SonicWall CSE: Enabling System for Cross-domain Identity Management (SCIM) for end users that use Entra ID
Description
SCIM Overview #
Historically, when a user was assigned to the desktop app via their org’s SCIM provider, the Command Center was unaware of that user’s existence until the user logged into SonicWall Cloud Secure Edge. SonicWall used Just-in-time (JIT) provisioning to update the Command Center’s directory of users, so that when a user logged into CSE for the first time, the user would then be visible in the CSE directory.
The System for Cross-domain Identity Management (SCIM) is a protocol that allows CSE to receive updates about its users from a SCIM provider (typically an IDP), without users needing to first log into CSE. When enabled, SCIM communicates which users are assigned to the desktop app at a given time, keeping the list of users inside the CSE up-to-date. This offers admins a more seamless experience when assigning roles, policies, or services to users, since there’s more accurate reporting on the existence of users in CSE.
This doc lays out the steps required to enable SCIM for your end users using Entra ID as an IDP.
Steps to enable SCIM provisioning for Entra ID #
Note: Ensure that your IDP configuration settings are set up properly and saved before enabling SCIM.
1.1 In your User Identity Provider settings for Entra ID (i.e., Settings > Identity and Access > End User), toggle on SCIM Provisioning. Select Enable SCIM in the prompt.
1.2 Under SCIM Provisioning, generate an API token. Copy the token.
-for-end-users-that-use-Entra-ID-kA1VN0000000WSv0AM-api-token-scim.png)
1.3 In your Entra admin center, navigate to your CSE TrustProvider App Overview page, and select 3. Provision User Accounts under Getting Started.
-for-end-users-that-use-Entra-ID-kA1VN0000000WSv0AM-provision-user-accounts-cse.png)
1.4 Under Manage (in the table of contents on the right side of the webpage), select Provisioning, and then under Provisioning Mode, select Automatic.
-for-end-users-that-use-Entra-ID-kA1VN0000000WSv0AM-provisioning-mode-cse.png)
1.5 Under Admin Credentials, paste your API token in the Secret Token field.
1.6 In SCIM Provisioning in the Command Center, copy the Base URL value, and then paste this value into the Tenant URL field in your Entra ID admin center (also under Admin Credentials).
1.7 Test the connection.
1.8 If the connection is successful, Save the SCIM configuration.