Outbound provisioning is supported via SCIM or SPML standards. There are outbound provisioning connectors for Google and Salesforce available by default in the Identity Server. If you need to plug any other custom connector, you can do it as well by writing an extension for that as described here. Outbound provisioning configurations can be found under identity provider configuration user interface of the Identity Server.
- Sign in. Enter your username and password to log on to the Management Console.
- Navigate to the Main menu to access the Identity menu. Click Add under Service Providers.
- Fill in the Service Provider Name and provide a brief Description of the service provider. Only Service Provider Name is a required field.
- In the screen that appears, expand the Outbound Provisioning Configuration section.
- In the Outbound Provisioning Configuration section, do the following.
- Select the identity provider you added from the drop-down menu available and click the following sign to add it. If you have not added an identity provider as yet, this step is not possible.
- Once added, the identity provider is displayed as an entry in a list. Select scim from the drop-down to ensure that the SCIM operation is used for provisioning.
- There is another option called Blocking. If enabled, it means that the outbound provisioning request must be blocked until the response is received. By default, the request would be not non-blocking.
- There is another option called Enable Rules. If enabled, it means outbound provisioning request will be executed along with the XACML rules enabled.
- You can also enable just-in-time provisioning by selecting the Enable JIT checkbox. Once you enable this, when a user is JIT provisioned to IS when authenticating from a federated authenticator, that user will be outbound provisioned to this identity provider as well.
- Click Update to save your configurations.