The Service Provider provisions users and groups using the SCIM API.

As a SCIM provider, the ServiceNow schemas support SCIM APIs to provision users and groups.

The SCIM provider synchronizes the changes made to identities in the IdP, including creating, updating, or deleting records. These changes are automatically synchronized to the provider according to the SCIM protocol. Also, the IdP can read identities from the provider to add to the IdP directory. The IdP can then detect incorrect values in the provider that could create security vulnerabilities. The synchronization enables end users to have seamless access to applications for which they’re assigned, with up-to-date profiles and permissions.

Configurations for SCIM Provider

To configure the SCIM Provider, perform the following tasks:

  • Activate the SCIM v2 - ServiceNow Cross-domain Identity Management plugin. To learn more, see Activating the SCIM plugin.​
  • Activate the other plugins that other plugins that are required for SCIM:
  • Add the scim_admin role as part of the SCIM service.​
Warning: Grant this role carefully. The scim_admin role is equivalent to giving the user the admin role, where the scmin_admin can add or update Personally Identifiable Information (PII).

Tables

Two tables, sys_user and sys_group, contain the SCIM attributes that do not map to existing ServiceNow tables. To know more about the tables, see the SCIM-specific tables.