diff --git a/assets/images/lambdatest-scim/azure-ad/dynamic_1.png b/assets/images/lambdatest-scim/azure-ad/dynamic_1.png new file mode 100644 index 000000000..0234d204e Binary files /dev/null and b/assets/images/lambdatest-scim/azure-ad/dynamic_1.png differ diff --git a/assets/images/lambdatest-scim/azure-ad/dynamic_2.png b/assets/images/lambdatest-scim/azure-ad/dynamic_2.png new file mode 100644 index 000000000..463e6df7c Binary files /dev/null and b/assets/images/lambdatest-scim/azure-ad/dynamic_2.png differ diff --git a/assets/images/lambdatest-scim/azure-ad/dynamic_3.png b/assets/images/lambdatest-scim/azure-ad/dynamic_3.png new file mode 100644 index 000000000..eef464d51 Binary files /dev/null and b/assets/images/lambdatest-scim/azure-ad/dynamic_3.png differ diff --git a/assets/images/sso/img_20.png b/assets/images/sso/img_20.png new file mode 100644 index 000000000..4c796f694 Binary files /dev/null and b/assets/images/sso/img_20.png differ diff --git a/docs/azure-scim.md b/docs/azure-scim.md index 21bfcf4fa..1fc5c82f7 100644 --- a/docs/azure-scim.md +++ b/docs/azure-scim.md @@ -1,7 +1,7 @@ --- id: azure-scim title: Azure AD Scim User Provisioning -hide_title: true +hide_title: false sidebar_label: Azure AD description: Integrating LambdaTest SCIM with Azure AD keywords: @@ -34,15 +34,7 @@ slug: scim/azure/ }) }} > - - - - -# LambdaTest SCIM Auto User Provisioning with Azure AD - -* * * -## Prerequisites ## ---- +## Prerequisites Integrate SCIM With LambdaTest: * You will need an Enterprise plan with LambdaTest. @@ -77,17 +69,44 @@ Integrate SCIM With LambdaTest: **Step 8:** Under the Mappings section, select Synchronize Azure Active Directory Users. Image
-**Step 9:** Review the User Attribute mappings: -Image
+**Step 9:** Creating Custom Attributes + +- Show advanced options > Edit attribute list for customappsso > Add attributes +- userName, Active, name.givenName, name.familyName are required attributes -userName, Active, name.givenName, name.familyName are required attributes +Image
+ +- **`urn:ietf:params:scim:schemas:extension:LambdaTest:2.0:User:OrganizationRole`**: Custom attribute used to set LambdaTest Organization Role for Users, If this attribute is not mapped User role would be set by default. Allowed values are (Admin/Guest/User) -**urn:ietf:params:scim:schemas:extension:LambdaTest:2.0:User:OrganizationRole**: Custom attribute used to set LambdaTest Organization Role for Users, If this attribute is not mapped **User** role would be set by default. Allowed values are (Admin/Guest/User) +- **`urn:ietf:params:scim:schemas:extension:LambdaTest:2.0:User:LambdatestGroup`**: Used to assign an existing group in Lambdatest to a new user created in lambdatest through SCIM. (Applicable only if organisation has group support active) For filtering only **userName** attribute is supported and must be selected for filtering, click edit on userPrincipalName and make sure **Apply this mapping** is set to **Always** -Image
+Image
+ +- **Dynamic/Static assignment of custom attributes**: After custom attribute creation, we have to map them using “Add new mapping” + +Image
+ +Image
+ + +Now there are three types Mapping type in AzureAD, “Direct”, “Constant” and “Expression”. + + +For example we can set Constant association “Guest” for `urn:ietf:params:scim:schemas:extension:LambdaTest:2.0:User:OrganizationRole` + +Image
+ +Or, can create association using the Expression like this , + +`IIF(SingleAppRoleAssignment([appRoleAssignments])="Admin", "Admin"`, +`IIF(SingleAppRoleAssignment([appRoleAssignments])="Guest", "Guest"`, +`IIF(SingleAppRoleAssignment([appRoleAssignments])="User", "User", "User")))` + +In the above example we are using the appRoleAssignments attribute of microsoft user to set string value. +After custom attribute creation, we have to map them using “Add new mapping” **Step 10:** To enable the Azure AD provisioning service for LambdaTest, change the Provisioning Status to On in the Settings section. Image
diff --git a/docs/okta-scim.md b/docs/okta-scim.md index d6adcedc6..0fb5e350b 100644 --- a/docs/okta-scim.md +++ b/docs/okta-scim.md @@ -1,7 +1,7 @@ --- id: okta-scim title: Okta Scim User Provisioning -hide_title: true +hide_title: false sidebar_label: Okta description: Integrating LambdaTest SCIM with Okta keywords: @@ -35,18 +35,11 @@ slug: scim/okta/ }} > - - - -# LambdaTest SCIM Auto User Provisioning with Okta - -* * * -## Prerequisites ## ---- +## Prerequisites Integrate SCIM With LambdaTest: -* You will need an Enterprise plan with LambdaTest. -* SSO must be already integrated. Please complete [LambdaTest SSO & Okta Integration](/support/docs/lambdatest-sso-okta-integration/) +- You will need an Enterprise plan with LambdaTest. +- SSO must be already integrated. Please complete [LambdaTest SSO & Okta Integration](/support/docs/lambdatest-sso-okta-integration/) ## Integrating SCIM with Okta **Step 1:** Sign in to your LambdaTest account. Don't have an account, [register for free](https://accounts.lambdatest.com/register). @@ -83,11 +76,13 @@ Click Test Connection to ensure Okta can connect to LambdaTest. If the connectio userName, Active, name.givenName, name.familyName are required attributes -***Creating Custom Attributes*** +**Creating Custom Attributes** + +For creating custom attribute in Okta, go to Directory > Profile Editor > Add Attribute > [Create Custom Attribute](https://help.okta.com/en-us/content/topics/users-groups-profiles/usgp-add-custom-user-attributes.htm) -**urn:ietf:params:scim:schemas:extension:LambdaTest:2.0:User:OrganizationRole**: +**`urn:ietf:params:scim:schemas:extension:LambdaTest:2.0:User:OrganizationRole`**: -For creating custom attribute in Okta, go to Directory > Profile Editor > Add Attribute ([Create Custom Attribute](https://help.okta.com/en-us/content/topics/users-groups-profiles/usgp-add-custom-user-attributes.htm)) +**`urn:ietf:params:scim:schemas:extension:LambdaTest:2.0:User:LambdatestGroup`** : Applicable only if organisation has group support active) Enter Display Name as per your choice Enter Variable name as **OrganizationRole** @@ -100,9 +95,9 @@ Select Enum as **Yes** Enter the values as **Admin, Guest, User** okta integration +Also if you want to assign this attribute at a okta group level choose AttributeType as Group - - +okta integration **Step 10:** To enable the Okta provisioning service for LambdaTest, set Create Users, Update User Attributes and Deactivate Users to enabled Image
diff --git a/docs/scim.md b/docs/scim.md index b598fec93..5f05d3835 100644 --- a/docs/scim.md +++ b/docs/scim.md @@ -1,7 +1,7 @@ --- id: scim title: Getting Started With Scim User Provisioning -hide_title: true +hide_title: false sidebar_label: SCIM description: The SCIM specification is designed to make managing user identities easier. SCIM allows your Identity Provider (IdP) to manage users within your LambdaTest workspace keywords: @@ -34,41 +34,24 @@ slug: scim/ }) }} > - - - - -# Getting Started With SCIM Auto User Provisioning - -* * * - The SCIM specification is designed to make managing user identities easier. SCIM allows your Identity Provider (IdP) to manage users within your LambdaTest workspace > SSO must be integrated before enabling SCIM. Please see [Getting Started With Single Sign On (SSO)](/support/docs/single-sign-on/) or [support@lambdatest.com](mailto:support@lambdatest.com) for questions. ## Benefits Of SCIM +Here are the following benefits of integrating SCIM with LambdaTest: -* * * - -Here are the following benefits of integrating SCIM with LambdaTest +- **Efficiency and Automation**: SCIM automates the process of user identity management, making it more efficient and less error-prone. It enables automatic provisioning and de-provisioning of user accounts, reducing manual administrative tasks and associated errors. +- **Consistency:**: SCIM ensures that user data is consistent across different systems and services. When a user's attributes (like role) are updated in the identity provider, SCIM can be used to propagate those changes to all connected service providers, maintaining accurate and up-to-date information. +- **Security and Access Control:**: By centralizing identity management through SCIM, organizations can better enforce access control policies and ensure that users have appropriate access rights to the resources they need. This can help mitigate security risks associated with improper access permissions. +- **Assigning Groups to Users (If Groups Are Activated in Your Organization) :** If your organization has group functionality enabled, you can assign existing LambdaTest groups to users provisioned through an Identity Provider (IdP) such as Microsoft Azure AD, Okta, and others using SCIM. +> Connect with our [24/7 customer support](mailto:support@lambdatest.com) team to get the **Group** feature enabled for your organization. -* **Efficiency and Automation**: SCIM automates the process of user identity management, making it more efficient and less error-prone. It enables automatic provisioning and de-provisioning of user accounts, reducing manual administrative tasks and associated errors. - -* **Consistency:**: SCIM ensures that user data is consistent across different systems and services. When a user's attributes (like role) are updated in the identity provider, SCIM can be used to propagate those changes to all connected service providers, maintaining accurate and up-to-date information. - -* **Security and Access Control:**: By centralizing identity management through SCIM, organizations can better enforce access control policies and ensure that users have appropriate access rights to the resources they need. This can help mitigate security risks associated with improper access permissions. ## Feature Of SCIM - -* * * - LambdaTest provides the support for the below SCIM features. -* **User Provisioning and De-provisioning**: SCIM facilitates the automatic provisioning and de-provisioning of user accounts across different systems and services. When a user is added or removed from the identity provider, SCIM can be used to propagate these changes to your LambdaTest account. - -* **Updating User Attributes**: Using SCIM you can update user attribute such as **Organization Role** directly from your Identity Provider. - -## Enable LambdaTest SCIM -*** +- **User Provisioning and De-provisioning**: SCIM facilitates the automatic provisioning and de-provisioning of user accounts across different systems and services. When a user is added or removed from the identity provider, SCIM can be used to propagate these changes to your LambdaTest account. +- **Updating User Attributes**: Using SCIM you can update user attribute such as **Organization Role** directly from your Identity Provider. ## Copy SCIM Base URL and Bearer Token (Auth Header Required by IdP) **Step 1:** Sign in to your LambdaTest account. Don't have an account, [register for free](https://accounts.lambdatest.com/register). @@ -84,7 +67,7 @@ LambdaTest provides the support for the below SCIM features. Image
## SCIM User Attributes -```json +```javascript { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", @@ -134,7 +117,7 @@ User accounts can only be deactivated (active:false) via PUT/PATCH or DELETE Use POST `https://auth.lambdatest.com/api/scim/Users` -```json +```javascript { "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User",