SCIM configuration

Parkable only supports SCIM 2.0

SCIM groups is currently only supported by Okta

SCIM provisioning means that you can create, update, activate and deactivate user accounts from your identity provider. SCIM functions in two different ways:

  1. Without SCIM groups enabled

    • When adding a user they will be added to all default groups in each of your car parks.

  2. With SCIM groups enabled

    • Users can be added as administrators of your organisation and optionally to one or more default groups of your car parks.

    • Users can be added as members of the default groups of one or more car parks

This page describes what features Parkable supports and where to get required values when configuring SCIM with your identity provider (IDP).

Supported operations

Operation

Notes

Create new user

When you create a user with SCIM the user is automatically added to your Parkable organisation. If not using SCIM groups they will be added to all default groups of each of your car parks.

Link existing user

When a user account exists with the same email address it will be added to your organisation. If not using SCIM groups they will be added to all default groups of each of your car parks. This requires the domain to be verified.

Fetch existing user by ID

Fetch an existing user by their Parkable ID.

Query users

Query users by email address, givenName, familyName and active status

Update user details

Currently supported fields are: userName, givenName, familyName

Activate a user account

Activating a user account restores the ability to log in and access the Parkable system.

Deactivate a user account

Deactivating a user account will revoke access to the Parkable system. The user will not be able to log in. This behaviour is the same for user accounts that already existed prior to linking via SCIM.

Fetch all groups

Fetching groups returns all SCIM groups that have been configured on the Parkable platform

Fetch a group by ID

Returns the group by the Parkable group ID

Update a group

Updating a group allows the addition to or removal of users in a group

Supported user fields

Field

Format

Required

userName

email address

yes

givenName

character string

yes

familyName

character string

yes

Parkable saves userNames in lowercase however they are treated case insensitively. Any fields not listed above will be ignored

Before you begin

  1. You must be an administrator in your organisation.

  2. SAML must be configured and enabled. See our SAML configuration guide for instructions.

  3. It is a good idea to verify the domains you wish to use before continuing as these may take a while to propagate. You will not be able to add or update users without at least one verified domain. See Domain verification for information on how to configure domains.

Set up SCIM provisioning

You will need to follow the instructions for your particular IDP to set up SCIM. At some point your IDP will request an authorisation method and base URL. Parkable uses HTTP header authentication for SCIM as follows:

Header

Value

Authorization

Bearer <Your API key>

You can find the base URL and API key on the Parkable system as follows:

  1. From your organisation at account.parkable.com, select members from the top bar and then SSO from the left, then navigate to the SCIM tab.

  2. Click the ‘SCIM provisioning enabled ‘toggle.

  3. Click the big green button ‘Generate API Key’. The Parkable server will generate a key and you can click the button a second time to fetch the key.

The API key and Base URL are required by your Identity provider to complete setup on their platform, see below for platform specific guides

Use caution when deleting any API Keys. Once deleted, these cannot be recovered and any implementation using these keys will cease to function

SCIM Groups

Groups must be created within Parkable that can then be retrieved by your identity provider. Once these groups reside in your identity provider you can add or remove users from them.

When a user is added to a SCIM group, they will automatically be added to all the ‘default’ groups for car parks that you have configured for the group.

Creating groups in Parkable

From your organisation at account.parkable.com, select members from the top bar and then SSO from the left, then navigate to the Groups tab.

  1. Click ‘Create’.

  2. Give your group a name and select the organisation that contains the car parks you wish to apply to the group.

  3. Select the role for users in this group.

  4. Select car parks for this group. Users will be added to the ‘default’ group for each of the car parks selected.

  5. Click save to save your group and close the dialog.

Note that when granting Administrator rights for a group you do not need to specify any car parks. In this case the user will be added as an administrator for the organisation only.

Adding users to a group in your identity provider

Once you have pulled the Parkable SCIM groups into your identity provider you can add users and push them back to the Parkable system. This behaves as follows:

Administrator Groups:

Users will be added as administrators for your organisation.

Member Groups:

Users will be added to all the default groups for each of the car parks configured for the group.

Removing users from a group in your identity provider

Users can be removed from groups in your identity provider. When the group is pushed back to the Parkable system it will behave as follows:

Administrator Groups:

Removed users will lose their administrator role, reverting them back to members. Users will also be removed from the default groups of each car park configured for the group. They will not lose membership of non default groups that they have been added to from within the Parkable platform.

Member Groups:

Users will be removed from the default groups of each car park configured for the group. They will not lose membership of non default groups that they have been added to from within the Parkable platform.

In both cases, if the member no longer belongs to any groups, they will no longer be mebers of the organisation.

Platform specific guides

Trouble shooting

Problem

Solution

Users are not being provisioned as expected

Double check you have the API key correct. Your provider platform may provide specific errors being received.

There are outstanding invites and you want to turn on SCIM provisioning

Invites do not affect the ability for a user to be provisioned with SCIM. Any PENDING invites will automatically have their status update to USER CREATED when they are provisioned with SCIM.