To begin with the configuration, you need to set up the SCIM driver object in the designer, and configure the SCIM driver with the specific parameters to connect to Keeper application.
The procedure to set up the SCIM driver in designer is similar for any connected application. The generic steps to set up a driver object in designer is shown from step 1 to step 20, and the configuration parameters specific to Keeper application is mentioned in step 22. If you are familiar with the generic driver object set up, you can choose to skip to Step 22 to see the configuration parameters specific to Keeper application.
Open Designer.
In the toolbar, click Help > Check for Package Updates.
Select the required package to download and click OK. The designer is updated with the selected packages. For the packages that need to be selected for Keeper, see Installing the Driver Packages in Designer.
In the Outline view, right-click the Package Catalog.
Click Import Package and install the SCIM KeeperSecurity Configuration Package.
By default, only the base packages are displayed. Deselect Show Base Packages Only to display all packages.
Scroll to find the required package and select it.
Click OK to import the selected packages, then click OK in the successfully imported packages message.
In Designer > Outline view, open your project.
Right click project > New > Identity Vault, or drag and drop Identity Vault from the Palette to Modeler window.
In the Add Server Association screen, select the following field values and click OK.
Server DN
Identity Manager Version
Identity Manager Edition
The Identity Vault Credentials window appears.
In Identity Vault Credentials window, enter:
Field |
Description |
---|---|
Host |
The identity vault hosting machine's IP address |
Username |
The name of the user, for example, Admin, if the user is an administrator. |
Password |
The password of the user to login to the identity vault |
Select Save Password, if you want to save your password for easy logins in the future.
Click OK.
The Identity Vault with the Driver Set appears in the Modeler window.
In the right pane, drag and drop the SCIM driver icon from Palette > Tool tab to the Modeler window.
In the Driver Configuration Wizard, select SCIM Base (Contains the base functionality for a driver. You must install a driver base configuration package first).
NOTE:You can only select one base package.
Click Next.
In the Select Mandatory Features page, select the SCIM Default Package, and click Next.
In the Select Optional Features page, select the SCIM KeeperSecurity Configuration Package, and if required select SCIM JSON Package, and click Next.
IMPORTANT:Though the SCIM KeeperSecurity Configuration Package appears in the Select Optional Features page, to configure the SCIM driver for Keeper you must select this package mandatorily.
Verify if the required Important Note items are met, and click Next.
On the Driver Information page, specify a name for the driver, then click Next. The Connection Parameters page appears.
Select OAuth 2.0 in the Authentication Method field, it is recommended to use OAuth2.0 since it is the most secure authentication method.
In the OAuth2.0 Token Management field, select Manual, as the other options JWT and Bearer, are not supported by Keeper application.
The following fields appear:
Field |
Field Value |
---|---|
Token: Specify the token generated from the Keeper application. The procedure to generate a token is shown below:
|
<9xdQQZzVwvmfe+gIGab0z8VnqlejRDgPgxYtR3bPW7o=> |
Query Options: You can add your query options as per requirement to suit your environment. |
Not Applicable for Keeper application. NOTE:It is applicable only if new bearer token needs to be generated, and generating a new bearer token is not supported by Keeper application. |
Secret Query Options: You can add your query options as per requirement to suit your environment. The values specified in these options are hidden for security purposes. |
Not Applicable for Keeper application. NOTE:It is applicable only if new bearer token needs to be generated, and generating a new bearer token is not supported by Keeper application. |
Application Truststore File: The path and the name of the keystore file, that contains the trusted certificates for the application server or connected system to achieve SSL handshake. |
</root/scim_configuration/trustKeeperSec/KeeperSec> For more information on how to create the truststore file, see Configuring the Subscriber Channel in |
Mutual Authentication |
Mutual Authentication is not supported by Keeper application. |
Proxy Authentication: Defaults to Hide. Select Show if you want to set proxy authentication parameters. Specify the host address and the host post when a proxy host and port are used. |
|
HTTPS Connection Timeout: Specify the HTTP connection time out value. |
The timeout value must be greater than 0. NOTE:The driver waits for the time specified (in minutes) and terminates the HTTPS connection displaying the error codes that are configured in the Subscriber Options > HTTPS error codes for retry field. |
SCIM 2.0 URL: Enter the URL for the SCIM Application. SCIM Resources like User, Group etc. will be appended to this URL. |
<https://keepersecurity.com/api/rest/scim/v2/345074852429829/> |
In the Install SCIM Base page, specify the Subscriber Options and Publisher Options, and click Next.
Field |
Description and Sample Values |
---|---|
Subscriber Options |
HTTPS error codes for retry: Specify the HTTPS errors that must return a retry status. Error codes must be a list of integers separated by spaces. For example: <307 408 503 504> NOTE:The operation will be retried if these errors are encountered. |
Publisher Options |
IMPORTANT:Polling Resource Options: This field does not appear when you are setting up the driver for the first time. These options are to be specified once the driver is configured. Once the driver is configured, double click the connector line in the modeler window and navigate to Driver Configuration > Publisher Options tab.
|
In the Schema Settings page, enter the values as shown in the following table:
Table 1-1 Schema Settings
Field |
Description with Sample Values |
---|---|
Refresh Schema on Driver Startup |
Specify Yes, to refresh the schema. IMPORTANT:You must select Yes only for the first time to load the application schema or if the application schema has changed. It is recommended to change it to No after you load the application schema and if the schema mapping’s are completed. For more information see, Refreshing the Fetched Connected Application’s Schema in |
Schema Options |
The available options are:
|
Resource Type |
Specify the Resource ID and Resource EndPoint’s for resources like Users, Groups, Roles, Entitlements etc. in Uniform Resource Name (URN) Format.
Similarly for Groups:
|
Table 1-2 Modifier Settings
Field |
Description with Sample Values |
---|---|
Custom Java Class |
The custom Java class which is used to extend the driver's functionality. Defaults to Hide, select Show to configure Modifiers. |
Document Handling: Defaults to No, select Yes. The Class and Init Parameter fields appear. |
|
Review the summary of tasks that will be completed to create the driver, then click Finish. The configured driver appears in the designer screen.