SCIM Account Provisioning

With System for Cross-domain Identity Management (SCIM), administrators can automate the exchange of user identity information between systems.

If you use SAML SSO in your organization, you can implement SCIM to add, manage, and remove organization members access to Gamesight. For example, an administrator can deprovision an organization member using SCIM and Gamesight will automatically remove the member's access.

Features

SAML

SAML + SCIM

User Authorization (SSO)

X

X

"Just In Time" Account Provisioning

X

X

"Push" Account Provisioning & Deprovisoning

X

User Authorization Management (Set Roles via IdP)

X

These identity providers have been verified compatible with Gamesight's SCIM API:

Read their integration guides for more information on how to get setup with SCIM.

Role Management

Gamesight supports sending a user's roles through both the SCIM & SAML protocols in a string encoded format. The IdP guide will have more details about how to configure your IdP to pass this role data to Gamesight. This guide covers the general structure and format of the role data Gamesight accepts.

For example, an admin user's roles may end up looking something like the following

{
  ...
  "roles": [
    "org:1:member",
    
    "game:11:admin",
    "team:111:admin",

    "game:12:member",
    "team:121:member",
    "team:122:admin",
  ]
}

The format for each Role asserted is {context_type}:{context_id}:{role}. You can find a summarization of the available contexts and roles below.

Context

Valid Roles

org

admin, member

game

admin, billing, integration, member

team

admin, member

You can find your Org, Game, and Team IDs through the "Management" tab on the Gamesight console.


Did this page help you?