SCIM Client properties, tables, scriptable APIs, and logs

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of SCIM Client properties, tables, scriptable APIs, and logs

    The SCIM v2 - ServiceNow Cross-domain Identity Management Client (com.snc.integration.scim2.client) plugin facilitates identity management by providing essential configuration properties, tables, scriptable APIs, and logging capabilities. This enables administrators to efficiently manage identity data across different services.

    Show full answer Show less

    Key Features

    • Properties: The SCIM Client includes system properties that control logging behavior and log cleanup duration:
      • com.snc.integration.scim2.client.log.request.status: Configures log record output (options: FAILURE or ALL; default: ALL).
      • com.snc.integration.scim2.client.log.cleanup.duration: Sets the log retention period in days (default: 180).
    • Tables: The plugin introduces several tables to manage SCIM data:
      • SCIM Provider (sysscimprovider): Stores provider details and resource definitions.
      • SCIM Provider Resource Mapping (sysscimproviderresourcemapping): Contains primary table information for providers and resources.
      • SCIM Attribute Mapping (sysscimattributemapping): Holds source details for SCIM attribute values.
      • SCIM Client Log (sysscimclientlogs): Records the statuses of SCIM API calls.
    • Scriptable API: The SCIM2Client API allows for creating, updating, or deleting data in service providers, and is designed for use in system context scripts. Administrators can leverage this API in various scenarios, including:
      • Provisioning identity information through background scripts or business rules.
      • Running scheduled or on-demand jobs for identity provisioning.
      • Integrating the provision script in workflows or business rules.

    Key Outcomes

    By utilizing the SCIM Client, ServiceNow customers can effectively manage and provision identity data across their services, streamline integration workflows, and enhance logging capabilities for monitoring provisioning statuses. This results in improved operational efficiency and better identity governance.

    The SCIM v2 - ServiceNow Cross-domain Identity Management Client (com.snc.integration.scim2.client) plugin includes the following system properties, tables, scriptable APIs, and logs.

    Properties

    SCIM Client adds the following system properties.
    Table 1. Properties
    Name Description
    com.snc.integration.scim2.client.log.request.status This property determines whether to write all the log records or just the error log records. The possible values are FAILURE or ALL.

    Default value: ALL
    com.snc.integration.scim2.client.log.cleanup.duration This property determines the number of days for clearing the logs.

    Default value: 180

    To set the properties, navigate to All > SCIM > SCIM Client Properties.

    SCIM Client Properties

    Tables

    The SCIM Client adds the following tables.

    Table 2. Tables
    Name Description
    SCIM Provider (sys_scim_provider) Stores data for each SCIM provider, such as the name, REST message resource definitions, and so on.
    SCIM Provider Resource Mapping (sys_scim_provider_resource_mapping) Stores the primary table information for each provider and resource name.
    SCIM Attribute Mapping (sys_scim_attribute_mapping) Stores the source details where each SCIM attribute value should come from, such as the table field, script, and so on.
    SCIM Client Log (sys_scim_client_logs) Stores the statuses of each call triggered to SCIM Provider.

    Scriptable API

    The SCIM2Client API calls the System for Cross-domain Identity Management (SCIM) Provider (server role) to create, update, or delete data in a service provider (SP). The scriptable API of the SCIM Client should be used in the scripts that are running in the system context or by a system admin user.

    For example, you can use the script while running the integration hub workflow as a system user, while running the scheduled jobs, and so on.

    The following are some of the use cases for using the scriptable APIs:

    • As an admin, provision identity information from background scripts, business rules, script include calls, workflows, and so on.
    • As an admin, run a scheduled job or an on-demand job for identity provisioning.
    • Run a workflow or sub-workflow with the Script step using the provision scriptable API call.
    • Add the provision script directly in a business rule or script include. The script can be triggered by non-admin users. This use-case works in the following situations:
      • The user has access to the token, meaning that the user has the role to generate the token from the REST template.
      • The user has access to retrieve the SCIM attribute values from the mapped tables.

    To know more about the scriptable API, see SCIM2Client API.

    SCIM Client Logs

    The SCIM Client Logs display the provisioning status about the SCIM APIs. To view the provisioning status, navigate to All > SCIM > SCIM Client Logs.