SCIM provisioning overview

Overview

SCIM provisioning allows you to automatically manage users in your cloud CrashPlan environment. Once enabled, CrashPlan creates new users, deactivates users, and updates user roles and permissions based on syncs with your provisioning provider. This article gives an overview of CrashPlan provisioning as well as some tutorials for configuring provisioning in the CrashPlan console. 

The SCIM provisioning feature is only available in cloud CrashPlan environments.

What is SCIM provisioning?

SCIM provisioning is one way to manage users in your company. There are multiple ways to manage users in an IT system or application. For example: 

• Manually: You can manually create, update, and deactivate users in every application each time a change happens. This method is time consuming, and it is difficult to scale in larger environments. 
• Active Directory, OpenDirectory, or LDAP: Directory services where one user directory acts as a source of truth. Administrators make updates to one directory and the changes are synced to other systems and applications. This automates user management, which saves you time, and can scale to large environments. However, these directory services have firewall rules that may make it difficult to integrate with cloud applications.
• SCIM provisioning: SCIM provisioning relies on a provisioning provider as a source of truth. The provisioning provider may even connect to Active Directory, OpenDirectory, or LDAP on the back end. However, SCIM provisioning leverages REST and JSON to communicate, which makes it easier to integrate with cloud apps. It is also able to scale in large environments. 

How does SCIM provisioning work?

What it does

• Performs actions to your CrashPlan environment based on the provisioning provider information:
  • Adds or deactivates users 
  • Moves users to appropriate organizations based on the organization mapping method
  • Applies roles to users based on the role mapping
• Performs sync when a change occurs on the provisioning provider side. This means you must make a change on the provisioning provider to apply any updates to CrashPlan. 

What it doesn't do

• CrashPlan does not make any changes to your provisioning provider. Therefore, CrashPlan does not add, modify, or deactivate users in the provisioning provider.
• Use LDAP. If your directory service requires LDAP to connect to CrashPlan, use the CrashPlan User Directory Sync Tool. To configure the tool in your CrashPlan environment, contact your Account Executive. 

Requirements

The CrashPlan provisioning feature requires you to connect a third-party provisioning provider to CrashPlan. The following are the basic requirements that your provider and your CrashPlan environment need to integrate correctly:

• SCIM 2.0: CrashPlan requires a provisioning provider to use the SCIM 2.0 protocol. 
• SCIM groups: The Custom SCIM mapping and role mapping require that your provider uses SCIM groups. Other provisioning features are available without SCIM groups. 

Configuration articles

See the following articles to learn how to configure provisioning providers:

• How to configure SCIM provisioning
• How to provision users to CrashPlan from Microsoft Entra ID
• How to provision users to CrashPlan from Okta
• How to provision users to CrashPlan from PingOne