Real Time User Provisioning and Sync using AWS as SCIM Server and Drupal as SCIM Client

Real Time User Provisioning and Sync using AWS as SCIM Server and Drupal as SCIM Client


The System for Cross-domain Identity Management (SCIM) is an open standard HTTP based protocol for automating the exchange of user identity information between identity domains, or IT systems. SCIM aims to simplify user provisioning and management in the cloud. For example, as an Identity Provider add, update and delete the user, they are added, updated and removed from the Drupal User Profile. To achieve this functionality AWS provides the User Provisioner with SCIM standard.

If your users use both the Drupal and AWS websites, it is preferable to have all users updated in the AWS site without having to login each time to update the user list. miniOrange offers a solution that enables user provisioning into AWS websites using the SCIM standard.

miniOrange proposes a solution by introducing a Drupal module that supports AWS User Provisioning and Sync, allowing users to access your website using their Drupal account credentials to login into AWS. The SCIM User Provisioner module also supports provisioning with custom Providers. The SCIM User Provisioner module is compatible with any IDP that follows the SCIM standard.



Pre-requisite: Download and Installation 


  • For Window:
    composer require drupal/user_provisioning
  • For Linux:
    composer require 'drupal/user_provisioning'
  • Navigate to Extend menu on your Drupal admin console and search for miniOrange User Provisioning using the search box.
  • Enable the module by checking the checkbox and click on Install button.
  • Configure the module at
    {BaseURL}/admin/config/people/user_provisioning/overview
  • Download the module:
    drush dl user_provisioning
  • Install the module:
    drush en user_provisioning
  • Clear the cache:
     drush cr
  • Configure the module at
    {BaseURL}/admin/config/people/user_provisioning/overview
  • Navigate to Extend menu on your Drupal admin console and click on Install new module button.
  • Install the Drupal User Provisioning and Sync module either by downloading the zip or from the URL of the package (tar/zip).
  • Click on Enable newly added modules.
  • Enable this module by checking the checkbox and click on Install button.
  • Configure the module at
    {BaseURL}/admin/config/people/user_provisioning/overview

Steps to configure Drupal as SCIM Client and AWS as SCIM Server

1. Configure AWS as SCIM Server

  • Login into the AWS SSO.
  • Search AWS SSO in the search box and select IAM Identity Center (Successor to AWS Single Sign On).
  • AWS user provisioning - Search AWS SSO in the search box
  • Navigate to Settings. Then Select Manage provisioning under Action dropdown.
  • AWS user provisioning - Navigate to Settings and select manage provisioning
  • Click on Generate token to get an access token.
  • AWS user provisioning - Click on Generate token to get the access token
  • Copy and save the generated access token as it cannot be accessed later.
  • AWS user provisioning - Copy and Save the generated access token
  • You can find the SCIM 2.0 Base URL on the Automatic Provisioning page.
  • AWS user provisioning - Here you can find the SCIM 2.0 Base URL on the automatic provisioning
  • Keep the Bearer Token and SCIM endpoint URL handy. Now, go to your Drupal site.

2. Configure Drupal as SCIM Client

  • Install the User Provisioning module on your Drupal site.
  • Navigate to the User Provisioning tab. Select Application as AWS SSO.
  • Drupal user provisioning and Sync - Go to user provisioning tab and select aws sso application
  • Enter the generated token in SCIM Bearer Token field and SCIM endpoint in SCIM 2.0 Base Url field on your drupal site.
  • Drupal user provisioning and Sync - Enter the generated token in scim bearer token and scim 2.0 base url text field
  • Check the checkbox to enable user sync. Scroll down and click on Save and Test Configuration.
  • Scroll down to the Mapping section. Please note, this section is mandatory if you want to create a user in AWS SSO.
  • Select Attribute values from the dropdown for First Name and Last Name.
  • Drupal user provisioning and Sync - select attribute value first name last name
  • Click on Save Configuration.
  • You have successfully configured Drupal as SCIM Client and AWS as SCIM server.
  • Drupal user provisioning and Sync - You have successfully configured drupal as client and aws as server
  • Now, go to the Audits and Logs tab. You can check the performed operation and its status.
  • Drupal user provisioning and Sync - navigate to audits and logs tab

3. On-demand/ Manual Provisioning

  • This will allow you to manually provision any Drupal user in your AWS SCIM Server application.
  • Enter the username of any user that you want to provision, select the user and then click on the Provision button.
  • Drupal user provisioning and Sync - here you can performed on demand and manual provisioning
  • You have successfully Provisioned the user.
  • Drupal user provisioning and Sync - you have successfully provisioned the user
  • Under the Audits and Logs tab, You can check the performed operation and its status.
  • Drupal user provisioning and Sync - under the audits and logs tab, you can check the performed operation and status
  • You can confirm at the AWS SCIM Server application that the user has been created.
  • Drupal user provisioning and Sync - you can confirm at aws as scim server application that the user has been created

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal User Provisioning and Sync module.

Our Other modules

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com