Search Results :

×

Setup User Provisioning (SCIM) into Drupal with CyberArk


User Provisioning allows you to manage all the users at a central user management identity. CyberArk Provisioning service supports SCIM 2.0 protocol for automatic provisioning/de-provisioning. miniOrange User Provisioning and Sync module implement the SCIM endpoints to allow provisioning/de-provisioning of users into the Drupal site as and when any CRUD operation is performed in the central identity i.e. CyberArk.

Installation Steps


  • Download the module:
    composer require 'drupal/user_provisioning'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange User Provisioning using the search box.
  • Enable the module by checking the checkbox and click on Install button.
  • Configure the module at
    {BaseURL}/admin/config/people/user_provisioning/overview
  • Install the module:
    drush en user_provisioning
  • Clear the cache:
     drush cr
  • Configure the module at
    {BaseURL}/admin/config/people/user_provisioning/overview
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal User Provisioning and Sync module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on Install button.
  • Configure the module at
    {BaseURL}/admin/config/people/user_provisioning/overview

Configure Drupal as SCIM Server

Note: You will require the Premium version of the module to set up Drupal as an SCIM server.

  • Head towards the Drupal site and navigate to the User Provisioning tab of the module (/admin/config/people/user_provisioning/provisioning).
  • In the Changes from Provider to Drupal (SCIM Server) section, click on the Configure button, as indicated in the screenshot below.
  • Azure-AD-click-on-configure-button
  • From Configure Drupal as a SCIM server copy the SCIM Base URL and SCIM Bearer Token and keep it handy.
  • Drupal User Provisioning and Sync - Copy the SCIM Base URL and SCIM Bearer Token

Automated User Provisioning with CyberArk

  • Login into your CyberArk Admin Console.
  • Note: You can setup Single Sign-On (SSO) into Drupal as SAML SP with CyberArk as IDP by following the steps given here.

  • Go to the Provisioning tab, click Enable Provisioning for this application, and then save your changes.
  • cyberark cross domain provisioning (scim) - select provisioning
  • To confirm the popup SCIM Provisioning window click on the Yes button.
  • cyberark cross domain provisioning (scim) - ensure your application support scim and click yes in scim provisioning window
  • Select Live Mode.
  • cyberark cross domain provisioning (scim) - select preview and live mode
  • Paste the SCIM Base URL copied from the Drupal SCIM User Provisioning module under the SCIM Service URL text field.
  • cyberark cross domain provisioning (scim) - enter scim service url
  • Select the Authorization Type. There are two types of Authorization:
  • Note: The Authorization Type determines what information is required and where to find the information.

    cyberark cross domain provisioning (scim) - enter authorization type
    OAuth 2.0 This Authorization Type uses a workflow to authorize access. The Authorization Header directly provides credentials.
    Authorization Header Required choosing a header type
    1. OAuth 2.0 (for more information check here).
      • Authorize URL: Copy and paste Authorize url from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
      • Access Token URL: Copy and paste the Authorize URL from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
      • Client ID: Copy and paste Client ID from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
      • Client Secret: Copy and paste Client Secret from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
      • Scope: Copy and paste Scope from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
    2. cyberark cross domain provisioning (scim) - enter oauth 2.0
    3. Authorization Header
      • In the Authorization Header, Select Header Type as Bearer Token.
      • cyberark cross domain provisioning (scim) - enter oauth 2.0
      • Paste the SCIM Bearer Token copied from the Drupal SCIM User Provisioning module under the Bearer Token text field.
      • Click on the Verify and Save button to save your SCIM Provisioning information.
      • cyberark cross domain provisioning (scim) - enter oauth 2.0

Congratulations, you have successfully set up Drupal as the SCIM server and CyberArk as the SCIM client.

If the Provision was not successful, please contact us at drupalsupport@xecurify.com. Please send the screenshot of the error window, and we will assist you in resolving the issue and guiding you through the setup.

Additional Features:

 Case Studies
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using this link.
 Other Solutions
Feel free to explore other Drupal solutions that we offer here. The popular solutions used by our trusted customers include 2FA, SSO, Website Security. 
  24*7 Active Support
The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com