Create Bearer Token

Instruction:

  1. Open the ServerAdministration

  2. In the Authentication area, open the SCIMv2 bearer token tab

  3. Click the Create SCIMv2 bearer token button:

  4. Fill in the following fields in the dialog:

    Property Description
    Database Select here the database for which you want to create a bearer token.
    Host Enter here the URL with which the IDP (SCIM partner) can reach the Aeneis instance. By default, a host is already entered.
    Expiration time

    Select the validity period for the created token from the possible values in the list.

    Tip: Create a reminder for yourself before the expiration date to create a new token in time and set it in the IDP (SCIM partner).
    External service Enter a string here that Aeneis will enter as External service for the created users and groups. If users are to be detached from an existing synchronization that already has an External Service set for users and groups, use the name used so far. If no External Service has been set so far (the field is empty for existing users) and you want to manage them via SCIMv2 in the future, then add an underscore in front of the name. All existing users will then be compared against SCIMv2 and transferred if necessary.
    Employee folder guid Here you can optionally enter the GUID of a folder in which the interface can create employees to users who are newly transferred. If you leave this field blank, Aeneis will not create any employees.
    External folder guid Here you can optionally enter the GUID of a folder in which the interface can create externals to users that are newly transferred. If you leave this field empty, Aeneis will create externals in the employees' folder (if the related field is set) or create users only. Externals are created if the userType field passed by the SCIM partner (e.g. Okta) is set and is named External.
    Assign existing employees by user name

    If you enable this option and employees are created (see property Employee Folder guid ), existing employees are searched for via the user name (attribute 5b2c027012e4690b_d5934d_ff01cc5503__7ff6 ) and assigned to the user who was found. However, priority is given to an existing assignment of a user to an employee via the direct link between the two.

    Note: If employees are not created via SCIMv2, the relevant interface should populate employees with the UserID and/or email address. In this case, the assignment between employees and users must not be made via a job, but only on the basis of this information via the SCIMv2 interface. Enable this option if the relevant interface populates employees with the UserID.
    Assign existing employees by email If you enable this option and employees are created (see propertyEmployee folder guid), existing employees are notified via email (attribute5b2c027012e4690b_d5934d_ff01cc5503__7ffa) and assigned to the user who was found. If you have also enabled the propertyAssign existing employees by user namean assignment is first attempted via the user name.

    Note: If employees are not created via SCIMv2, the relevant interface should populate employees with the UserID and/or email address. In this case, the assignment between employees and users must not be made via a job, but only on the basis of this information via the SCIMv2 interface. Enable this option if the relevant interface populates employees with the email address.

  5. Click Create to create the bearer token

  6. The generated bearer token is displayed. Important: Copy and save this in a safe place for later. Once you close the window, you cannot call this Bearer token again. If you lose the Bearer token, you can generate a new token

Result:

The bearer token is created and displayed in the list. Now you can create the appropriate user groups and Aeneis as an application in your IDP (Identity Provider). Important: Enter the SCIM-connector-base-URL in your IDP for the Aeneis application: base URL of Aeneis (http://[HOSTNAME]:[PORT]) with the extension /scim/v2 (example: http://intellior.de:12345/scim/v2).