Considerations for existing customers (SCIM)
If you have already set up users, groups, passwords, policies, and exceptions in the cloud manager and you want to switch to SCIM, consider the following:
- You can minimize the impact by carefully matching your SCIM group names and membership to the existing setup. Matching SCIM group names and membership to those already in the cloud service allows existing policy selections and settings to be maintained, as well as existing usernames/passwords where applicable.
- You are responsible for avoiding ambiguous configurations, for example, users belonging to multiple groups which are assigned to different policies. It is up to you to set up groups in SCIM in such a way that ambiguities don't occur. (When there are ambiguities, the service selects the closest group-to-policy assignment for each individual user, taking the first group in alphabetical order where there are multiple assignments at the same hierarchical level).
- Existing users can retain their cloud web local passwords and whether you manage users through the portal, SCIM, or both is completely transparent to them.
If you are already using Directory Synchronization and would like to switch to SCIM:
- In order to maintain your existing users, ensure that the information for each user contains a synced email address that is equivalent to their UPN. This allows the service to match the user using the email address when it receives SCIM provisioning requests and allows for a seamless move fro Directory Synchronization to SCIM.
- If synced email addresses are not possible, a provisioning reset is recommended to avoid user duplication and additional management complexity and overhead. In this case, SCIM users will appear as new users. Note, however, that history reporting information for the directory synchronized users will no longer be available after the reset.