Search Results :

×

Setup User Provisioning (SCIM) into Drupal with AWS

Setup User Provisioning (SCIM) into Drupal with AWS

Syncing user information across the applications that use Drupal as central Identity Provider is necessary. miniOrange User Provisioning and Sync module ensures that any changes in the user fields/roles are reflected to the connected AWS application in accordance with the SCIM protocol. This setup guide will walk you through the steps to configure manual, automatic, or scheduler-based provisioning with AWS. It is compatible with Drupal 9, and Drupal 10.

Installation Steps


  • Download the module: 
    composer require 'drupal/user_provisioning'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange User Provisioning using the search box.
  • Enable the module by checking the checkbox and click on Install button.
  • Configure the module at 
    {BaseURL}/admin/config/people/user_provisioning/overview
  • Install the module: 
    drush en user_provisioning
  • Clear the cache:
     drush cr
  • Configure the module at 
    {BaseURL}/admin/config/people/user_provisioning/overview
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal User Provisioning and Sync module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on Install button.
  • Configure the module at 
    {BaseURL}/admin/config/people/user_provisioning/overview

Steps to configure Drupal as SCIM Client:

  • Once the module is installed, navigate to the Configuration tab of the Drupal site and select miniOrange User Provisioning.
  • Navigate to the User Provisioning tab of the module and click on the Configure button under the Changes from Drupal to Provider (SCIM Client) section.
    • AWS-SCIM-Server-Click-Configure-Drupal-to-Provider
  • Enable the Enable SCIM Client API Integration checkbox.
    • AWS-SCIM-Server-Enable-Checkbox

Configure AWS as SCIM Server:

  • Log into the AWS Admin console.
  • Search for IAM in the search bar and click on the IAM Identity Center (successor to AWS Single Sign-On).
    • AWS-SCIM-Server-Search-IAM
  • Navigate to the Setting tab from the left navigation panel.
    • AWS-SCIM-Server-Navigate-to-Settings-AWS
  • Under the Actions dropdown, click on Manage Provisioning.
    • AWS-SCIM-Server-Click-Manage-Provisioning
  • Copy the SCIM Base URL
    • AWS-SCIM-Server-Copy-SCIM-Base-URL
  • Navigate to the Drupal site and paste the copied SCIM Base URL under the SCIM Base URL text field.
    • AWS-SCIM-Server-Paste-SCIM-Base-URL
  • Navigate to the AWS console and click on the Generate Token button.
    • AWS-SCIM-Server-Click-Generate-Token
  • Copy the generated Access token.
    • AWS-SCIM-Server-Copy-SCIM-Server
  • Navigate to the Drupal site and paste the copied Access token under the SCIM Bearer Token text field.
    • AWS-SCIM-Server-Paste-SCIM-Bearer-Token
  • Click on the Save and Test Credentials button.
    • AWS-SCIM-Server-Click-Save-Test-Configuration
  • Once the test is successful, the following success message will be shown on the screen.
    • AWS-SCIM-Server-Configurations-Success.webp

Attribute Mapping:

  • Once done with the configuration, scroll down to the Attribute Mapping section.
    • AWS-SCIM-Server-Scroll-to-attribute-mapping-section
  • From the Drupal User Attribute dropdown, select the user attribute to map with the SCIM Provider Attribute.
    • AWS-SCIM-Server-Congifure-Attribute-Mapping
  • Click on the Next Step button.
    • SCIM-Server-Attribute-Mapping-Click-Next-Step

How Provisioning Works?

The module supports 3 types of provisioning:

  1. Manual/On-Demand Provisioning
  2. Automatic Provisioning
  3. Scheduler-based Provisioning.
  • Choose your preferred provisioning option.
    • SCIM-Server-three-types-of-Provisioning

In Manual/On-Demand Provisioning, the user is manually provisioned from the Drupal site to the AWS application..

Configure Manual/On-Demand Provisioning

  • Enable the Manual/On-Demand Provisioning and select the Provisioning operations (i.e. create, update, deactivate, delete) as per your requirements and click on the All Done button.
    • SCIM-Server-Manual-Provisioning-Select-Operations

How Manual/On-Demand Provisioning Works?

  • Click on the Perform Manual Sync button under the Manual Provisioning column.
    • Drupal-SCIM-Server-Click-Perform-Manual-Provisioning
  • Search for the user you want to provision to the Drupal Server site and click on the Submit button.
    • drupal-SCIM-Server-Select-User-to-Provision
  • Once the user is successfully provisioned to the application, a success message is displayed.
    • SCIM-Server-User-Provisioned-Success
  • The status of the user in the AWS application can also be checked by navigating to the Users tab in the left navigation panel of the AWS console.
    • AWS-SCIM-Server-Manual-User-Provisioned

In Automatic Provisioning whenever any CRUD operation(s) is performed on the user in the Drupal site, the same CRUD operation(s) is automatically performed on the user in the AWS Application at the same time (on the fly).

Configure Automatic Provisioning

  • Enable the Automatic Provisioning and select the Provisioning operations (i.e. create, update, deactivate, delete users ) as per your requirements and click on the All Done button.
    • SCIM-Server-Automatic-Provisioning-Select-Operations

How Automatic Provisioning Works?

1.By Admin Account:

  • Navigate to the People tab (admin/people) in the top navigation bar of the Drupal Client site and click on the +Add user button.
    • Drupal-SCIM-Server-Click-Add-User-Drupal
  • Fill in the user details and click on the Create new account button.
    • drupal-SCIM-Server-User-Information
  • The status of the user can be checked in the AWS application by navigating to the Users tab.
    • AWS-SCIM-Server-User-Provisioned-Success-Admin-Account

2. By registering a new user from the login register window:

  • Navigate to the create user window {Base URL}/user/register.
  • Enter the user information and click on the Create new account button.
    • AWS-SCIM-Server-Create-New-Account
  • The status of the user can be checked in the AWS application by navigating to the Users tab.
    • AWS-SCIM-Server-User-Provisioned-Success-Create-User-Account

You can see the user has been successfully provisioned to the Drupal Server site.

Congratulations, you have successfully set up AWS as the SCIM Server and Drupal as the SCIM Client.

If the Provision was not successful, please contact us at drupalsupport@xecurify.com. Please send the screenshot of the error window, and we will assist you in resolving the issue and guiding you through the setup.

 Case Studies
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using this link.
Read more
 Other Solutions
Feel free to explore other Drupal solutions that we offer here. The popular solutions used by our trusted customers include 2FA, SSO, Website Security. 
Know more
  24*7 Active Support
The Drupal developers at miniOrange offer quick and active support for your queries. We can assist you from choosing the best solution for your use case to deploying and maintaining the solution.
Contact us
Trending searches:
Hello there!

Need Help? We are right here!
support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com