Skip to content

SCIM provisioning using Ping Identity

Permissions

The Lightrun SCIM feature is only available to users on our Enterprise plan; please contact our Support team for more information.

From version 1.43, Lightrun supports using the open standard System for Cross-domain Identity Management (SCIM 2.0) to: Grant users in your company seamless access to the Lightrun Application using their OAuth2 credentials. Add, remove, and assign your users in your organization.

For more information, see SCIM provisioning Overview.

Prerequisites

  • Enable SSO in the Identity Configuration page located under the Identity and Access Management tab. For more information, see Configure SAML SSO with Ping Identity for your organization.

Set up SCIM in Lightrun

  1. Log in to your Lightrun account.
  2. Navigate to Identity and Access Management > Identity Configuration > Provisioning.
  3. To enable SCIM, click the SCIM toggle.

  4. Select OAuth2 as your authentication method.

    scim Oauth

    The OAuth related fields are automatically populated with the required information to be copied to your Oauth system.

  5. Click Copy for each of the following fields to be pasted in the Provisioning settings in Ping Identity.

    • Access token endpoint to Oauth Token Request.
    • Authorization endpoint to Authorization Endpoint.
    • ClientId to Oauth Client ID.
    • ClientSecret to Oauth Client Secret.
    • URL from the SCIM API endpoint to SCIM BASE URL.
  6. Select the Provision existing users check box to shift the responsibility of managing your current Lightrun users to a chosen identity provider. However, it's important to ensure that these Lightrun users have been premanaged through SCIM before initiating the migration process. For more information, see Provisioning Existing Users with SCIM.
  7. Click Save.

Proceed to set up Provisioning in Ping Identity.

Configure the Lightrun-Ping integration in Ping Identity

  1. Sign in to Ping Identity.
  2. In the Administration console, Select Application.
  3. Under Applications, select the application you created for the SSO integration.
  4. Select Provisioning.

  5. Click + (Plus symbol) next to Provisioning to create a new connection.

    SCIM Ping provisioning plus --half

    The Create a New Connection wizard opens.

    SCIM Ping create --half

  6. Paste the URL from the SCIM API endpoint in the SCIM BASE URL field.

  7. Validate that the Users Resource value is set to /Users and Groups Resource to /Groups.

    SCIM Ping create2 --half

  8. Set the Authentication Method to OAuth2 Client Credentials.

  9. In the Oauth Token Request field paste the Access token endpoint URL.
  10. In the Oauth Client ID field paste the ClientId value.
  11. In the Oauth Client Secret field paste the ClientSecret value.
  12. Click Test Connection.
  13. Click Next.
  14. In the Activation and Summary page, above the Summary section, turn on the connection.
  15. Click Save.
Last update: October 13, 2024