diff --git a/content/en/docs/marketplace/platform-supported-content/modules/scim.md b/content/en/docs/marketplace/platform-supported-content/modules/scim.md index 20ffa111257..95504b99500 100644 --- a/content/en/docs/marketplace/platform-supported-content/modules/scim.md +++ b/content/en/docs/marketplace/platform-supported-content/modules/scim.md @@ -61,6 +61,7 @@ If you are using the SCIM module in combination with Entra ID and OIDC SSO, you * Each application within your organization using the SCIM module must undergo a separate configuration. This allows the selection of the right target group of users for each app. * Synchronization of users from multiple SCIM clients is currently in beta. * The module supports deployment-time configuration using constants, eliminating a need for runtime configuration by a local admin user. +* The SCIM Module supports deleting all users provisioned by an IdP using the **Delete All Users** button in the IdP Configuration. After you delete all the associated users, you can delete the IdP using the **Delete** button. ### Limitations @@ -139,8 +140,8 @@ When upgrading to version 4.0.0 of the SCIM module, ensure you are also using ve | Mendix Version | SCIM Module Version | UserCommons Version | SCIM Information| | --- | --- | --- | --- | -| 10.12.10 and above | 4.0.0 | 2.0.0 | SCIM module is ready for the React client. | -| 9.24.2 and above | 3.0.0 | 1.0.2 | – | +| 10.24 LTS and above | 4.0.1 | 2.2.0 | Compatible with 11.6 MTS. SCIM module is ready for the React client. | +| 9.24 LTS and above | 3.0.0 | 1.0.2 | – | ## Configuration @@ -198,9 +199,21 @@ For reference, the table below gives an overview of attribute mapping when using | externalID | Name | 00ctc4pufr85d7 | ObjectID (configured, non-default) For example, `550e8400-e29b-41d4-a716-446655440000` | | familyName| lastname | Doe | Doe John | | givenName| firstname | John | | -| emails| Email | `john.doe@companyA.com` | `johndoe@companyA.com` | -| userName| FullName | `johndoe@companyA.com` | `johndoe@companyA.com` | +| emails| Email | `john.doe@company.com` | `johndoe@company.com` | +| userName| FullName | `johndoe@company.com` | `johndoe@company.com` | | active| Active | true | true | +| displayName| DisplayName | John | John | +| middleName| MiddleName | William | William | +| honorificPrefix | HonorificPrefix | Mr. | Mr. | +| honorificSuffix| HonorificSuffix | Jr. | Jr. | +| nickName| NickName | Johnny | Johnny | +| profileUrl| ProfileUrl | https://www.linkedin.com/in/john-doe-12345678/ | https://www.linkedin.com/in/john-doe-12345678/ | +| title| Title | Mr. | Mr. | +| preferredLanguage| PreferredLanguage | en-US | en-US | +| timeZone| TimeZone | CET | CET | +| userType| UserType | External | External | +| locale | Locale | en-US | en-US | + {{% alert color="info" %}} The SCIM module only supports the IdP attributes (claims) listed in the table above. Any other claims in the SCIM payload will be ignored. @@ -281,7 +294,7 @@ In the **Provisioning** section of the SCIM server configuration, you need to co * Select the identifier in the **User Metering Named Identifier** field to be used for metering. -{{< figure src="/attachments/appstore/platform-supported-content/modules/scim/user-commons.png" >}} +{{< figure src="/attachments/appstore/platform-supported-content/modules/scim/usercommons.png" >}} Save this configuration. Double-click on the **Alias** name and you will be able to copy the generated **API Key**. @@ -320,6 +333,7 @@ The table below lists all supported constants. Mandatory constants must be set a | `Default_UserType` | sets the mapping entity attribute to the Identity provider attribute | Optional | `Internal` | | `DisableMxAdmin` | deactivates Mx admin | Optional | `True` | | `RefreshCustomModule` | synchronizes the specified module | Optional | | +| `Default_NamedUserIdentifier` | a user identifier added to the IdP configuration so the Mendix platform can identify multi-app users | Optional | Email | {{% alert color="info" %}} You may have a requirement that users log in to your application only via SSO. However, when you deploy your app on the Mendix Cloud, the platform may still create an MxAdmin user with a local password. From version 2.1.0 of the UserCommons module, if the flag for the `DisableMxAdmin` constant is set to `True`, the MxAdmin user will be deactivated via the startup microflow `ASU_UserCommons_StartUp`. diff --git a/static/attachments/appstore/platform-supported-content/modules/scim/user-commons.png b/static/attachments/appstore/platform-supported-content/modules/scim/user-commons.png deleted file mode 100644 index ec3e277552d..00000000000 Binary files a/static/attachments/appstore/platform-supported-content/modules/scim/user-commons.png and /dev/null differ diff --git a/static/attachments/appstore/platform-supported-content/modules/scim/usercommons.png b/static/attachments/appstore/platform-supported-content/modules/scim/usercommons.png new file mode 100644 index 00000000000..aaa2fa1557f Binary files /dev/null and b/static/attachments/appstore/platform-supported-content/modules/scim/usercommons.png differ