Add UI Extension to SCIM Users

4me’s UI extensions functionality now offers the ability to add custom fields to SCIM user records.  The acronym SCIM stands for System for Cross-domain Identity Management.  It is a standard protocol for automating user management.  4me has supported this protocol for a few years already.  It is now used by most customers to automate the maintenance of the person records in their 4me directory accounts.

When 4me receives SCIM user data from an organization’s identity provider (such as Okta, OneLogin Azure AD, etc.) this data does not get stored in 4me person records right away.  Instead, 4me stores the incoming SCIM data in SCIM user records.  Automation rules are then used to map the field values of these SCIM user records to the fields of 4me person records.

Now that it is possible to define a UI extension for SCIM user records, an organization’s identity provider can populate the custom fields of this UI extension by including the necessary field ID and value pairs in the JSON it includes in its SCIM POST requests.

For example, an organization may define a UI extension for its SCIM users that adds the custom fields Payroll ID (which field ID is payroll_id) and Year of birth (which field ID is year_of_birth).

4me UI extension for SCIM user records

The organization’s identity provider can then pass the values for these custom fields to 4me using the following schema extension:

urn:ietf:params:scim:schemas:extension:4me:1.0:custom_fields

Note that this 4me schema extension does not have to be added to the schemas definition.  It will always be picked up in case the attribute mentioned above is present in the JSON hash.

In our example, this JSON hash can look as follows:

{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
  ],
  "externalId": "d5d1a4c5-84bb-4883-8c2d-a12bf3676638",
  "userName": "[email protected]",
  ...
  "urn:ietf:params:scim:schemas:extension:4me:1.0:custom_fields": {
    "payroll_id": "179e3587-8416-443b-94ff-b0e50a98b184",
    "year_of_birth": 1991
  }
}

This causes 4me to store the payroll_id and year_of_birth field values in the custom fields of the SCIM user records in 4me.  The SCIM user automation rules can be extended to pass these field values to the corresponding person records.  These rules can be maintained by administrators in the ‘Automation Rules’ section of the Settings console.

More information about the custom fields extension for SCIM users can be found in the 4me Developer Documentation.