Strata Copilot
    Common Services: Identity and Access
    : SCIM
    Focus
    Download PDF
    Focus
    1. Home
    2. Common Services
    3. Common Services: Identity and Access
    4. Manage Third-Party Identity Provider Integrations Through Common Services
    5. SCIM
    Download PDF

    Common Services: Identity and Access

    SCIM

    Table of Contents

    SCIM

    Learn how to integrate a SCIM with Strata Cloud Manager for automated user provisioning, streamlined identity management, and enhanced security compliance across your deployment.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • IAM role of Superuser
    • SailPoint license
    Integrating a third-party System for Cross-Domain Identity Management (SCIM) is a powerful solution for organizations seeking to streamline their identity access management processes. By connecting your organization's identity management system with SCIM providers, such as SailPoint, you can automate user provisioning and access control for your Strata Cloud Manager users. The result is a centralized approach to identity management that significantly reduces administrative overhead while enhancing security compliance. With a SCIM integration, you benefit from a streamlined identity lifecycle management process, ensuring consistent access policy enforcement and maintaining up-to-date user information across multiple platforms.
    To set up an integration with a third-party SCIM, you configure a Tenant Service Group (TSG) and service account in your system, followed by setting up the SCIM connector in the third-party provider. For those seeking maximum control and security, optional features like SCIM-only mode ensure that all Access Management changes occur exclusively through the SCIM connector.

    Supported SCIM Providers

    Strata Cloud Manager supports integration with the following SCIM providers:

    Set up the Sailpoint SCIM

    1. Set up Strata Cloud Manager to use a SCIM to manage identity access.
      1. Create a TSG (Tenant Service Group).
      2. Create a Service Account with a Superuser role inside the TSG you created.
        Record the client credentials for later use.
      3. Click Change Authorization Source.
      4. Enable SCIM and then Save to apply your changes.
        After the SCIM integration is enabled for Strata Cloud Manager, all access management changes will only be allowed through the SCIM provider.
    2. Set up the SCIM to manage access for Strata Cloud Manager.
      For the most up-to-date instructions on managing a SCIM Connector, see the SailPoint documentation.
      1. Import the XML file containing the Strata Cloud Manager SCIM Connector configuration into Sailpoint (this XML file will be provided by your account representative).
        After importing the XML, the application will display under the Application Definition.
      2. Select the application and enter the OAuth2 client credentials from the service account you created in Strata Cloud Manager.
      3. Set up Aggregation Tasks in SailPoint for Accounts and Groups for the SCIM Connector.
        This ensures that all relevant identity data from Strata Cloud Manager is efficiently integrated into SailPoint, enabling better identity governance, streamlined access management, and enhanced security.

    © 2025 Palo Alto Networks, Inc. All rights reserved.