Joomla SCIM User Provisioning Use Cases

1. User provisioning from Identity Server to Joomla using Joomla

Requirement

You can use the System for Cross-Domain Identity Management (SCIM) user management API to enable automatic provisioning of users and groups between your Joomla application and your Identity Provider.

A customer having more than 5k users stored in his Identity Server. Sometimes a customer needs to update, delete or add the user in Identity Provider. But after doing any of the operations on Identity Server end he needs to do the same on Joomla end manually. It is too hectic for him. So he wants the solution in which all users automatically update, add or delete on Joomla site if he updates, adds or deletes users on Identity Server end. .

Solution

System for Cross-domain Identity Management (SCIM) is an open standard HTTP based protocol for automating the exchange of user identity information between Identity domains and Joomla Service Provider.

SCIM aims to simplify user provisioning and management in the cloud. For example, Okta ,Azure AD, Onelogin, Google Apps etc acts as Identity Provider. So if any user is added, updated or deleted from the server end it will automatically be done on your Joomla site. By using Joomla SCIM plugin with Joomla SAML Single Sign-On, when users updated, added and removed in the Identity Server the same operations will be performed on Joomla site without performing SSO.

If user is created in Identity Provider or Server, then automatically user created in Joomla site. Refer below diagram.

Same for the update users and delete users from Identity Server or provider, Automatically updated and deleted to Joomla end. You can refer below flow diagram to understand user update and delete.

Below diagram can explain you about front end flow of how Joomla SCIM plugin work with your Identity Providers.