Django app to implement SCIM 2.0
This package supports basic SCIM integration to enable your project to act as a SCIM Service Provider. This currently includes:
- User entity CRUD operations
- Service configuration discovery endpoints
In development.
This packages supports Django 3.2+, Python 3.8+
SCIM stands for System for Cross-domain Identity Management.
The System for Cross-domain Identity Management (SCIM) specifications are designed to make identity management in cloud-based applications and services easier. [...] Its intent is to reduce the cost and complexity of user management operations by providing a common user schema and extension model as well as binding documents to provide patterns for exchanging this schema using HTTP.
This document provides a platform-neutral schema and extension model for representing users and groups and other resource types in JSON format. This schema is intended for exchange and use with cloud service providers.
Citation: https://datatracker.ietf.org/doc/html/rfc7643
From the perspective of a Django application developer, it is implemented as
a set of REST (JSON) endpoints for managing User and Group objects remotely.
SCIM is used by large enterprises to manage their users' access to external applications. SCIM integration allows them to provision new user accounts and deactivate user accounts on remote systems from their existing identity management solutions (e.g. Google Workspace, MSFT Azure AD, Okta, ...).
If you have enterprise clients signing up to your application, you have probably been asked at some point if you support SSO (SAML) and SCIM. This package can help you to answer "yes" to that question.
- Create a new User entity
- Update an existing User entity
- Deactivate an existing User entity
- Delete an existing User entity
- Lookup an existing User entity
This package does not currently support Groups.
As well as the API endpoints to support the use cases above, this package provides configuration endpoints as defined in the spec (https://datatracker.ietf.org/doc/html/rfc7644#section-4):
- /ServiceProviderConfig - Service Provider Configuration Schema
- /ResourceTypes - returns the types of resources available (User only)
- /Schemas - returns all supported schemas (User only)
It adds a model, SCIMEvent that tracks each endpoint event, useful for
auditing / testing / debugging.
It also provides Django signals for the CRUD operations (pre/post) so that
you can hook additional business logic into your application at each event.
The SCIMEvent logging uses these signals as a demonstration.
You should read the standards before embarking on a SCIM API project:
- Definitions, Overview, Concepts, and Requirements: https://datatracker.ietf.org/doc/html/rfc7642
- Core schema: https://datatracker.ietf.org/doc/html/rfc7643
- Protocol: https://datatracker.ietf.org/doc/html/rfc7644