This article serves as a reference for configuring SCIM provisioning between your Identity Provider (IdP) and Hoxhunt.
Recommended minimum set of attributes
userName:
- Definition: Each user is required to have a non-empty userName value.
- Data Type: String
- Suggested Source Attribute: User's email address.
- Notes: Must be unique. Hoxhunt recommends using the user's primary email address.
emails.value:
- Definition: Email addresses for the user.
- Data Type: String
- Suggested Source Attribute: User's email address.
- Notes: Must be unique. Hoxhunt recommends using the user's primary email address. If multiple email addresses are sent, the first one is selected.
active:
- Definition: A Boolean value that indicates whether the user account is active in the source system.
- Data Type: Boolean
- Suggested Source Attribute: User's account status.
- Notes: Map to a boolean value representing enabled/disabled status.
name.givenName:
- Definition: The given name of the user.
- Data Type: String
name.familyName:
- Definition: The family name of the user.
- Data Type: String
Additional attributes
addresses[type eq "work"].country:
- Definition: User's country.
- Data Type: String
addresses[type eq "work"].locality:
- Definition: User's city.
- Data Type: String
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division:
- Definition: User's site.
- Data Type: String
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department:
- Definition: User's department.
- Data Type: String
title:
- Definition: User's job title, such as "Vice President".
- Data Type: String
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value:
- Definition: User's manager.
- Data Type: String
- Suggested Source Attribute: Unique identifier of user's manager. Can be ID or email address.
preferredLanguage:
- Definition: User's preferred language.
- Data Type: String
- Notes: Sets user's UI and simulation language upon creation or when the source attribute changes. It won't overwrite a manually selected language unless the source attribute value changes. Required in ISO 639-1 format.
phoneNumbers[type eq "work"].value:
- Definition: User's work phone number. The value should be specified according to the format defined in [RFC3966].
- Data Type: String
- Notes: Ensure the phone number is in E.164 format. Ensure type is set to "work".
Hoxhunt extension attributes
urn:ietf:params:scim:schemas:extension:hoxhunt:2.0:User:microsoftEntraObjectId:
- Definition: The unique identifier of the user in Microsoft Entra.
- Data Type: String
- Suggested Source Attribute: User's unique object ID.
urn:ietf:params:scim:schemas:extension:hoxhunt:2.0:User:disableThreatUpload:
- Definition: Whether to disable threat upload for the user. If true, the user's threat reports will not be uploaded to Hoxhunt.
- Data Type: Boolean
- Suggested Source Attribute: Custom attribute indicating whether to disable threat upload.
urn:ietf:params:scim:schemas:extension:hoxhunt:2.0:User:employmentStart:
- Definition: The date when the user started their employment. This is a string in the format YYYY-MM-DD.
- Data Type: String
- Suggested Source Attribute: User's employment start date.
- Notes: Requires date format conversion to YYYY-MM-DD.
urn:ietf:params:scim:schemas:extension:hoxhunt:2.0:User:customAttribute1:
- Definition: A custom attribute that can be used to store additional information about the user.
- Data Type: String
- Suggested Source Attribute: Custom attribute 1.
- Notes: Hoxhunt provides ten custom attributes (customAttribute1 through customAttribute10).
urn:ietf:params:scim:schemas:extension:hoxhunt:2.0:User:deviceHostnames:
- Definition: Hostnames of the devices that the user is using, as comma-separated list of domain names.
- Data Type: String
- Notes: Hostnames must be valid domain names, and there can be a maximum of ten hostnames.
Group attributes
displayName:
- Definition: Group name.
- Data Type: String
- Notes: Required. Must be unique.
members[].value:
- Definition: Identifier of the member of this Group.
- Data Type: String
- Suggested Source Attribute: Unique identifier of the group member (user).
Important considerations
- Attribute Availability: The specific attributes available in your IdP may vary depending on your configuration.
- Contact Hoxhunt Support: If you have any questions or issues, contact Hoxhunt support for assistance.