Articles in this section

Provisioning settings screen

Avatar
Global Admin2
  • Updated
Follow

The provisioning settings screen lets you view and edit CloudGate Key Manager's provisioning settings. These settings relate to how users, groups and organizational units are managed in CloudGate Key Manager.

Action bar

Action Result

Refresh user information

Refreshes user, group and organizational unit information from the configured provider.

Note: This action is only available if the configured provider allows CloudGate Key Manager to pull information from it, e.g. CloudGate UNO.

Refresh API credentials

Refreshes API credentials.

Note: This action is only available if the configured provider pushes information to CloudGate Key Manager, e.g. a SCIM-compliant provider.

General section

The General section contains general provisioning settings.

Label Description

Provider

The type of provider to use for user, group and organizational unit provisioning

The following options are available:
  • CloudGate – Retrieve user, group and organizational unit information from CloudGate UNO (see CloudGate section).
  • SCIM – Receive user and group information from a SCIM-compliant identity provider (see SCIM section).

Prune organizational units and groups

Whether or not organizational units and groups without users need to be stored in CloudGate Key Manager

CloudGate section

The CloudGate section contains provisioning settings that are specific to CloudGate UNO.

Label Description

Customer ID

The CloudGate customer ID

API URL

The base URL for the CloudGate API

API authentication endpoint

The authentication endpoint for the CloudGate API

API client ID

The client ID to be used with the CloudGate API

API client secret

The client secret to be used with the CloudGate API

Sync interval

The synchronization interval for CloudGate provisioning, expressed in days, hours or minutes

Note: Setting the sync interval to 0 will cause user, group and organizational unit information from CloudGate to not be automatically refreshed. This information can still be manually refreshed by clicking the Refresh button in this screen.

SCIM section

The SCIM section contains provisioning settings that are specific to SCIM. These settings are mostly read-only, and need to be configured at the identity provider's side to allow the identity provider to push user and group information to CloudGate Key Manager.

Note: The CloudGate Key Manager SCIM API uses OAuth 2.0 for authentication. When it comes to current identity provider implementations, there are two common scenarios:
  • The identity provider's SCIM client requires you to specify a client ID and client secret for the SCIM server. In this case, the identity provider will use the client ID and client secret to obtain an access token from CloudGate Key Manager, and then use that access token for further interactions with CloudGate Key Manager.
  • The identity provider's SCIM client requires you to specify an access token. In this case, the identity provider will use the access token directly to interact with CloudGate Key Manager.
Label Description

API URL

The URL of CloudGate Key Manager's SCIM API

API authentication endpoint

The authentication endpoint for CloudGate Key Manager's SCIM API

API client ID

The client ID to use with CloudGate Key Manager's SCIM API

API client secret

The client secret to use with CloudGate Key Manager's SCIM API

API access token

The access token to use with CloudGate Key Manager's SCIM API

API access token validity

The validity of the access token to use with CloudGate Key Manager's SCIM API

API access token life span

The life span of the access token to use with CloudGate Key Manager's SCIM API, expressed in seconds

Note: In case the identity providers's SCIM client configuration requires you to directly specify an access token (instead of a client ID and client secret), setting the life span to a higher value will prevent you from having to frequently update the SCIM client configuration at the identity provider's side.

Button bar

Button Result

Cancel

Discards any changes made to the provisioning settings, and reverts them to their original state.

Delete

Deletes the provisioning settings.

CAUTION:
Deleting the provisioning settings also deletes all users, groups and organizational units that were provisioned using the configured provider.

Save

Saves all changes made to the provisioning settings. If the configured provider is of a type that allows CloudGate Key Manager to pull information, CloudGate Key Manager will also attempt to retrieve user, group and organizational unit information.
Related tasks

Comments

0 comments

Please sign in to leave a comment.