Tech With Htunn
  • Blog Content
  • DevSecOps
    • understanding devsecops
    • shift left in devsecops
    • what is the different between SAST and DAST in devsecops?
    • what is software composition analysis (SCA)?
    • what is Software Bill of Materials (SBOM)?
    • dependency scanning in devsecops
    • what is continuous integration in devops?
    • what is continuous delivery and deployment in devops?
    • understanding containerization
    • container scanning in devsecops
  • Data Engineering
    • what is data engineering?
    • Medallion Architecture in Data Engineering
    • understanding DataOps?
    • Difference between ETL and ELT pipeline in Data Engineering
  • IAM
    • what is Identity and Access Management?
    • understanding microsoft graph api
    • what is SCIM in IAM?
    • Different between sp and idp initiated flow in saml?
    • what is the difference between OAuth-2.0 and OIDC?
    • Understanding PKCE in OAuth-2.0?
    • what is SCIM Streaming?
    • what is the meaning of Identity broker?
  • Cloud Architect
    • what is cloud archiect?
    • Understanding even-driven architecture?
    • what is cloud native architecture?
    • what is cloud native application?
    • Understanding web application firewall?
  • SRE
    • what is SRE?
    • Meaning of toil in SRE?
    • what is error budget in SRE?
    • Difference between SLA, SLO and SLI in SRE
    • Understanding MTTR in SRE?
Powered by GitBook
On this page
  1. IAM

what is SCIM Streaming?

PreviousUnderstanding PKCE in OAuth-2.0?Nextwhat is the meaning of Identity broker?

Last updated 4 months ago

SCIM (System for Cross-domain Identity Management) streaming is a modern approach to user provisioning that leverages real-time message subscription capabilities. Instead of traditional batch processing, SCIM streaming allows clients to subscribe to real-time messages, enabling dynamic and automated provisioning.

Example Setup

Let’s walk through an example where we set up a SCIM endpoint using Node.js with Express and MongoDB, and use Microsoft Entra as the SCIM client.

1. Setting Up the SCIM Endpoint

First, we’ll create a basic SCIM endpoint using Node.js and Express.

Step 1: Initialize the Project

mkdir scim-endpoint
cd scim-endpoint
npm init -y
npm install express mongoose body-parser

Step 2: Create the Server Create a file named server.js:

JavaScript

const express = require('express');
const mongoose = require('mongoose');
const bodyParser = require('body-parser');

const app = express();
app.use(bodyParser.json());

mongoose.connect('mongodb://localhost:27017/scim', { useNewUrlParser: true, useUnifiedTopology: true });

const UserSchema = new mongoose.Schema({
  userName: String,
  displayName: String,
  emails: [{ value: String, primary: Boolean }]
});

const User = mongoose.model('User', UserSchema);

app.post('/scim/v2/Users', async (req, res) => {
  const user = new User(req.body);
  await user.save();
  res.status(201).send(user);
});

app.get('/scim/v2/Users/:id', async (req, res) => {
  const user = await User.findById(req.params.id);
  if (user) {
    res.send(user);
  } else {
    res.status(404).send({ message: 'User not found' });
  }
});

app.listen(3000, () => {
  console.log('SCIM endpoint listening on port 3000');
});

2. Configuring Microsoft Entra

In Microsoft Entra, you’ll configure the SCIM client to communicate with your SCIM endpoint.

Step 1: Register the Application

  • Go to the Azure portal and register a new application.

  • Note the client ID and tenant ID.

Step 2: Configure SCIM Provisioning

  • In the Azure portal, navigate to the Enterprise applications section.

  • Select your application and go to the Provisioning tab.

  • Set the Provisioning mode to Automatic.

  • Enter the SCIM endpoint URL (e.g., http://your-server-url/scim/v2).

  • Provide the necessary authentication details (e.g., OAuth bearer token).

3. Testing the Setup

Once everything is configured, you can test the provisioning by adding a user in Microsoft Entra. The SCIM client will send a request to your SCIM endpoint, which will then create the user in your MongoDB database.

Benefits of SCIM Streaming

  • Real-time Updates: Changes are propagated immediately, ensuring that user data is always up to date.

  • Scalability: Efficiently handles large volumes of provisioning requests.

  • Flexibility: Supports various deployment environments, including cloud, on-premises, and edge computing.

This setup provides a robust and scalable solution for user provisioning, leveraging the power of SCIM streaming to ensure efficient and real-time updates across your systems.