Setup CyberArk as a SCIM Client using the User Provisioning module in Drupal

Overview

User Provisioning allows you to manage all the users at a central user management identity. CyberArk Provisioning service supports SCIM 2.0 protocol for automatic provisioning/de-provisioning. miniOrange User Provisioning and Sync module implement the SCIM endpoints to allow provisioning/de-provisioning of users into the Drupal site as and when any CRUD operation is performed in the central identity i.e. CyberArk.

Playground Schedule a Meeting

Installation Steps

Note: You will require the Premium version of the module to set up Drupal as an SCIM server.

Configuration Steps

Configure Drupal as SCIM Server:

• Head towards the Drupal site and navigate to the User Provisioning tab of the module (/admin/config/people/user_provisioning/provisioning).
• In the Changes from Provider to Drupal (SCIM Server) section, click on the Configure button, as indicated in the screenshot below.

• From Configure Drupal as a SCIM server copy the SCIM Base URL and SCIM Bearer Token and keep it handy.

Automated User Provisioning with CyberArk:

• Login into your CyberArk Admin Console.


Note: You can setup Single Sign-On (SSO) into Drupal as SAML SP with CyberArk as IDP by following the steps given here.

• Go to the Provisioning tab, click Enable Provisioning for this application, and then save your changes.

• To confirm the popup SCIM Provisioning window click on the Yes button.

• Select Live Mode.

• Paste the SCIM Base URL copied from the Drupal SCIM User Provisioning module under the SCIM Service URL text field.

• Select the Authorization Type. There are two types of Authorization:


Note: The Authorization Type determines what information is required and where to find the information.

1. OAuth 2.0 (for more information check here).
   • Authorize URL: Copy and paste Authorize url from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
   • Access Token URL: Copy and paste the Authorize URL from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
   • Client ID: Copy and paste Client ID from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
   • Client Secret: Copy and paste Client Secret from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module
   • Scope: Copy and paste Scope from the Configure OAuth tab in the Drupal OAuth/OpenId connect client module



2. Authorization Header
   • In the Authorization Header, Select Header Type as Bearer Token.
   
   
   
   • Paste the SCIM Bearer Token copied from the Drupal SCIM User Provisioning module under the Bearer Token text field.
   • Click on the Verify and Save button to save your SCIM Provisioning information.
   
   
   

Congratulations, you have successfully set up Drupal as the SCIM server and CyberArk as the SCIM client.

If the Provision was not successful, please contact us at drupalsupport@xecurify.com. Please send the screenshot of the error window, and we will assist you in resolving the issue and guiding you through the setup.

Related Articles

• Deprovisioning
• Import/Export users
• Map User Attributes from IdP to the Drupal user fields
• Map User Roles from IdP to corresponding users on drupal
• Group Provisioning

24/7 Support

The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.

 Contact us

Case Studies

miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions.

 Read more

Other Solutions

Feel free to explore other Drupal solutions that we offer the popular solutions used by our trusted customers include 2FA, User Provisioning, Website Security.

 Know More