SCIM – System for Cross-domain Identity Management
If you are not an Enterprise Software Engineer, then the likely answer is no. It’s a complicated term, which in practice enables our customers to automatically create and delete users in Catenda Hub – (previously Bimsync) (also referred technically as provision/deprovision of users).
The main reason for adding support to SCIM now is that many of our bigger customers are reaching a point where they are managing a multitude of SAAS solutions for all their users. This becomes a headache to manage properly and efficiently, as they need to give manual access to Catenda Hub (previously Bimsync) for each user that joins or leaves the company.
The adoption of SCIM can help address this problem by integrating the creation and deletion of Catenda Hub users directly into our customers ID system (Microsoft Azure Active Directory, for example, or any other that supports SCIM).
With this setup in place there is also a higher security threshold making sure that only allowed users are accessing the platform, which is very important for our customers. Moreover, we also support MFA (multi-factor authentication) in case your setup is not ready for SSO or SCIM. MFA can be enforced on an Organization level inside Catenda Hub (previously Bimsync).
How to set it up?
To integrate with SCIM, you only need to set it up through your supported ID system (example on how to do it for Microsoft Azure AD), no software development needed.
For the more technically oriented, or in case you need more advanced control, these new SCIM v2 APIs are available in our public documentation.
In this initial release, we have only automated the creation and deletion of users, but the SCIM protocol is simple and extensible, so in the future, we also plan to add finer controls in order to automate Organization and Project memberships through the SCIM APIs.
The journey to adopt SCIM is an Organization-wide change, as it needs buy-in from all stakeholders in the company and needs some push to get the support from all their 3rd party SAAS software vendors. This is no simple task, at the same time, it is very important for the future of any bigger organization that wants to lead the way on the best security practices when it comes to how to efficiently manage the authorized access of data and information across multiple SAAS softwares.
One of our biggest customers is Schiphol Airport, and they are very advanced in the use of digital systems and best practices. Their Organization is at the forefront of promoting the SCIM standard to all their systems used internally and we now have a setup in place with Schiphol where the Catenda Hub user management is centralized through SCIM. This means, the access to Catenda Hub (previously Bimsync) is managed in Schiphol’s centralized ID management system.
“For Schiphol, security is top priority. Therefore, we use SCIM to automate the access control in a standardized way in (most of) our applications. Catenda Hub’s SCIM functionality enables us to work in a safe, integrated, and easy way on construction projects using Building Information Management (BIM) technology.” – Lysette Kampman (Informatiemanager Center of Excellence / Schiphol Projects).
As the previous example points out, Catenda is leading the way when it comes to best practices that secure the access of our customers’ data! This is crucial to us and to our customers.
If you are interested in improving your management of Catenda Hub users by enabling SSO with SCIM, please reach out to us at firstname.lastname@example.org and we will be happy to assist you in this journey. Also glad to hear any feedback or suggestions on this initiative.
Leonardo Cunha, CTO at Catenda.