SCIM (System for Cross-domain Identity Management) is a standard that can be used to connect externally managed user data to a system. It is possible to set up this standard for the SoSafe Manager and automate the initial creation of user data (first name, last name, email address, gender and user group) and continuously update them in our database. This means that name changes, new hires or company departures that are updated in the Azure Active Directory are also automatically updated accordingly in the SoSafe database. This eliminates the need for manual user data maintenance.
The use of the SCIM standard is bound to certain technical requirements and is subject to certain limitations.
Technical requirements and limitations:
- The SCIM connection to the SoSafe Manager only supports data transfers from the Microsoft Azure AD, no on-premise Active Directories are supported.
- The SCIM connection only supports the connection of one Azure tenant. All user data to be transferred must be managed by the customer in one Azure tenant. The connection to multiple tenants is not supported.
- If a SCIM connection to the SoSafe Manager is established, the user administration is carried out exclusively via the Azure AD on the customer side; it is not possible to additionally import users into the SoSafe database via Excel or CSV imports.
- Currently, only personal email addresses/individual addresses can be supported. The use of collective addresses cannot be supported.
- Provisioning of Azure security groups is only possible with an "Azure Active Directory Premium P1" license or higher. This means that without this license, users can only be added to the SoSafe application individually.
To ensure a fast connection, please ensure the following:
- For optimal use of our service, please think about the assignment to user groups at an early stage. To populate the user groups, please create your own Azure security groups that will be dynamically populated with the appropriate people. Please note that Microsoft Azure does not support provisioning of nested groups and that no person should be in more than one group.
To maximise the quality of the phishing simulation, we recommend including the user characteristics gender and possibly academic degree in the data transfer. This information is not standard Azure AD data, but can be created and transferred via an extension attribute. We recommend that you update this information if it has not yet been created in your AD. You can fill in the attribute for gender as you like (e.g. "m, w, x" or "man, woman, neither"). Please let us know afterwards which values you have used. In principle, however, the simulation also works without this information. More detailed information on how the various categories of user data are used in the simulation can be found in our Data Processing Agreement.
At the moment we only support SCIM connection via Azure AD and Okta AD. We do not support Shibboleth, ADFS, or Multi ADs.