SCIM outbound provisioning overview

This section describes the CyberArk Identity outbound SCIM-provisioning implementation (SCIM client).

You can use outbound provisioning to provision users and groups from CyberArk Identity to other applications.

CyberArk Identity outbound SCIM provisioning

CyberArk Identity supports provisioning to some applications through their proprietary API. For example, you can provision to Office 365 using a Microsoft API. You can provision other apps (for example, custom SAML apps) if the app supports SCIM.

A SCIM server is only required for outbound provisioning, so you can provision users and groups from CyberArk Identity to your application. The CyberArk Identity outbound provisioning feature supports SCIM 1.1 and 2.0.

If your SAML application supports SCIM, you can enable provisioning by entering the access token and SCIM URL.

Before you begin

Before configuring your application for provisioning, you must:

  1. Install, configure, and deploy the app.
  2. Give Manage Accounts and Manage Groups permissions to the app.
  3. Get an access token for the app.

When you create the app, the access token is only displayed once and it never expires. It is important to store the access token in a secure location.