Docs

Support
Home Billing Payments Receivables RevRec Retention
Billing
Home
Billing
Payments
Receivables
RevRec
Retention
API Reference
Release Notes
Tutorials
Frontend Capabilities
Partner SPI
API Changelog
API Reference
Release Notes
Tutorials
Frontend Capabilities
Partner SPI
API Changelog

System for Cross-Domain Identity Management (SCIM) 

System for Cross-Domain Identity Management (SCIM) is a standard protocol designed to facilitate the automation of user provisioning and management across various applications and services. SCIM allows organizations to manage user identities in a centralized manner, enabling seamless integration with identity providers and other systems.

With SCIM, organizations can automate the process of creating, updating, and deleting user accounts across multiple platforms, reducing the administrative burden associated with manual user management. This is particularly beneficial for businesses that utilize a variety of applications and need to ensure that user access is consistent and secure.

Benefits 

Key benefits of SCIM User Provisioning include:

  • Centralized User Management: Manage user identities from a single source, ensuring consistency across all applications.
  • Automated Provisioning: Automatically create, update, or deactivate user accounts based on organizational changes, such as new hires or role changes.
  • Enhanced Security: Reduce the risk of unauthorized access by ensuring that user accounts are promptly updated or removed as needed.
  • Improved Efficiency: Streamline the onboarding and offboarding processes, allowing IT teams to focus on more strategic initiatives.

Configure SCIM in Chargebee 

This guide provides the steps required to how to obtain or configure the SCIM Provisioning on Chargebee, and includes the following topics:

  1. Prerequisites
  2. Provisioning Features
  3. Configuration Steps
  4. Chargebee's Group Name Format

Prerequisites 

  • SAML must be enabled before configuring Provisioning for Chargebee.
  • After enabling SAML, you must reach out to Chargebee support to enable Provisioning on your site.

Provisioning Features 

The following Provisioning features are supported:

  • Push New Users
  • Push Profile Updates
  • Push User Deactivation
  • Reactivate Users
  • Push Groups
  • Unlink Groups
  • Push Groups or Push Group Updates
Note

Import of Users or Groups from Chargebee to OKTA is not supported.

Configuration Steps 

  1. To obtain the API Token value for configuring Provisioning in Chargebee, follow these steps:

    1. Login to your Chargebee account using SAML.

    2. Navigate to Settings > Team Members.

      "

    3. Click Get Started under User Identity Management.

      "

    4. Follow the steps below

      1. Select SCIM and click Next.
      2. Select OKTA and Bearer as authentication type and click Next.

    5. Under Chargebee Credentials, copy the values of the Chargebee Site URL and Bearer Token. Use these values to add SCIM connection at the Provisioning tab of the Chargebee Okta Application.

      "

  2. To configure your Provisioning settings in the Chargebee Okta Application, follow these steps:

    1. Go to Provisioning tab and click Configure API Integration.
    2. Check the Enable API Integration box. Enter your Chargebee API Token from step 5 as mentioned above.
    3. Click Test API Credentials for testing your credentials. This step is optional.
    4. Click Save to apply the changes.

Chargebee's Group Name Format 

Chargebee requires the okta group name to be in the following format:

  • CB/<domain>/ROLE/<role_name>
    • CB is a standard prefix that will not change.
    • domain is your domain name.
    • ROLE is the standard prefix that will not change.
    • role_name is the access role name. For example, Admin, Analyst, and more. Learn more about the access roles preasent in Chargebee.
  • For the Multi Business Entity, treat the business entity as another dimension of a group. For example, CB/<domain>/BE/<business_entity_name>.
Was this article helpful?
Loading…