Configuring SCIM in Cyral

Cyral supports the use of the SCIM protocol to retrieve group information from your SAML identity provider. While Cyral also supports other ways to retrieve group information from SAML, the SCIM approach is the only way to get group information for login workflows in which the user does not visit the Cyral Access Portal. For example, login through Tableau to Snowflake with Cyral SSO relies on Cyral's SCIM integration to retrieve the user's group information.

Prerequisites

Before you set up the SCIM integration, make sure you have:

• A working SAML SSO integration in Cyral.

note

Note the following limits on Cyral SCIM integrations:

• Cyral supports only SCIM 2.0.
• Bulk operations are not supported.
• Cyral supports only the user and group resource types. No other custom resources are supported.
• PUT and PATCH are both supported for user and group resource types.
• Cyral supports authentication only via a long-lasting OAuth 2.0 bearer token that's been sent as an HTTP authorization header.

Configure SCIM in your SAML 2.0 identity provider

See these guides to help configuring for your IDP:

• SCIM with Azure Active Directory
• SCIM with Okta
• OneLogin
• SCIM with Other IdPs