The following operations can be performed on the subscriber channel:
Operations performed on a user
Adding a user: A user is added in Identity Manager and synced to Keeper through the SCIM driver. The details of the user such as, user's first name, last name, contact details, email ID, location, department, user name, initial login password are added and synchronized to the Keeper application.
The SCIM end point for Keeper to add a user: https://keepersecurity.com/api/rest/scim/<current version>/<node id>/Users
Method: POST
IMPORTANT:Ensure to replace the variable values in the SCIM end point URL as per Keeper specifications. The sample values are shown as follows, and applicable for the SCIM end point examples mentioned in other sections.
<current version> with v2, etc.
<node id> with <345074852429829>
<association> with keepersecurity-userid, or keepersecurity-groupid, etc., as applicable.
Modifying a user: If there are any changes made to the user details such as, user's first name, last name, contact details, email ID etc, they will be synchronized with Keeper application.
The SCIM end point for Keeper to modify a user: https://keepersecurity.com/api/rest/scim/<current version>/<node id>/Users/<keepersecurity-userid>
Method: PUT
NOTE:The user can be disabled in case of separation or termination of their services.
Migrate a user: You can migrate an individual or multiple users from Identity Manager to Keeper application and vice-versa.
Polling a user: You can poll a user from Keeper application to Identity Manager.
The SCIM end point for Keeper to poll users: https://keepersecurity.com/api/rest/scim/<current version>/<node id>/Users
Method: GET
Query a User: You can query the synced attributes of resource such as user from Keeper through iManager. Also, we can query through dxcmd utility to fetch required resources or attributes using specific conditions.
The SCIM end point for Keeper to query users: https://keepersecurity.com/api/rest/scim/<current version>/<node id>/Users/<keepersecurity-userid>
Method: GET
NOTE:Complex JSON attributes cannot be queried from SCIM compliant applications through dxcmd utility.
Operations performed on public groups
Adding a group: A group is added in Identity Manager to manage multiple users with same set of access permissions, rather than managing users individually.
The SCIM end point for Keeper to add a group: https://keepersecurity.com/api/rest/scim/<current version>/<node id>/Groups
Method: POST
Modifying a group
Adding member to a group: A member is added to a group based on the user’s role, department and access permissions that the user qualifies for, so that the access permissions for that designated user role are provisioned accordingly.
The SCIM end point for Keeper to add a member to a group: https://keepersecurity.com/api/rest/scim/<current version>/<node id>/Groups/<keepersecurity-groupid>
Method: POST
Removing member from a group: A user can be removed from a group if the user’s role or designation, or access permissions provided do not qualify a user to belong to that group. This happens in case of a role or designation change of the user, or separation or termination of the user.
The SCIM end point for Keeper to remove a member from a group: https://<tenantname>.keepersecurity.com/services/scim/<current version>/<node id>/Groups/<keepersecurity-groupid>
Method: POST
Deleting a group: Duplicate groups, redundant groups, empty groups or groups that are not required can be deleted, and the group members will be moved to another group as required.
The SCIM end point for Keeper to delete a group: https://<tenantname>.keepersecurity.com/services/scim/<current version>/<node id>/Groups/<keepersecurity-groupid>
Method: DELETE
Migrate a Group: You can migrate an individual or multiple groups from Identity Manager to the Keeper application and vice-versa.
Polling a Group: You can poll all created groups from Keeper application to Identity Manager.
Method: GET
The SCIM end point for Keeper to poll groups: <tenantname>.keepersecurity.com/services/scim/<current version>/<node id>/Groups
Query a Group: You can query the synced attributes of resource such as group from Keeper through iManager. Also, we can query through dxcmd utility to fetch required resources or attributes using specific conditions.
The SCIM end point for Keeper to query groups: <tenantname>.keepersecurity.com/services/scim/<current version>/<node id>/Groups
Method: GET
NOTE:Complex JSON attributes cannot be queried from SCIM compliant applications through dxcmd utility.
The following are a few observations when some specific operations are performed in Keeper Application.
For an inactive user, if you modify the username (email id), the display name is updated in the Keeper application.
If a group is created in Identity Manager and synchronized to Keeper, the display name is blank in the driver log and does not appear in the application.