Blog
YIAM SCIMGateway©

YIAM SCIMGateway©

April 1, 2023

Identity Access Management and Governance, the management of digital entities and their lifecycle across different silos, requires standard communication channels to and from those silos and services.

Many identity management tools and solutions do lack a standard communication channel, resulting in a bunch of proprietary or specialized interfaces and connectors, each with its specific requirements and limitations.

Furthermore, connectivity to off-premise services, partner interfaces, non-standard or simply plain old and unsupported target
systems can become tedious.

YIAM_SCIMGateway-optimized.png

SCIM (System for Cross-domain Identity Management) is a proven standard available since 2011, and offers important functionality to standardize the default identity lifecycles Create, Rename, Update and Delete (aka ‚CRUD‘-Operations).

However, it is still not widely adopted and available for many targets within the enterprise (on-Premise) IT landscape, which is still dominated by data management ‚protocols‘ based on SQL, LDAPS, or scripting functionalities like PowerShell on Microsoft Windows and Bash on *nix systems.

YIAM SCIMGateway

WedaCon‘s YIAM (Why I am) SCIMGateway is a small but flexible gateway to enable modern communication and interaction with those legacy systems.

The gateway has a very small footprint (just a few kb) and can run as a simple java-only microservice or with a Microsoft Windows ServiceWrapper.

YIAM_SCIMGateway2-optimized.png

Its modular design allows to provide SCIM (or more simple RESTful operations) against several different target systems, eg SQL, LDAP, CSV or even PowerShell and Bash Environments.

SCIM Interface

The SCIM Interface consists of a lightweight http-server coupled with functionalities to directly link HTTP URIs to Java methods. Using that as the basic (with a little bit more magic around), the SCIM interface layer is responsible to translate SCIM requests coming in into meaningful functionalities against the connectors.

Logical Layer

The logical layer provides the details about the available function calls for the connectors by defining configuration details on how to authenticate to the target application represented by the connectors and the schema (operations, objects and attributes) available for the given target.

Connector Layer

The connector layer does also read its configuration from the logical layer. Using these informations, it provides the necessary functionalities and libraries to use the target APIs (eg LDAP client to access an LDAP server, or PowerShell - Libraries to be able to interact with PowerShell Modules)

SCIM Endpoints

The Endpoints available on the http interface are defined via the logical layer as well. Typical endpoints are

  • Create, Read, Update, Delete
  • Search, Replace, Bulk
  • ServiceProviderConfig, ResourceTypes, Schema

Productfamily

YIAM SCIMGateway© is part of the YIAM© product family, which reflects our more than 20 years of experience in management of digital identities, authentication and authorization.

For more information about the YIAM© product family, package deals and upgrade opportunities contact us using one of our channels.

Last updated on
YIAM© QuarterDeck StageSyncWhy HR 4.0 might not work for you