System for Cross-domain Identity Management (SCIM) is used to integrate identity providers (IdP) with Dremio for external user management. When properly configured, IdPs send the credentials of assigned users securely via SCIM to your Dremio organization, automatically creating user accounts if they do not already exist. These new users, also referred to as external users, may then log in to Dremio according to the policies set by your credential manager.
You cannot reset or change an external user’s password from Dremio as this is governed by your organization’s identity manager. If you delete an external user from Dremio, Okta will automatically re-add their account the next time that user attempts to log in. To properly revoke access to Dremio, follow the steps described here.
The following configurations must be utilized:
- Version: SCIM 2.0+
- Connector Authentication Method: Header Auth
- Sign-on Option: Secure Web Authentication
Configuring Azure Active Directory with SCIM
Microsoft Azure AD may be configured to securely provision external users on Dremio using SCIM. This process is accomplished as described on Microsoft’s documentation portal.