SCIM provisioning overview¶
Lightrun user provisioning using the System for Cross-Domain Identity Management (SCIM) protocol allows you to automatically manage and communicate user data and permissions between identity providers (IdP) like Okta or Azure AD and a service provider like Lightrun. Lightrun supports Cross-domain Identity Management (SCIM 2.0) SCIM provisioning allows Admins to manage users directly from an IdP, removing the need to manage users in both locations in parallel.
Guidelines for managing users using SCIM provisioning¶
The following rules and guidelines apply for managing users using SCIM:
- Only one IdM should be integrated with our SCIM.
- When you create users in SCIM, the users are displayed as read-only in the User Management tab in the Lightrun Portal.
- You cannot remove SCIM managed users from the Management Portal.
- By default, the SCIM users are added to the default Agent Pool and receive user-role permissions.
- You can assign users to different agent pools and they will inherit the roles assigned to the assigned agent pool.
- Existing Lightrun users can be migrated to SCIM by selecting the Provision existing users with SCIM toggle in the SCIM page.
Provisioning existing Lightrun users with SCIM¶
Lightrun supports provisioning existing users through SCIM. This means you can shift the responsibility of managing your current Lightrun users to a chosen identity provider. However, it's important to ensure that these Lightrun users have been premanaged through SCIM before initiating the migration process.
- Log in to your Lightrun account.
- In the Organization Settings, click SCIM. The SCIM window opens.
- Click Provision existing users with SCIM toggle.
- Click Save. The Lightrun users are now managed from your SCIM and disabled in the Lightrun Management Portal.
Set up provisioning¶
Your SCIM provisioning setup will vary depending on the identity provider you use.
We support setting up SCIM with the following IdPs: