System for Cross-Domain Identity Management (SCIM) Configuration Guide
Overview
The System for Cross-domain Identity Management (SCIM) standard allows organizations to manage users in a third-party application.
Prerequisites
You should already have an SSO integration configured. See Single Sign-On Configuration.
Supported Features
- Create users
- Update user attributes
- Deactivate users
Configuration
Configuration details vary from identity provider to identity provider. Consult their documentation for specifics.
Note: Before setting up and enabling SCIM, please be sure to speak with a support representative. Any manual mapping to existing Getty Images users must be completed before enabling SCIM.
Authorization
Authorization is completed via OAuth 2.0. Some identity providers use the Authorization Code OAuth 2.0 grant type.
Necessary information:
- Access token endpoint: https://authentication.gettyimages.com/oauth2/token
- Authorization endpoint: https://authentication.gettyimages.com/oauth2/auth
- Client Id: Provided by a Getty Images customer support representative.
- Client Secret: Provided by a Getty Images customer support representative
SCIM Connection
SCIM base URL: https://scim.gettyimages.com/v2 SCIM Service Provider Config URL: https://scim.gettyimages.com/v2/ServiceProviderConfig
Identity Provider Specific Information
Azure AD SSO
Azure does not support OAuth authorization for manually configured SSO/SCIM integrations. The integration must be set up via the Azure Active Directory application gallery. We are actively working on submitting our application for inclusion there.
Okta
Getty Images supports OAuth 2.0 for SCIM integration authorization. Okta supports the Authorization Code grant, which requires a client id, client secret and user name, password. Your Getty Images sales representative will provide that information to you.