17.5 Configuring OpenText Core Identity Lifecycle Manager for the SCIM streaming service

Before you start your configurations, ensure that your SCIM server supports:

  • SCIM 2.0 and handles user and group provisioning operations, including create, update, and delete actions

  • Service account-based authentication for Client ID and Client Secret

To install and configure the SCIM driver:

  1. Log in to the OpenText Core Identity Lifecycle Manager administration console with your admin credentials.

  2. Create a new SCIM driver.

    1. Navigate to the Driver Management section.

    2. Select Driver Configuration.

    3. Click the + sign and search for SCIM.

    4. Expand Tools and click the + sign next to SCIM-Driver for SCIM.

    5. Select the following:

      • In Select Driver Base Configuration, select SCIM Base ILM and download the missing packages, then click Next.

      • In Select Mandatory Features, select SCIM Default Package and download missing packages, then click Next.

      • In Select Optional Features, select only the package names that are required for OpenText Core Identity Lifecycle Manager and OpenText Identity Governance Integration, such as SCIM JSON Package, SCIM ILM IG Integration, and SCIM Default Filter Mapping ILM. Download the missing packages, then click Next.

    6. In Required Package Dependencies, click Next.

    7. In Driver Information, specify the driver name, then click Next.

    8. In Driver Configuration, select Connection > Remote Loader, then click Next.

    9. Set Publisher Options, set Enable Publisher channel to No, then click Next.

  3. Configure connection parameters.

    1. Select Configuration from the left panel.

    2. Set Authentication Method to OAuth2.0.

    3. Select Bearer for OAuth2.0 Token Management.

    4. In the Access Token URL field, specify the access token URL from OpenText Identity Governance.

    5. In the Query Options area:

      1. Type the name as grant_type and value as client_credentials.

      2. Type the name as client_ID and value as the service account client ID.

      3. Delete the issuer.

    6. In the Secret Query Options area:

      1. Type the name as client_secret and the value as the service account client secret.

      2. Delete the refresh token.

    7. In the Header Fields area type:

      1. Name as Accept and value as application/JSON.

      2. Name as Content-Type and value as application/x-www-form-urlencoded.

    8. In the Application Truststore File field:

      1. (Conditional) If OpenText Identity Governance uses https, specify the location of the OpenText Core Identity Lifecycle Manager server where the OpenText Identity Governance CA certificates are mounted.

      2. (Conditional) If OpenText Identity Governance uses http, keep the field blank.

    9. In Schema Settings, select 2.0 as the Schema Options. Type the SCIM Endpoint URL of the OpenText Identity Governance server and the unique identifier. Use the following format:

      https://igurl/api/scim/UNIQUE_IDENTITY_SOURCE_ID

  4. Start the driver.

    1. Wait for the SCIM driver to be installed. Then start the driver and wait for the remote loader to start.

  5. Provision users and groups.

    1. Log in to OpenText Core Identity Lifecycle Managerr, then navigate to Administration > Users.

    2. Add a new user.

    3. To add groups, navigate to Administration > Groups.

    4. Add a new group.

To validate whether users and groups are provisioned, log in to OpenText Identity Governance and navigate to Catalog > Identities or Groups.