Information
  • Author: Appian Corporation
  • Type: Utility
  • Support: This plug-in or utility is not supported by the author. The content is free to use with a licensed product, but it is made available as-is and Community supported.
  • Industry: All Industries
  • Compatible Version(s): 22.4
  • First Released:
  • Last Updated:
  • Cost: Free
Resources
Share
Home » AppMarket » SCIM User Management

SCIM User Management

Overview

System for Cross-Domain Identity Management (SCIM) is an open standard protocol for automating the exchange of user identity information between identity domains and IT systems. SCIM ensures that employees added to the Human Capital Management (HCM) system automatically have accounts created in Azure Active Directory (Azure AD) or Windows Server Active Directory. User attributes and profiles are synchronised between the two systems, updating and removing users based on the user status or role change.

SCIM is a standardised definition of two endpoints: a /Users’ endpoint and a /Groups endpoint. It uses common REST verbs to create, update, and delete objects. It also uses a predefined schema for common attributes like group name, username, first name, last name, and email. Applications that offer a SCIM 2.0 REST API can reduce or eliminate the pain of working with proprietary user management APIs or products. For example, any SCIM-compliant client can make an HTTP POST of a JSON object to the /Users endpoint to create a new user entry. Instead of needing a slightly different API for the same basic actions, apps that conform to the SCIM standard can instantly take advantage of pre-existing clients, tools, and code.

Key Features & Functionality

Appian does not natively support SCIM, hence the custom application that this documentation refers to. The downloaded content contains two distinct Appian applications:

  • SCIM User Management (SCIM)
    • This implements the /User and /Group service endpoints that implement the various operations that allow Users to be created / changed / deactivated / reactivated, and for User membership of Groups to be managed (Users added / removed)
  • SCIM Test Application (SCIMTA)
    • This provides a set of test harnesses to flex the functionality exposed in the above application, as an alternative to using other testing tools such Postman or SOAP UI
Anonymous

  • We have deployed this plug-in on our environment, Now when we want configure the tenant URL, we are getting an error upon clicking the Test connection. How do we configure the tenant URL here ? Is that something that needs to be configured on the Appian side or on the Microsoft side .

  • We are unable to establish the connection between Appian and Microsoft Azure. Under the tab Tenant URL should we are suppose to give a URL and Token to test this connect. Inorder to make this connection should we make any configurations in Appian or this configurations are supposed to be made from the Microsoft side. Currently we are getting the following error when we provide a Appian WebApi Url.

    Error code: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable

    Details: We received this unexpected response from your application: Received response from Web resource.    Resource: https://syniversedev.appiancloud.com/suite/webapi/scim/Users?filter=userName+eq+"4ef2739f-c73d-4068-93c1-cd25be59a05a"    Operation: GET    Response Status Code: InternalServerError    Response Headers: Connection: keep-alive X-Trace-Id: ca4622c1a9fb05449296e43e18944c41 Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Referrer-Policy: strict-origin-when-cross-origin X-Frame-Options: SAMEORIGIN Content-Security-Policy-Report-Only: style-src 'unsafe-inline' 'self' https://web-assets.appian-cdn.com 'strict-dynamic' 'nonce-OWY1Zjg1MmYtMWQ2YS00NDMwLWE4NWUtMDUyMTcyMDA5ZTVk'; child-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://web-assets.appian-cdn.com 'strict-dynamic' 'nonce-NDc5MDNiM2ItNzE3Zi00MGJjLThjYWYtNDVlMTRmMmM3OGI1'; object-src https:; frame-src https:; img-src https:; default-src 'self'; font-src 'self' https: data:; report-uri /suite/rest/a/logging/latest/csp/report; report-to report; Content-Security-Policy: report-uri /suite/rest/a/logging/latest/csp/report; report-to report; Reporting-Endpoints: report="/suite/rest/a/logging/latest/csp/report" X-XSS-Protection: 1; mode=block Requested-While-Authenticated: false Cache-Control: private Date: Wed, 12 Mar 2025 12:49:47 GMT    Response Content: [] Please check the service and try again.  

    Request-id: be7ef102-9ab0-4d0b-914c-f23587419107

    We need to know how to configure this tenant URL here : 

  • We are importing the SCIM User Management application.

    The locale for that application is en_US.

    The locale for our Appian server is GB.

    We therefore get the following error when trying to import: 

    Problems (1):
    processModel 0002e9c5-4ae7-8000-558d-3a4d983a4d98 "{en_US=SCIM Deactivate User}": An error occurred while creating processModel [uuid=0002e9c5-4ae7-8000-558d-3a4d983a4d98]: com.appiancorp.process.validation.ValidationException: Process Model is not valid. The process model must have a valid name in the site primary language: English (GB). (APNX-1-4071-007)

    How are we suppose to import the application if it's in a different locale to us?

  • Hi,

    Is there a way to automate the mapping between the groups received from the IDP and Appian? I mean, instead of manually using the site to map the externalId and groupId in Appian, could we have a rule that searches for the groups by name in Appian and provides the corresponding goupId?

    This way, developers wouldn't need to take the additional step of adding new groups to the SCIM site for them to be able to sync with SCIM.

    Thanks in advance!

  • Hi Stewart Burchell,

    Is it possible to get in touch with you ? we have the following error while trying to integrate Quest One Identity Manager 9.2  

    Expression evaluation error in rule 'scim_er_searchusers' at function a!forEach [line 27]: Error in a!forEach() expression during iteration 1: Expression evaluation error at function 'stripwith' parameter 1 [line 30]: Invalid index (2) for list: valid range is 1..1 (APNX-1-4198-000)

    com.appiancorp.core.expr.exceptions.ExpressionRuntimeException$AppianExceptionProvider: Expression evaluation error in rule 'scim_er_searchgroups' at function a!forEach [line 34]: Error in a!forEach() expression during iteration 1: Expression evaluation error at function 'stripwith' parameter 1 [line 37]: Invalid index (2) for list: valid range is 1..1 (APNX-1-4198-000)

    Thanks in advance 

    David L.

  • in reply to Luis Miguel

    Hi, the downloaded package contains the installation guide and 2 applications, no plugin to be deployed.

    I suggest to download the packages and follow the installation guide

  • Good morning,

    I just tried to install the plugin in my Appian environment, which is version 24.3, and I get the error ‘Error deploying the plugin. scim-user-management-1.0.0.zip is not an Appian validated plug-in. Contact Appian Support to authorize the plug-in.’ Has anyone else had this problem?

    Thanks

  • in reply to Akshar Chauhan

    I encountered the same issue and think that there are some bugs in this application and some tricky bits with Okta itself.

    First, I used Runscope/Blazemeter to run Okta's SCIM 2.0 test package, tweaking Appian until the first test passed - https://developer.okta.com/docs/guides/scim-provisioning-integration-test/main/

    Then, set up Okta like this:

    Okta then validated correctly. Still more work to go but the major issue I hit is the Appian app seems to be expecting query params purely as a string, but Appian WebAPIs send that information around as a dictionary so the parser needs work for any searching cases

  • How can we set this up from Okta. When our Okta team tries to validate the credentials, Okta throws error that "No results for users returned". Can someone share the steps on how to set this up in Okta?

© 2025 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.