SCIM Account Provisioning
With System for Cross-domain Identity Management (SCIM), administrators can automate the exchange of user identity information between systems.
If you use SAML SSO in your organization, you can implement SCIM to add, manage, and remove organization members access to Gamesight. For example, an administrator can deprovision an organization member using SCIM and Gamesight will automatically remove the member's access.
| Features | SAML | SAML + SCIM |
|---|---|---|
| User Authentication (SSO) | X | X |
| "Just In Time" Account Provisioning | X | X |
| "Push" Account Provisioning & Deprovisoning | X | |
| User Authorization Management (Set Roles via IdP) | X |
These identity providers have been verified compatible with Gamesight's SCIM API:
Read their integration guides for more information on how to get setup with SCIM.
Role Management
Gamesight supports sending a user's roles through both the SCIM & SAML protocols in a string encoded format. The IdP guide will have more details about how to configure your IdP to pass this role data to Gamesight. This guide covers the general structure and format of the role data Gamesight accepts.
For example, an admin user's roles may end up looking something like the following
{
...
"roles": [
"org:1:member",
"game:11:admin",
"team:111:admin",
"game:12:member",
"team:121:member",
"team:122:admin",
]
}
The format for each Role asserted is {context_type}:{context_id}:{role}. You can find a summarization of the available contexts and roles below.
| Context | Valid Roles |
|---|---|
org | admin, member |
game | admin, billing, integration, analyst, member |
team | admin, member |
You can find your Org, Game, and Team IDs through the "Management" tab on the Gamesight console.
Updated over 1 year ago