CybSafe supports provisioning for most Identity Providers (IDPs) via the SCIMv2 protocol.
Note: we have a more specific article for Azure customers
⚠️ If you utilise a provisioning integration to manage your people on CybSafe, all user management should be done from your source IdP in your infrastructure.
Any changes made within the CybSafe platform can be reverted when your provisioning sync next runs.
Installation details:
Authentication type: OAuth 2 Bearer Token
SCIM endpoint: https://app.cybsafe.com/scim/v2/
Installation steps
Generate a token by visiting Access Management with your administrator account
Copy the SCIM endpoint & token into your Identity Provider
Supported SCIM attributes
Minimum for CybSafe User | Description |
|
userName | Required by SCIM, usually primary work email address |
|
emails[type eq "work"].value | Work email address marked as primary |
|
givenName | First name |
|
familyName | Last name |
|
addresses[type eq "work"].country | At least 1 address with only country subfield |
|
preferredLanguage | Language tag used for email communications |
|
| Option | Description |
| en_gb | English (U.K.) |
| en | International English |
| en-us | English (US) |
| nl | Dutch |
| ar | Arabic |
| es | Spanish (Latam) |
| es-ES | Spanish (Spain) |
| fr | French |
| de | German |
| it | Italian |
| pl | Polish |
| pt-BR | Potrugese (Brazil) |
| tr-TR | Turkish |
| ru | Russian |
| ja-JP | Japanese |
| zh-CN | Simplified Chinese |
| zh-HK | Traditional Chinese |
| ko-KR | Korean |
Optional but recommended |
|
|
active | Must be true (or user will be provisioned but archived) |
|
phoneNumbers[type eq "mobile"].value | Optional |
|
locale | Optional, default location for purposes of localizing |
|
department | Optional, for filtering in dashboards |
|
division | Optional, for filtering in dashboards |
|
organization | Optional, for filtering in dashboards |
|
Please note: any other attributes from your SCIM will not sync across. Only the above attributes will be captured by CybSafe. If you have attribute mappings that you wish to be synced across to Group management please ensure they are under Department, Division or Organisation. If you do have additional attributes that you need synced across, you can add them in your user provisioning service.
Additional note- For organisations where the userPrincipalName differs to the full email address please contact CybSafe customer support and confirm your preferred Azure property which contains the full email address.
If you have a mismatch between the full email address and userPrincipalName, users may experience issues with different email accounts or missed emails.
Custom attributes that can be optionally added.
Attribute | Description | Values (if relevant) |
externalId | Captured, not currently used in reporting |
|
employeeType | used in CybSafe API for your external reporting |
|
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber | [Employee Number] used in CybSafe API for your external reporting |
|
city | Captured, not currently used in reporting |
|
office | Captured, not currently used in reporting |
|
businessUnit | Captured, not currently used in reporting |
|
grade | Captured, not currently used in reporting |
|
manager | Captured, not currently used in reporting |
|
To add additional attributes in Azure Active Directory specifically, follow the steps in this guide.
Testing
IDPs will vary with how quickly the sync starts, and is maintained, so take a look at your IDP logs to see when Sync has started.
You can verify sync is working by checking the following administration pages:
Access management showing last sync date
Still have questions?
If you still have questions, you can contact the CybSafe team via [email protected]. We’re on hand to help resolve any further issues!