CloudSSO:Enable or disable SCIM synchronization

Enable SCIM synchronization

You can synchronize users or groups from an external IdP to CloudSSO only after SCIM synchronization is enabled.

You also need to create SCIM credentials for the synchronization. For more information, see Create an SCIM credential.

1. Log on to the CloudSSO console.

2. In the left-side navigation pane, click Settings.

3. On the User Settings tab, in the SCIM-based User Synchronization Configuration section, turn on the SCIM synchronization switch.

After you turn on the switch, you cannot modify or delete the users and groups that are synchronized to CloudSSO by using SCIM. You also cannot add or remove users from the groups that are synchronized to CloudSSO.

Obtain the SCIM endpoint

On the User Settings tab, in the SCIM-based User Synchronization Configuration section, view or copy the SCIM Endpoint. This endpoint is required when you configure SCIM synchronization in an external IdP.

Disable SCIM synchronization

On the User Settings tab, in the SCIM-based User Synchronization Configuration section, turn off the SCIM synchronization switch.

The following list describes the impacts after SCIM synchronization is disabled:

• You cannot synchronize users or groups from an external IdP to CloudSSO.

• You can modify or delete the users or groups that are synchronized to CloudSSO by using SCIM.

  Note

  If you enable SCIM synchronization after it is disabled, the modifications on the synchronized users or groups may be automatically rolled back, and the deleted synchronized users may appear in the CloudSSO console again.