SCIM
SCIM (System for Cross-domain Identity Management) is a standardized protocol for automating the exchange of user identity information between systems. You can bring person and team data from any SCIM 2.0 compliant service provider into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with a SCIM 2.0 service provider and how to obtain that information from your provider. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select SCIM from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate with the SCIM 2.0 service provider:
-
URL: The base URL of the SCIM 2.0 service provider. For example,
https://api.scim.dev/scim/v2. -
Client ID: The OAuth 2.0 client ID used to authenticate with the identity provider.
-
Client Secret: The OAuth 2.0 client secret used to authenticate with the identity provider.
-
Token Endpoint: The OAuth 2.0 token endpoint URL used to obtain an access token. For example,
https://idp.scim.dev/oauth/token.
Generate OAuth 2.0 credentials
The SCIM connector uses the OAuth 2.0 Client Credentials flow to authenticate. To obtain the required credentials, follow these steps:
-
Log in to your identity provider's (IdP) administration console.
-
Register a new OAuth 2.0 application or locate an existing one that is configured for SCIM access.
-
Note the Client ID and Client Secret assigned to the application.
-
Locate the Token Endpoint URL in your IdP's documentation or application settings.
The exact steps to obtain OAuth 2.0 credentials vary depending on your identity provider. Consult your provider's documentation for specific instructions.
Additional settings
The SCIM connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
- Maximum retries: The maximum number of times that the integration attempts to connect to the SCIM 2.0 API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The SCIM connector can retrieve the following types of data from the SCIM 2.0 API:
Table 1: Data retrieved from SCIM
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Group | Yes | Team |
| User | Yes | Person |
The SCIM connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from SCIM in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Group
Table 2: Group attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
displayName | DESCRIPTION |
displayName | NAME |
id | UID |
members[].value | MEMBERS |
meta.created | SOURCE_CREATED_DATE |
meta.lastModified | SOURCE_LAST_MODIFIED |
| Generated (set to "Team") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
| Generated (computed from members array size) | MEMBER_COUNT |
| Generated (set to "active") | STATUS |
User
Table 3: User attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
active | EMPLOYMENT_STATUS |
active | STATUS |
displayName / userName | DESCRIPTION |
displayName / userName | NAME |
emails[].value | EMAILS |
enterprise.department | DEPARTMENT |
enterprise.division | LOCATION |
enterprise.manager.displayName / manager.value | MANAGERS |
groups[].value | GROUPS |
id | UID |
meta.created | SOURCE_CREATED_DATE |
meta.lastModified | SOURCE_LAST_MODIFIED |
name.familyName | LAST_NAME |
name.givenName | FIRST_NAME |
phoneNumbers[].value | PHONE_NUMBERS |
title | JOB_TITLE |
userName | USERNAME |
| Generated (set to "Person") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
APIs
The SCIM connector uses the SCIM 2.0 Protocol (RFC 7644). Specifically, it uses the following endpoints:
Table 4: SCIM API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Group | GET /Groups |
| User | GET /Users |
Changelog
The SCIM connector has undergone the following changes:
Table 5: SCIM connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.0 | Initial Integration+ release. | March 19th, 2026 |