System for Cross-domain Identity Management (SCIM) is a standard used for managing user identities and access across various systems and applications, particularly in cloud environments. It provides a uniform way to synchronize and manage identity information, regardless of the specific systems being used.
With SCIM, the following is possible in Plek:
- Automatically create users in Plek
When a new employee joins your organization and is added to the Active Directory with the correct access permissions, Plek will automatically create a user account for them, granting them immediate access. This is done using a unique value from the Active Directory, which Plek uses as a mapping key.
The mapping key must be a unique value in the Active Directory that will never be changed for a user. If it is changed, conflicts may arise with individual accounts, such as duplicate accounts, users not synchronize, or login issues. - Synchronize profile data
Link fields from the Active Directory to the profile fields in Plek, so that changes are automatically updated upon the next login. This ensures that the profiles in Plek remain consistent and up-to-date.
- When using Entra ID (formerly Azure), certain types of values cannot be processed by Plek, [type eg "..."]. If the desired attributes are not compatible with Plek, it is the customer's responsibility to adjust them so that they can be used by Plek.
- Note: We do not offer synchronization support for (birth)dates and profile pictures for Plek profiles. - Deactivate users
When an employee leaves the organization and is removed from the Active Directory, Plek will automatically deactivate their user account, denying them access to the platform and associated information.
The automatic removal of users will always occur based on a value in the Active Directory. For example: leave date or active=true or false. This value must remain in place for a longer period. Users will never be automatically removed via SCIM based on presence in synchronization. - Automatic addition to groups Based on certain profile fields, users can be automatically added to specific groups within Plek. This can be useful for organizing teams or departments within the organization. Users are added to the group after the next successful synchronization.
- For example:
All users with function X can be automatically added to group Y.
All users with function A or B can be automatically added to group C.
- Group mapping is only possible based on a profile field. The correct profile field in Plek must be linked to the correct attribute in the Active Directory.
- Users are not removed from groups when the value in a field changes. Group mapping via Single Sign-On only adds users. For example, if your function changes from X to A, the user will be added to group C but not removed from group Y.
If your organization's user synchronization requirements do not align with SCIM standards, please read our page on User Provisioning based on Datamapper.
User synchronization is an additional integration in Plek. For more information on setting up User Provisioning for your organization, visit our pricing plan for your subscription, contact your account manager, or send an email to support@plek.co.