About SCIM
Important
This Private Preview release of SCIM functionality supports Microsoft Entra and Okta as an identity provider. If you would like access to this feature, please contact your Customer Success Director.
Important
This feature is available only in private and single-tenant installations.
SCIM (System for Cross-domain Identity Management) makes user management automatic, ensuring the users in your enterprise always have the right access at the right time, by syncing user details and group membership between your identity provider and data.world. From onboarding to offboarding, every detail – job title, email, and permissions – stays perfectly synced. Why does this matter? Because separate data entry and manual errors can lead to security risks, manual effort, and frustration. With SCIM, you’re not just saving time; you're enhancing security and efficiency, protecting your business, and making sure nothing slips through the cracks. It’s peace of mind, effortlessly.
Using SCIM (System for Cross-domain Identity Management) in conjunction with SSO (Single Sign-On) can provide a powerful combination for managing user identities and streamlining access across multiple services. Here are some key reasons to use SCIM.
Use case | Description | data.world specific details |
---|---|---|
Automated User Provisioning and De-provisioning | Automatically create, update, and deactivate user accounts in applications based on changes in the identity provider (IdP). This reduces manual intervention and ensures that user data is always up-to-date which enhances the security of your system. Combined with SSO, you can ensure that only active users can access single sign-on services, and former employees or users are promptly removed from all applications. | Streamlines user management by syncing with Microsoft Entra/Okta, reducing manual intervention. |
Group Management | Sync group memberships to ensure users have the correct access levels in various applications. | IdP groups are mapped to data.world Teams. |
User On-boarding and Off-boarding | Automatically provision new users and de-provision departing users, ensuring timely access and revocation. | Ensures new employees have immediate access to necessary resources, and access is promptly revoked upon departure. |
Compliance and Security | Maintain up-to-date and consistent user information across systems, ensuring compliance with security policies and regulations. | Helps comply with data security standards by keeping user data synchronized and up-to-date. |
Just-in-Time Provisioning | Create user accounts in applications at the time of first login if they don't already exist, based on IdP data. | Facilitates immediate access for new users without manual account creation. |
Attribute Synchronization | Synchronize custom attributes and metadata from IdP to applications, ensuring rich user profiles are maintained across systems. | Supports synchronization of custom user attributes defined in AD to data.world user profiles. |
Service Account Management | Ensure service accounts are correctly managed and maintained separately from regular user accounts, with no disruption to service. | Service accounts remain managed via settings in the data.world UI, unaffected by SCIM user and group synchronization. |
User Profile Updates | SCIM ensures that user attributes are synchronized across different systems, providing consistent identity information across all applications. | Updates in user profile information in AD are automatically reflected in data.world. |
Group-Based Access Control | Assign and manage access permissions based on group memberships defined in the IdP. | Group based access control is done by assigning a Team to a certain level of permissions within an Organization and we keep that up to date. |
In summary, combining SCIM with SSO enhances efficiency, security, and user experience by automating identity management and streamlining access. It ensures that user data is consistent across all applications and that only authorized users can access critical systems, all while reducing administrative burdens and improving compliance.
Process for setting up SCIM
First, make sure you have SSO enabled with Microsoft Entra or Okta.
Enable SCIM in data.world.
If you are using Microfoft Entra, configure SCIM in Microsoft Entra and provision user groups in Microsoft Entra.
If you are using Okta, Configure SCIM in Okta and provision user groups in Okta.
User groups get added as teams in data.world. Add the teams to the catalog organizations they need access to. After that user permissions management works like regular system.
To remove access to a user group to data.world, simply deprovision them from Microsoft Entra/Okta. The corresponding team is deleted from data.world.