SCIM
-
The SCIM feature is only available for advanced preview customers.
-
Microsoft has changed the name of Azure Active Directory to Microsoft Entra ID. However, Nintex Workflow and the help still refer to this product as Azure Active Directory.
An administrator role is required. For information, see User roles.
System for Cross-domain Identity Management (SCIM) allows you to sync users from your identity provider An identity provider (IdP) stores and authenticates the identities of users to log in to system, files, or applications. (IdP) to Nintex Workflow. Once it's set up you can manage user access to Nintex Workflow tenant directly through your IdP.
In the SCIM page, you can:
- Create and configure a directory.
- Add new rules and assign roles. You can also edit, disable, or delete rules from the tenant.
Jump to:
Access the SCIM page
-
On the top navigation bar, click Settings.
-
On the left navigation, click SCIM.
Create a directory
You must be a verified primary domain owner, and your organization must be federated. For information on configuring or verifying your organization's federation status, see Configure identity federation.
-
On the SCIM page, under the Directory section, click Add directory.
-
Enter a Directory name, click Add.
A Base URL and API key are provided. Use these credentials to configure SCIM in your identity provider and complete the setup process.
Important: Make sure to save your API key securely, as you won't be able to access it again after closing the window.
-
In your Microsoft Entra ID tenant, create an enterprise application. For more information, see Create a Nintex Workflow application in Azure Active Directory.
Delete a directory
Administrator and verified primary domain owner access is required.
When a directory is deleted, the connection to Azure Active Directory will be lost, and Nintex Workflow will no longer receive updates from the IdP. As a result, any changes made to users or groups in the IdP will not take effect in Nintex Workflow.
- On the SCIM page, under the Directory section, click
and select Delete for the required directory.
Create, sync and delete user management rules
You must be a verified primary domain owner and a global administrator.
Rules manage access to tenants and roles based on users' group and role memberships in your IdP. User management rules let you assign specific roles to users within a tenant, while default rules automatically assign roles based on group memberships.
After you set up a directory, you can configure rules for your tenant.
Important: When a rule is added, disabled, enabled, or deleted, it only affects new messages or changes from the IdP. To update access for users already in the system, the admin must re-sync the organization.
Add a rule
-
Open the SCIM page: Click Settings and then select SCIM.
-
In the User management rules section, click Add a rule.
-
Select an IdP group from the drop-down list.
-
Select the Nintex Workflow tenant to which you want to provide access.
-
Select the Nintex Workflow role you want to assign.
-
(Optional) You can select an existing Nintex Workflow group to assign.
-
Click Add.
Sync rules
Rules are automatically applied to new users and groups in your IdP. Any added or deleted rules automatically apply to future updates of users and groups. To apply rules to existing users and groups, sync the rules after making changes.
-
On the SCIM page, under User management rules section, click Sync rules.
Note: Syncing may take some time depending on the size of your directory and the number of rules.
Delete a rule
You must be a verified primary domain owner and a global administrator.
After deleting a rule, it no longer applies to incoming changes from the IdP for users and groups. You must sync rules to remove access granted by the deleted rule.
-
On the SCIM page, under User management rules section, on the right of the rule you want to remove, click
and then select Delete.
Enable and disable user management rules
Important: When a rule is added, disabled, enabled, or deleted, it only affects new messages or changes from the IdP. To update access for users already in the system, the admin must re-sync the organization.
Enable a rule
-
On the SCIM page, under User management rules section, on the right of the rule you want to enable, click
and then select Enable.
Disable a rule
-
On the SCIM page, under User management rules section, on the right of the rule you want to disable, click
and then select Disable.
SCIM selections
Available only to users who are global administrators and a verified primary domain owners.
|
Section |
Selection (or column or field) | Description |
|---|---|---|
|
Directory |
Add directory |
Adds a new directory and provides a base URL and API key. |
|
Directory name |
Displays the name assigned to the directory during creation. |
|
|
|
Created |
The date and time the directory was created. |
|
|
Created by |
Tenancy user name of person who configured the directory. |
Options ( ) |
Lists the following selections:
|
|
| User management rules | Sync rules |
Allows you to sync rules. To apply rules to existing users and groups, sync them after adding. |
| Add a rule | Allows you to add a rule to user management rules. | |
| Tenant access |
Displays the name of the tenant the rule applies to. |
|
| From IdP group | The IdP group that the user belongs to. | |
| Assigned role |
Role type of the user who created the management rule. For more information, see User Roles. |
|
| Assigned group | The group the user belongs to and has permissions to manage the rule. | |
| Members | Number of members who have access to the rule. | |
|
|
Created |
The date and time the rule was created. |
|
Created by |
Tenancy user name of person who configured the rule. | |
| Is active | Displays whether the rule is active or inactive. | |
|
|
Options ( |
Lists the following selections:
|
Steps to set up SCIM in Nintex Workflow with your preferred identity provider
To configure SCIM for Nintex Workflow, see the guide listed below that is relevant to the identity provider you use: