Configure SCIM for MKE¶
The Mirantis SCIM implementation uses SCIM version 2.0.
MKE SCIM intregration typically involves the following steps:
Enable SCIM.
Configure SCIM for authentication and access.
Specify user attributes.
Enable SCIM¶
Log in to the MKE web UI.
Click Admin Settings > Authentication & Authorization.
In the Identity Provider Integration section in the details pane, move the slider next to SCIM to enable the SCIM settings.
Configure SCIM authentication and access¶
In the SCIM configuration subsection, either enter the API token in the API Token field or click Generate to have MKE generate a UUID.
The base URL for all SCIM API calls is
https://<Host IP>/enzi/v0/scim/v2/
. All SCIM methods are accessible
API endpoints of this base URL.
Bearer Auth is the API authentication method. When configured, you access SCIM
API endpoints through the Bearer <token>
HTTP Authorization request header.
Note
SCIM API endpoints are not accessible by any other user (or their token), including the MKE administrator and MKE admin Bearer token.
The only SCIM method MKE supports is an HTTP authentication request header that contains a Bearer token.
Specify user attributes¶
The following table maps the user attribute fields in use by Mirantis to SCIM and SAML attributes.
MKE |
SAML |
SCIM |
---|---|---|
Account name |
|
|
Account full name |
Attribute value in |
User’s |
Team group link name |
Attribute value in |
Group’s |
Team name |
N/A |
When creating a team, use the group’s |