Advanced SCIM settings
Advanced SCIM settings allows more advanced configuration of SCIM. You can currently change/enable the following behavior:
Authentication method: Change authentication method between bearer token, basic auth or no authentication.
We strongly recommend using an authentication method, as no authentication will allow anyone to modify the SCIM directory.
Cache file: Kantega SSO will cache a few user attribute values in memory to increase SCIM performance. This setting creates a file to instantiate this cache after restarting your instance. If this setting is not enabled, the cache will automatically rebuild while the instance is running.
User linking on creation: Automatically link manually created users found within the SCIM directory to an incoming SCIM user with the same externalId or username.
If this setting is disabled, you might find yourself getting more 409 errors in SCIM events if there is a user collision in username. Users affected by this collision might find themselves with different group memberships than they have in the identity provider since they cannot be synced correctly. This can be difficult to debug as the identity provider is expected to be used as a source of truth with SCIM.
A SCIM directory that has link on creation enabled may be used as Just-In-time directory for a SAML/OIDC identity provider.