7.3.1. Introduction

New in version 1.11.0: Nubus SCIM Server becomes available in Nubus for Kubernetes.

Important

The Nubus SCIM Server is in an early state with limited configuration capability. For detailed limitations, see Limitations.

System for Cross-domain Identity Management (SCIM) is a standard for exchanging user identity information. It provides a standardized API for managing users and groups, and reduces the need for custom integration with external identity management systems.

The SCIM service acts as a bridge between external identity management systems and the Nubus Directory Manager, providing a standardized interface that third-party systems can integrate with.

The following RFCs define the SCIM specifications:

• RFC 7642: Definitions, Overview, Concepts, and Requirements

• RFC 7643: Core Schema

• RFC 7644: Protocol, the REST interface

Nubus SCIM Server provides access to data in the Directory Manager (UDM) through the Nubus SCIM Client for outgoing data from Nubus and the Nubus SCIM Server for incoming data to Nubus. It offers the same standardized interface that other IAM providers use, such as Okta, Entra ID, and others.

This chapter is about the Nubus SCIM Server and has the following sections:

• Configuration

• Authentication

• Attribute mapping

• Limitations

• Troubleshooting

7.3.1.1. Quick start

To get started with the SCIM in Nubus for Kubernetes, you need to go through the following steps. For detailed instructions, see Configuration.

1. Enable the service: Configure the Nubus SCIM Server in your Helm values.

2. Set up authentication: Configure OpenID Connect authentication.

3. Start using the API: Begin making SCIM requests.

7.3.1.2. Key features

Nubus SCIM has the following features:

• Standard SCIM Protocol: Compliant with SCIM 2.0 specifications.

• OpenID Connect based Authentication: Secure token-based authentication.

• Comprehensive Attribute Mapping: Maps attributes between UDM and SCIM.

• User and Group Management: CRUD operations for users and groups.

7.3.1.3. Architecture overview

Nubus SCIM integrates with several Nubus components:

• UDM HTTP REST API: Backend data source for users and groups.

• Identity Provider through Keycloak: OpenID Connect authentication provider.

• Kubernetes: Deployment platform with Helm charts.