SCIM Token Validity Check
Rule Details
Parameter |
Description |
---|---|
Rule Name |
identitycenter-scim-token-expiration-check |
Identifier |
SCIM Token Validity Check |
Description |
If the remaining validity period of an SCIM token is less than the specified period, this policy is non-compliant. |
Tag |
identitycenter |
Trigger Type |
Periodic |
Filter Type |
identitycenter.scim |
Rule Parameters |
daysToExpiration: the number of days before the token expires. The default value is 90. |
Application Scenarios
IAM Identity Center supports automatic user/user group information synchronization from an identity provider (IdP) using the cross-domain identity management system (SCIM) v2.0 protocol. When configuring SCIM-based synchronization, you can map IdP user attributes to IAM Identity Center name attributes, which ensures that the matches between them.
Solution
When the SCIM token is about to expire, obtain a new access token. For details, see Generating or Deleting an Access Token.
Rule Logic
- If the remaining validity period of an SCIM token is less than the specified period, this policy is non-compliant.
- If the remaining validity period of an SCIM token is longer than the specified period, this policy is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot