Onboarding to SCIM Provisioning
SCIM, or System for Cross-domain Identity Management, is a standard for automating the exchange of user identity information between identity domains, or IT systems
Uber supports SCIM 2.0, that is published as IETF RFC 7643 and RFC 7644
SCIM provisioning has multiple benefits, including below (but not limited to):
- Standardization of provisioning
- Centralization of identity
- Automation of employee onboarding and offboarding
- Push based model, that is low maintenance, resilient and hassle-free for the admins
¶ Pre Checklist
Before you start the setup, below are the requirements to enable SCIM provisioning end to end
- You must be onboarded to a Uber for Business organization and have admin access to it at business.uber.com
- You must allow syncing via identity providers, you can find this by hovering your mouse above your profile photo in the top right corner - Settings - Integrations section - toggle Allow
- We have pre-built SCIM apps for few Identity Providers as listed below. If you need a SCIM app for a different Identity Provider, reach out to your account manager. You can refer to our SCIM APIs documentation to have a custom integration.
As of today, our SCIM APIs automate provisioning/de-provisioning in below manner
Provisioning: When an employee joins your company, SCIM provisioning flow will create an employee record in your Uber for Business organization and automate an email invitation asking them to link their Uber account to your Uber for Business organization.
De-provisioning: When an employee leaves your company, SCIM will unlink their Uber account from your Uber for Business organization.
Before you configure SCIM provisioning on your Identity Provider side, you need to onboard your Uber for Business organization to enable SCIM provisioning. In total, you need to do all below to successfully integrate with SCIM provisioning
- Configure SCIM app on your Identity Provider
- Test the Integration
¶ Step 1: Configure SCIM app on your Identity Provider
Use the organization ID from Uber for Business portal in this SCIM app
You are recommended to create a separate admin account on Uber and link it to this organization. This ensures that SCIM provisioning keeps functioning independent of various admins leaving/joining your organization. To clarify, this involves the following steps
- Create a new Uber account
- Invite this user to your Uber for Business organization as an admin
- While configuring SCIM in your Identity Provider portal, use this newly created account while authenticating to obtain an auth token
- Now you can add more app managers to manage the SCIM app so that they can make any incremental changes in future
|OneLogin||Follow the guide at here|
|Okta||Follow the guide at here|
|Others||Please reach out to your account manager who can get our SCIM app made available for your Identity Provider. Alternatively, you can create a custom SCIM app by following these instructions|
¶ Step 2: Test the Integration
We recommend you to enable SCIM app for a small group and test provisioning/de-provisioning flows. You should have below flows tested
- Someone joins this group on your organization side, within few minutes/hours (depending on SLAs provided by your Identity Provider), you should start seeing this user on Uber for Business portal under People tab.
- Someone leaves your group, this user should disappear on Uber for Business portal (unless this user was the last Uber for Business admin of your organization).
- FirstName/LastName/UserEmail is updated on your organization side, the newly updated information should start appearing on Uber for Business portal.