SCIM (System for Cross-domain Identity Management) is a standard that can be used to connect externally managed user data to a system. It is possible to set up this standard for the SoSafe Manager and automate the initial creation of user data (first name, last name, email address, gender and user group) and its continuous updating in our database. This means that name changes, new hires or company departures which are updated in the Azure Active Directory are also automatically updated accordingly in the SoSafe database. This eliminates the need for manual user data maintenance.
The use of the SCIM standard is bound to certain technical requirements and is subject to certain limitations.
Technical requirements and limitations:
- The SCIM connection to the SoSafe Manager only supports data transfers from the Microsoft Azure AD, no on-premise Active Directories are supported.
- The SCIM connection only supports the connection of one Azure tenant. All user data to be transferred must be managed by the customer in one Azure tenant. The connection to multiple tenants is not supported.
- If a SCIM connection to the SoSafe Manager is established, the user administration is carried out exclusively via the Azure AD on the customer side; it is not possible to additionally import users into the SoSafe database via Excel or CSV imports.
To ensure a fast connection, please ensure the following:
- For optimal use of our service, please think about the assignment to user groups (Azure security groups or grouping via a specific attribute, for example "departments") at an early stage.
- When using more than one language, please make sure that the attribute "preferredLanguage" is maintained
To maximise the quality of the phishing simulation, we recommend including the user characteristics gender and possibly academic degree in the data transfer. This information is not standard Azure AD data, but can be created and transferred via an extension attribute. We recommend that you update this information if it has not yet been created in your AD. In principle, however, the simulation also works without this information. More detailed information on how the various categories of user data are used in the simulation can be found in our GDPR contract.
At the moment we only support SCIM connection via Azure AD and Okta AD. We do not support Shibboleth, ADFS or Multi ADs.