SCIM provisioning allows you to automatically manage users in your cloud CrashPlan environment. Once enabled, CrashPlan creates new users, deactivates users, and updates user roles and permissions based on syncs with your provisioning provider. This article gives an overview of CrashPlan provisioning as well as some tutorials for configuring provisioning in the CrashPlan console.
The SCIM provisioning feature is only available in cloud CrashPlan environments.
authentication: The process of identifying and verifying users in a system. Methods for authentication include:
- Local CrashPlan directory
- Single sign-on (SSO)
- Multi-factor authentication (MFA)
authentication provider: Allows access to CrashPlan. When enabled, users sign in using the authentication provider instead of CrashPlan. Examples of authentication providers include Okta, Google SSO, Ping, Azure AD, OneLogin, and Microsoft AD FS.
CrashPlan User Directory Sync Tool: Uses LDAP to automate user management between your directory service and your CrashPlan environment. This differs from other provisioning providers because it uses LDAP rather than SCIM.
identity management: An IT administrative area or market that deals with users in a IT system and gives them access to the right resources within the system.
identity provider (IdP): A general term to refer to a system that contains user identities. Identity provider can refer to a system performing authentication, provisioning, or both. Examples of identity providers include Okta, Google SSO, Ping, Azure AD, and OneLogin.
SCIM provisioning: An open standard protocol for automating user management.
provisioning provider: Automates user management. Applications like CrashPlan sync with a provisioning provider and then create, update, or deactivate users based on the provisioning provider's user profile. Examples of provisioning providers include Okta, Ping, and Azure AD.
single sign-on (SSO): SSO is one type of authentication method. It allows a user to use the same credentials to sign in to multiple applications.
What is SCIM provisioning?
SCIM provisioning is one way to manage users in your company. There are multiple ways to manage users in an IT system or application. For example:
- Manually: You can manually create, update, and deactivate users in every application each time a change happens. This method is time consuming, and it is difficult to scale in larger environments.
- Active Directory, OpenDirectory, or LDAP: Directory services where one user directory acts as a source of truth. Administrators make updates to one directory and the changes are synced to other systems and applications. This automates user management, which saves you time, and can scale to large environments. However, these directory services have firewall rules that may make it difficult to integrate with cloud applications. Note these options are not available in cloud CrashPlan environments, but are available for on-premises CrashPlan environments.
- SCIM provisioning: SCIM provisioning relies on a provisioning provider as a source of truth. The provisioning provider may even connect to Active Directory, OpenDirectory, or LDAP on the back end. However, SCIM provisioning leverages REST and JSON to communicate, which makes it easier to integrate with cloud apps. It is also able to scale in large environments.
How does SCIM provisioning work?
What it does
- Performs actions to your CrashPlan environment based on the provisioning provider information:
- Adds or deactivates users
- Moves users to appropriate organizations based on the organization mapping method
- Applies roles to users based on the role mapping
- Performs sync when a change occurs on the provisioning provider side. This means you must make a change on the provisioning provider to apply any updates to CrashPlan.
What it doesn't do
- CrashPlan does not make any changes to your provisioning provider. Therefore, CrashPlan does not add, modify, or deactivate users in the provisioning provider.
- Use LDAP. If your directory service requires LDAP to connect to CrashPlan, use the CrashPlan User Directory Sync Tool. To configure the tool in your CrashPlan environment, contact your Customer Success Manager (CSM).
The CrashPlan provisioning feature requires you to connect a third-party provisioning provider to CrashPlan. The following are the basic requirements that your provider and your CrashPlan environment need to integrate correctly:
- SCIM 2.0: CrashPlan requires a provisioning provider to use the SCIM 2.0 protocol.
- SCIM groups: The Custom SCIM mapping and role mapping require that your provider uses SCIM groups. Other provisioning features are available without SCIM groups.
See the following articles to learn how to configure provisioning providers:
- SimpleCloud: SCIM: System for Cross-domain Identity Management
- Okta: What is SCIM?