Configuring SCIM involves some network and infrastructure preparation but is otherwise fairly simple. In many cases you may already have the required infrastructure in place. A brief summary of the process is as follows:
Kantega SSO: Create a SCIM directory and /tenant configuration in Kantega SSO. This gives
you a bearer token and a unique tenant URL, e.g. http://jira-internal.example.local:5501/scim/zbs848185728/v2. The IDP will use this URL to send users and groups to the Atlassian app.Network: Set up a load balancer, gateway or reverse proxy to make the internal endpoint accessible from the Internet, and provide HTTPS termination.
HTTPS is an absolute requirement externally. Use an existing host name and certificate package, or register new ones. Certificate requirements are IDP-dependent, and self-signed certs are generally not accepted.
Configure the gateway to proxy requests to the internal tenant URL (see above). You should now have an external tenant URL e.g. https://scim.example.com/scim/zbs848185728/v2 which gets proxied to e.g. http://jira.example.local:5501/scim/zbs848185728/v2.
Configure SCIM in the IDP:
Set the external tenant URL as the SCIM endpoint address.
Add the bearer token from #1
Do any additional configuration (user assignment, attribute mapping)
...
you the endpoint URLs you will need in step 2.
Install and/or configure a Network gateway/proxy to make SCIM endpoints accessible to the IDP.
This includes obtaining a valid DNS name and certificates.
Configure SCIM on the IDP.