github/infisical
1
1
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-05-02 03:02:03 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
ENG-4169
infisical/docs/documentation/platform/scim/jumpcloud.mdx

64 lines
3.2 KiB
Plaintext
Raw Permalink Blame History

---
title: "JumpCloud SCIM"
description: "Learn how to configure SCIM provisioning with JumpCloud for Infisical."
---
<Info>
JumpCloud SCIM provisioning is a paid feature.
If you're using Infisical Cloud, then it is available under the **Enterprise Tier**. If you're self-hosting Infisical,
then you should contact sales@infisical.com to purchase an enterprise license to use it.
</Info>
Prerequisites:
- [Configure JumpCloud SAML for Infisical](/documentation/platform/sso/jumpcloud)
<Steps>
<Step title="Create a SCIM token in Infisical">
In Infisical, head to the **Single Sign-On (SSO)** page and select the **Provisioning** tab. Under SCIM Configuration,
press the **Enable SCIM provisioning** toggle to allow JumpCloud to provision/deprovision users and user groups for your organization.
![SCIM enable provisioning](/images/platform/scim/scim-enable-provisioning.png)
Next, press **Manage SCIM Tokens** and then **Create** to generate a SCIM token for JumpCloud.
![SCIM create token](/images/platform/scim/scim-create-token.png)
Next, copy the **SCIM URL** and **New SCIM Token** to use when configuring SCIM in JumpCloud.
![SCIM copy token](/images/platform/scim/scim-copy-token.png)
</Step>
<Step title="Configure SCIM in JumpCloud">
In JumpCloud, head to your Application > Identity Management > Configuration settings and make sure that
**API Type** is set to **SCIM API** and **SCIM Version** is set to **SCIM 2.0**.
![SCIM JumpCloud](/images/platform/scim/jumpcloud/scim-jumpcloud-api-type.png)
Next, set the following SCIM connection fields:
- Base URL: Input the **SCIM URL** from Step 1.
- Token Key: Input the **New SCIM Token** from Step 1.
- Test User Email: Input a test user email to be used by JumpCloud for testing the SCIM connection.
Alos, under HTTP Header > Authorization: Bearer, input the **New SCIM Token** from Step 1.
![SCIM JumpCloud](/images/platform/scim/jumpcloud/scim-jumpcloud-config.png)
Next, press **Test Connection** to check that SCIM is configured properly. Finally, press **Activate**
to have JumpCloud start provisioning/deprovisioning users to Infisical.
![SCIM JumpCloud](/images/platform/scim/jumpcloud/scim-jumpcloud-test-connection.png)
Now JumpCloud can provision/deprovision users and user groups to/from your organization in Infisical.
</Step>
</Steps>
**FAQ**
<AccordionGroup>
<Accordion title="Why do SCIM-provisioned users have to finish setting up their account?">
Infisical's SCIM implmentation accounts for retaining the end-to-end encrypted architecture of Infisical because we decouple the **authentication** and **decryption** steps in the platform.
For this reason, SCIM-provisioned users are initialized but must finish setting up their account when logging in the first time by creating a master encryption/decryption key. With this implementation, IdPs and SCIM providers cannot and will not have access to the decryption key needed to decrypt your secrets.
</Accordion>
</AccordionGroup>
Reference in New Issue View Git Blame Copy Permalink