Reputation: 71
Using SCIM, can my app ask the IdP whether the user is part of a group?
The usual use of SCIM seems to be that user information (provisioning) can flow from the IdP to the app (aka, service provider). But what if the app has a question for the IdP, like: "what is the group membership of this user?" I don't see anything in SCIM to prevent that, but maybe I am missing something , maybe the IdP won't typically be listening for a query like that through SCIM, or maybe the SCIM server/gateway implementations readily available don't support it. To implement single sign-on, wouldn't the app ask the IdP for whether a user is authenticated -- maybe that would be a similar flow to what I am asking?
Upvotes: 0
Views: 160
Answers (1)
Reputation: 912
There are two distinct roles in SCIM - "client" and "service provider". The client makes RESTful requests to the SCIM API hosted by the service provider. The example you've given would require that both parties (IdP + App) had implemented the ability to handle both client and service provider roles, so that both can make requests to each other. IdPs almost universally will have SCIM clients implemented, but the IdP having a SCIM service provider implemented isn't as sure of a thing - this will depend on the specific IdP you are working with.
Upvotes: 0
Related Questions
- How to list users present in a group using SCIM implementation
- Get groups of user during provisioning on Enterprise application in Azure AD
- Querying if a user is a member of a group
- Is support for Groups required by the SCIM protocol, and how do you handle it if your application doesn't have the concept of groups?
- Programmatically check for a user group
- Sharepoint: Check if a user is member of a group
- Method that prompts user to pick a group and gets that group's ID
- Sharepoint: find out if current user belongs to specified group
- checking if a user belongs to a group in ldap
- Check if user is a member of a group (ldap)