The System for Cross-domain Identity Management (SCIM) is an open standard HTTP based protocol for automating the exchange of user identity information between identity domains, or IT systems. SCIM aims to simplify user provisioning and management in the cloud. For example, as an Identity Provider add, update and delete the user, they are added, updated and removed from the Drupal User Profile. To achieve this functionality CyberArk provides the User Provisioner with SCIM standard.

If your users are using both CyberArk and Drupal website, it is preferred to have all users updated in Drupal site without login each time to update user list. miniOrange provides a solution which allows user provisioning into Drupal website using SCIM standard.

miniOrange provides a solution by introducing a Drupal module to support CyberArk User Provisioning and allows user to access your website by using their CyberArk account credential to login into Drupal. SCIM User Provisioner module also allows provisioning with custom Providers. SCIM User Provisioner module works with any IDP that conforms to the SCIM standard.

Steps to configure Automatic User Provisioning with CyberArk as SCIM Client and Drupal as SCIM Server

1. Configure Drupal as SCIM Server

• Navigate to the SCIM Configuration tab to find the SCIM Base URL and SCIM Bearer Token, which you will keep handy.

Note: These information are required to configure your application CyberArk as IDP.

2. Automated User Provisioning with CyberArk

• Login into your CyberArk Admin Console.


Note: You can setup Single Sign-On (SSO) into Drupal as SAML SP with CyberArk as IDP by following the steps give here.

• Click on the Provisioning tab.
• Select Enable provisioning for this application then click on Save.

• Open a popup SCIM Provisioning window then click on Yes button.

• Select Preview and Live Mode.

• Enter SCIM Base URL in the SCIM Service URL text field.

• Select Authorization Type.

Note: The Authorization Type determines what information is required and where to find the information.



OAuth 2.0	This Authorization Type uses a workflow to authorize access. The Authorization Header directly provides credentials.
Authorization Header	Required choosing a header type

• In Authorization Type fill all the reuired information:

If you choose OAuth 2.0 required infromation from here.

• Authorize URL: Copy and paste Authorize url from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
• Access Token URL: Copy and paste Authorize url from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
• Client ID: Copy and paste Client ID from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
• Client Secret: Copy and paste Client Secret from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
• Scope: Copy and paste Scope from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module

• Authorization Header
• If you select Authorization Header require you to choose Header Type.
• Select Bearer Token if your app requires the header in the format: Bearer .
• Select Basic if your app requires authentication in the format: HTTP BASIC.
• Select Direct if your app uses some other format.

• Select Bearer Token.
• Copy SCIM Bearer Token from the SCIM Configuration tab and paste the Bearer Token text field.
• Click on Verify and Save button to save your SCIM Provisioning information.

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal SCIM User Provisioning module.

Additional Resources

• What is SCIM User Provisioning?

Our Other modules