Skip to content

Synkzone SCIM properties

The Synkzone SCIM module is a separate service and needs some basic configuration in order to work.

ssi.api.token An administrator must supply a token that the SCIM module can work with. Note: A security recommendation is to create it with scope set to “SCIM”. A token with this scope cannot do anything else but add and remove users.

azure.token This secret token is shared between Entra ID SCIM enterprise application and the Synkzone SCIM.

ssi.api.url The URL of the Synkzone API.

preferred.language.code The language code that the created user will have as default. Default: se

organization.name.internal.users If this organization name matches organization in UPN the user is INTERNAL

organization.name.case.sensitive If true, the organization name for internal users is matched case sensitive Default: true

allow.creation.internal.users If false internal users are NOT ALLOWED to be created Default: true

allow.creation.external.users If false external users are NOT ALLOWED to be created Default: false

organization.email The organization e-mail (right side) to be used in e-mail strategy use_left_side_of_upn

email.strategy.internal Strategy to determine the e-mail address to use for INTERNAL users. Possible values are: - UPN: Use UPN as e-mail address - user_left_side_of_upn: Use left side of UPN and combine with property organization.email - use_scim_email: Use e-mail provided in SCIMUser Default: use_left_side_of_upn

email.strategy.external Strategy to determine the e-mail address to use for EXTERNAL users. Possible values are: - UPN: Use UPN as e-mail address - user_left_side_of_upn: Use left side of UPN and combine with property organization.email - use_scim_email: Use e-mail provided in SCIMUser Default: use_left_side_of_upn

Example configuration

com.synkzone.ssi.api.token=P-3F7B9C40013CE367C209A625E2C1FCFB61E07F384A956290EDF11FE3870FE32F
com.synkzone.azure.token=2c110eac-ed2d-42fc-9a2d-708d3466cd66
com.synkzone.ssi.api.url=https://test.synkzone.org
com.synkzone.preferred.language.code=en
com.synkzone.organization.name.internal.users=customer.onmicrosoft.com
com.synkzone.organization.name.case.sensitive=true
com.synkzone.allow.creation.internal.users=true
com.synkzone.allow.creation.external.users=false
com.synkzone.organization.email=synkzone.org
com.synkzone.email.strategy.internal=use_left_side_of_upn
com.synkzone.email.strategy.external=use_left_side_of_upn