This article serves as a reference for configuring SCIM provisioning between your Identity Provider (IdP) and Hoxhunt.
Recommended minimum set of attributes
userName:
- Definition: Each user is required to have a non-empty userName value.
- Data Type: String
- Suggested Source Attribute: User's email address.
- Notes: Must be unique. Hoxhunt recommends using the user's primary email address.
emails.value:
- Definition: Email addresses for the user.
- Data Type: String
- Suggested Source Attribute: User's email address.
- Notes: Must be unique. Hoxhunt recommends using the user's primary email address. If multiple email addresses are sent, the first one is selected. You can specify which address should be used by adding the type. For example, emails[type eq "work"].value. IdPs are able to use this field as a pre-provisioning check to determine if a User resource exists. For example, /Users?filter=emails[type+eq+"work"].value+eq+"someone@hoxhunt.com"
active:
- Definition: A Boolean value that indicates whether the user account is active in the source system.
- Data Type: Boolean
- Suggested Source Attribute: User's account status.
- Notes: Map to a boolean value representing enabled/disabled status.
name.givenName:
- Definition: The given name of the user.
- Data Type: String
name.familyName:
- Definition: The family name of the user.
- Data Type: String
Additional attributes
addresses[type eq "work"].country:
- Definition: User's country.
- Data Type: String
addresses[type eq "work"].locality:
- Definition: User's city.
- Data Type: String
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division:
- Definition: User's site.
- Data Type: String
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department:
- Definition: User's department.
- Data Type: String
title:
- Definition: User's job title, such as "Vice President".
- Data Type: String
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value:
- Definition: User's manager.
- Data Type: String
- Suggested Source Attribute: Unique identifier of user's manager. Can be ID or email address.
preferredLanguage:
- Definition: User's preferred language.
- Data Type: String
- Notes: Sets user's UI and simulation language upon creation or when the source attribute changes. It won't overwrite a manually selected language unless the source attribute value changes. Required in ISO 639-1 format.
phoneNumbers[type eq "work"].value:
- Definition: User's work phone number. The value should be specified according to the format defined in [RFC3966].
- Data Type: String
- Notes: Ensure the phone number is in E.164 format. Ensure type is set to "work".
Hoxhunt extension attributes
urn:ietf:params:scim:schemas:extension:hoxhunt:2.0:User:microsoftEntraObjectId:
- Definition: The unique identifier of the user in Microsoft Entra.
- Data Type: String
- Suggested Source Attribute: User's unique object ID.
urn:ietf:params:scim:schemas:extension:hoxhunt:2.0:User:disableThreatUpload:
- Definition: Whether to disable threat upload for the user. If true, the user's threat reports will not be uploaded to Hoxhunt.
- Data Type: Boolean
- Suggested Source Attribute: Custom attribute indicating whether to disable threat upload.
urn:ietf:params:scim:schemas:extension:hoxhunt:2.0:User:employmentStart:
- Definition: The date when the user started their employment. This is a string in the format YYYY-MM-DD.
- Data Type: String
- Suggested Source Attribute: User's employment start date.
- Notes: Requires date format conversion to YYYY-MM-DD.
urn:ietf:params:scim:schemas:extension:hoxhunt:2.0:User:customAttribute1:
- Definition: A custom attribute that can be used to store additional information about the user.
- Data Type: String
- Suggested Source Attribute: Custom attribute 1.
- Notes: Hoxhunt provides ten custom attributes (customAttribute1 through customAttribute10).
Group attributes
displayName:
- Definition: Group name.
- Data Type: String
- Notes: Required. Must be unique.
members[].value:
- Definition: Identifier of the member of this Group.
- Data Type: String
- Suggested Source Attribute: Unique identifier of the group member (user).
Important considerations
- Attribute Availability: The specific attributes available in your IdP may vary depending on your configuration.
- Contact Hoxhunt Support: If you have any questions or issues, contact Hoxhunt support for assistance.