync.json file into the conf directory where ForgeRock Identity Management is deployed.
      2. Sign into your ForgeRock Identity Management console.
      3. Configure your Axiad SCIM Connector.
        1. From the menu bar, click Configure > Connectors.
        2. Click AxiadSCIMConnector.
      4. In the Base Connector Details section, enter the following:
        1. SCIM Endpoint: your SCIM endpoint. If you do not have this, contact Axiad Customer Success.
          1. SCIM Version: 2
          2. Accept HTTP Header: application/scim+json 
      5. In the Additional Optionssection, enter the following:
        1. Authentication token: your Authentication token. If you do not have this, contact Axiad Customer Success.
          1. Authorization Token Prefix: Bearer
        2. Click Save.
          Your Axiad SCIM Connector is configured.
      6. Configure your Axiad SCIM Connector mappings.
        1. From the menu bar, click Configure > Mappings.
          Axiad SCIM Mappings display:
          axiad_scim_mappings
        2. In the Managed/User card, click Edit.
        3. Verify the settings against the supported SCIM attribute list provided to you by Axiad Customer Success.
        4. Delete all unused attributes.
          NOTE
          The attribute list we provide includes all attributes mapped within your Axiad Conductor tenant. You must delete all unused attributes from the SCIM mapping to avoid unnecessary data synchronizations.
        5.  Click the Properties tab.
        6. Ensure the Attributes Grid displays as shown:
          user_properties_tab
          NOTE
          By default the Organization property maps to the first organization in an array. If this is different than what you expect, change the mapping accordingly.
        7. Click the Association tab and verify the Association Rules display as follows:


        

            ![User_association_tab](./images/users_mapping/user_association_tab.png)


            1.2.1. Under `Association Rules` click on the `pencil` icon (as highlighted in above image) to verify the `Correlation Query` config as shown

        

            ![User_correlation_query](./images/users_mapping/user_correlation_query.png)


         1.3. Verify the `Behaviors` tab has the `Policies` as shown

        

            ![User_behaviors_tab](./images/users_mapping/user_behaviors_tab.png)


         1.4. Verify the `Advanced` tab has the `Additional Mapping Options` as shown 

        

            ![User_advanced_tab](./images/users_mapping/user_advanced_tab.png)  

             

         1.5. Under the `Scheduling` tab, you can `Add Reconciliation Schedule` as per your organization's requirements


      #### _2.2. Group mapping Configurations_


      1. Click on `Edit` where SOURCE is `Managed/Role` and verify the settings are correct


         1.1. Verify the `Properties` tab has the `Attributes Grid` as shown

        

            ![User_properties_tab](./images/groups_mapping/group_properties_tab.png)


         1.2. Verify the `Association` tab has the `Association Rules` as shown

        

            ![User_association_tab](./images/groups_mapping/group_association_tab.png)


            1.2.1. Under `Association Rules` click on the `pencil` icon (as highlighted in above image) to verify the `Correlation Query` config as shown

        

            ![User_correlation_query](./images/groups_mapping/group_correlation_query.png)


         1.3. Verify the `Behaviors` tab has the `Policies` as shown

        

            ![User_behaviors_tab](./images/groups_mapping/group_behaviors_tab.png)


         1.4. Verify the `Advanced` tab has the `Additional Mapping Options` as shown 

        

            ![User_advanced_tab](./images/groups_mapping/group_advanced_tab.png)  

             

         1.5. Under the `Scheduling` tab, you can `Add Reconciliation Schedule` as per your organization's requirements


      ### _2.3. Managed Objects Configuration_


      #### 1. Users


      1. Click `CONFIGURE` on the menu bar and select `MANAGED OBJECTS`

      2. Click the 'User' managed object


      ##### 1.1. Manager property


      1. Edit the `manager` property 

      2. Under `Details`, click on `Show advanced options`

      3. Enable `Viewable`, `User Editable`, `Return by Default` and the `Notify Self` options as shown


         ![Manager_property_options](./images/users_mapping/manager_property_options.png)


      4. Edit the `Relationship Configuration`, highlighted with a red rectangle as shown


          ![Manager_edit_relationship](./images/users_mapping/manager_edit_relationship.png)


         4.1. Enable `Notify` on the `Edit Resource` screen as shown


            ![Edit_resource](./images/users_mapping/edit_resource.png)


      ##### 1.2. MemberOfOrgIDs property


      1. Edit the `memberOfOrgIDs` property

      2. Under `Details`, click on `Show advanced options`

      3. Enable `User Editable`, `Return by Default` and the `Virtual` options as shown


          ![MemberOfOrgIDs_property_option](./images/users_mapping/memberOfOrgIDs_property_option.png)


      #### 2. Roles


      1. Click `CONFIGURE` on the menu bar and select `MANAGED OBJECTS`

      2. Click the 'Role' managed object


      ##### 2.1. Members property


      1. Edit the `members` property 

      2. Under `Details`, click on `Show advanced options`

      3. Enable `Viewable`, `User Editable`, `Return by Default` and the `Notify Self` options as shown


         ![Members_property_options](./images/groups_mapping/members_property_options.png)

       

      4. Edit the `Relationship Configuration`, highlighted with a red rectangle as shown


          ![Member_edit_relationship](./images/groups_mapping/member_edit_relationship.png)


         4.1. Enable `Notify` on the `Edit Resource` screen as shown


            ![Edit_resource](./images/groups_mapping/edit_resource.png)


      ## Post configuration steps


      1. Test `User` provisioning by creating a user in ForgeRock and making sure it is provisioned in the Axiad Conductor and all the mappings are working as expected.

      2. Test `Role` provisioning by creating a role in ForgeRock and making sure it is provisioned in the Axiad Conductor and all the mappings are working as expected.


      Was this article helpful?
      What's Next
      101 Metro Drive, Suite 560
      San Jose, CA 95110
      United States
      Social
      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout