Setup Guide to configure Automatic User Provisioning ( SCIM ) into Drupal with CyberArk

Setup Guide to configure Automatic User Provisioning ( SCIM ) into Drupal with CyberArk


The System for Cross-domain Identity Management (SCIM) is an open standard HTTP based protocol for automating the exchange of user identity information between identity domains, or IT systems. SCIM aims to simplify user provisioning and management in the cloud. For example, as an Identity Provider add, update and delete the user, they are added, updated and removed from the Drupal User Profile. To achieve this functionality CyberArk provides the User Provisioner with SCIM standard.

If your users are using both CyberArk and Drupal website, it is preferred to have all users updated in Drupal site without login each time to update user list. miniOrange provides a solution which allows user provisioning into Drupal website using SCIM standard.

miniOrange provides a solution by introducing a Drupal module to support CyberArk User Provisioning and allows user to access your website by using their CyberArk account credential to login into Drupal. SCIM User Provisioner module also allows provisioning with custom Providers. SCIM User Provisioner module works with any IDP that conforms to the SCIM standard.



Pre-requisite: Download and Installation 


  • For Window:
    composer require drupal/user_provisioning
  • For Linux:
    composer require 'drupal/user_provisioning'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange User Provisioning using the search box.
  • Enable the module by checking the checkbox and click on Install button.
  • Configure the module at
    {BaseURL}/admin/config/people/user_provisioning/overview
  • Download the module:
    drush dl user_provisioning
  • Install the module:
    drush en user_provisioning
  • Clear the cache:
     drush cr
  • Configure the module at
    {BaseURL}/admin/config/people/user_provisioning/overview
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal User Provisioning and Sync module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on Install button.
  • Configure the module at
    {BaseURL}/admin/config/people/user_provisioning/overview

Steps to configure Automatic User Provisioning with CyberArk as SCIM Client and Drupal as SCIM Server

1. Configure Drupal as SCIM Server

  • Navigate to the SCIM Configuration tab to find the SCIM Base URL and SCIM Bearer Token, which you will keep handy.
  • Drupal User Provisioning and Sync - Copy the SCIM Base URL and SCIM Bearer Token

Note: These information are required to configure your application CyberArk as IDP.

2. Automated User Provisioning with CyberArk

  • Login into your CyberArk Admin Console.
  • cyberark cross domain provisioning (scim) - login into your admin credential

    Note: You can setup Single Sign-On (SSO) into Drupal as SAML SP with CyberArk as IDP by following the steps give here.

  • Click on the Provisioning tab.
  • Select Enable provisioning for this application then click on Save.
  • cyberark cross domain provisioning (scim) - select provisioning
  • Open a popup SCIM Provisioning window then click on Yes button.
  • cyberark cross domain provisioning (scim) - ensure your application support scim and click yes in scim provisioning window
  • Select Preview and Live Mode.
  • cyberark cross domain provisioning (scim) - select preview and live mode
  • Enter SCIM Base URL in the SCIM Service URL text field.
  • cyberark cross domain provisioning (scim) - enter scim service url
  • Select Authorization Type.
  • Note: The Authorization Type determines what information is required and where to find the information.

    cyberark cross domain provisioning (scim) - enter authorization type
    OAuth 2.0 This Authorization Type uses a workflow to authorize access. The Authorization Header directly provides credentials.
    Authorization Header Required choosing a header type
  • In Authorization Type fill all the reuired information:
    • If you choose OAuth 2.0 required infromation from here.

      • Authorize URL: Copy and paste Authorize url from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
      • Access Token URL: Copy and paste Authorize url from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
      • Client ID: Copy and paste Client ID from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
      • Client Secret: Copy and paste Client Secret from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
      • Scope: Copy and paste Scope from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
    cyberark cross domain provisioning (scim) - enter oauth 2.0
    • Authorization Header
      • If you select Authorization Header require you to choose Header Type.
      • Select Bearer Token if your app requires the header in the format: Bearer .
      • Select Basic if your app requires authentication in the format: HTTP BASIC.
      • Select Direct if your app uses some other format.
    cyberark cross domain provisioning (scim) - enter oauth 2.0
  • Select Bearer Token.
  • Copy SCIM Bearer Token from the SCIM Configuration tab and paste the Bearer Token text field.
  • Click on Verify and Save button to save your SCIM Provisioning information.
  • cyberark cross domain provisioning (scim) - enter oauth 2.0

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal SCIM User Provisioning module.

Additional Resources

Our Other modules

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com