OIPA SCIM Synchronization
OIPA also supports a scheduled SCIM sync when SSO is enabled.
Configure the cron expression in PAS.properties:
scim.schedule.time=0 30 0 * * *
Default Behavior
-
The scheduled job runs daily at 12:30 AM local time.
-
The implementation uses the client_credentials grant to obtain an access token.
-
The implementation calls oidc.scimUri.
-
The implementation reads SCIM Resources.
-
The implementation creates active users that do not exist.
-
The implementation updates user active and inactive statuses.
-
The implementation adds, reactivates, or dates out security group memberships.
SCIM-to-OIPA Attribute Mapping
| SCIM Attribute | OIPA Mapping |
|---|---|
| active | OIPA user status |
| groups | OIPA security group names |
| name.familyName | Last name |
| name.givenName | First name |
| Primary email | |
| userName | OIPA client number |
