The System for Cross-domain Identity Management (SCIM) is an open standard HTTP based protocol for automating the exchange of user identity information between identity domains, or IT systems. SCIM aims to simplify user provisioning and management in the cloud. For example, as an Identity Provider add, update and delete the user, they are added, updated and removed from the Drupal User Profile. To achieve this functionality AWS provides the User Provisioner with SCIM standard.

If your users use both the Drupal and AWS websites, it is preferable to have all users updated in the AWS site without having to login each time to update the user list. miniOrange offers a solution that enables user provisioning into AWS websites using the SCIM standard.

miniOrange proposes a solution by introducing a Drupal module that supports AWS User Provisioning and Sync, allowing users to access your website using their Drupal account credentials to login into AWS. The SCIM User Provisioner module also supports provisioning with custom Providers. The SCIM User Provisioner module is compatible with any IDP that follows the SCIM standard.

Steps to configure Drupal as SCIM Client and AWS as SCIM Server

1. Configure AWS as SCIM Server

• Login into the AWS SSO.
• Search AWS SSO in the search box and select IAM Identity Center (Successor to AWS Single Sign On).

• Navigate to Settings. Then Select Manage provisioning under Action dropdown.

• Click on Generate token to get an access token.

• Copy and save the generated access token as it cannot be accessed later.

• You can find the SCIM 2.0 Base URL on the Automatic Provisioning page.

• Keep the Bearer Token and SCIM endpoint URL handy. Now, go to your Drupal site.

2. Configure Drupal as SCIM Client

• Install the User Provisioning module on your Drupal site.
• Navigate to the User Provisioning tab. Select Application as AWS SSO.

• Enter the generated token in SCIM Bearer Token field and SCIM endpoint in SCIM 2.0 Base Url field on your drupal site.

• Check the checkbox to enable user sync. Scroll down and click on Save and Test Configuration.
• Scroll down to the Mapping section. Please note, this section is mandatory if you want to create a user in AWS SSO.
• Select Attribute values from the dropdown for First Name and Last Name.

• Click on Save Configuration.
• You have successfully configured Drupal as SCIM Client and AWS as SCIM server.

• Now, go to the Audits and Logs tab. You can check the performed operation and its status.

3. On-demand/ Manual Provisioning

• This will allow you to manually provision any Drupal user in your AWS SCIM Server application.
• Enter the username of any user that you want to provision, select the user and then click on the Provision button.

• You have successfully Provisioned the user.

• Under the Audits and Logs tab, You can check the performed operation and its status.

• You can confirm at the AWS SCIM Server application that the user has been created.

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal User Provisioning and Sync module.

Our Other modules