SCIM API integration for the Device Hub
The Device Hub SCIM API integration supports SCIM version 2.0 and is certified for Azure Active Directory.
Contents
Supported features
The Device Hub SCIM API integration supports the following provisioning actions:
- Create users
- Delete users
- Update user attributes
- Add a group
- Remove a group
- Update Groups attributes
- Add/remove users to/from a group
Limitations
- Currently, only Azure AD is supported. Hybrid AD and multiple ADs are not supported.
- On-premise AD is not supported.
- All users are created in Condeco as standard, non-admin users.
- The Condeco application does not support multi-valued properties.
- Email addresses are read-only and as such, cannot be updated using SCIM.
Good to know
- The following special characters are supported when creating users from AD: period [ . ], comma [ , ], hyphen [ – ], 0-9
- The following languages are supported when creating users from AD: Latin, Chinese, Arabic, and Japanese, using 0-64 ASCII character strings only.
- The following special characters are not supported in email addresses: # % * ( ) = [ ] | \ “ ; : <> , ? /
- Underscore [ _ ] is not supported in the first names or last names of users created via AD.
- SCIM updates are one-way – from Azure AD to the Condeco Device Hub. Updates made in Device Hub do not synchronize to Azure AD.
- Audit logging is not currently supported. Logs can be viewed from Azure App Insights.
- The initial synchronization cycle is expected to take longer than subsequent cycles.
- Synchronization cycles occur approximately every 40 minutes, provided the Azure AD provisioning service is running.
- The Device Hub requires at least 1 active admin account.
- Bulk-create users function in Azure AD does not support the email field. If bulk-create users is used in Azure, then email addresses must be subsequently added individually for each user on the Device Hub.
Post your comment on this topic.