This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Currently enterprise IT solutions adopt products and services from multiple cloud providers in order to accomplish various business requirements. Hence it is no longer sufficient to maintain user identities only in corporate LDAP. In most cases, SaaS providers also need dedicated user accounts created for the cloud service users, which raises the need for proper identity provisioning mechanisms to be in place. WSO2 Identity Server (IS) supports the open standard SCIM for identity provisioning. Additionally, WSO2 Stratos Live is also geared towards supporting SCIM for Identity Provisioning.

This section is about implementing a use case which depicts identity provisioning from on-premise to cloud using Identity Server and Stratos (here, same IS distribution can be used to simulate Stratos IS with multi-tenancy aspects).

In this example, two organizations called wso2.com and willpower.org have their on-premise enterprise Identity Management Solutions running with Identity Server. Both these organizations use cloud services offered by WSO2 StratosLive and have created tenants in there. Now, they want to provision the user account, identity management operations such as creating/deleting users and groups, updating user identity attributes etc which happens in their on-premise Identity Server to the respective tenants they have in StratosLive.

The following diagram gives an overview of the deployment:


In this case, Identity Server running inside the organizational boundaries of each organization act as SCIM consumers and the Identity Server as a Service running in StratosLive acts as a SCIM Service Provider. Each organization can register SCIM provider configurations pointing to their tenant space in SLive, within enterprise IS instances.

The following is a step by step guide for this.

Step 1: Setup 

  1. Download and unzip IS distribution into three different folders (to represent instances at: 1.wso2, 2.willpower, 3.SLive)
  2. Increment Ports->PortOffset element in carbon.xml s.t three instances are running in following ports:
    • IS of WSO2: 9443
    • IS of Willpower: 9444
    • SLive IS: 9445

For more information on this, see Setting up Three Nodes.

Step 2: Creating Tenants

Login as admin to the IS instance that simulates Stratos IS in our setup and create two tenants named "wso2.com" and "willpower.com".

Screen shots of the steps are shown below:

Step3: Registering SCIM Providers

Now login to IS instances of WSO2 and WillPower organizations as admin user and register SCIM provider configurations pointing to their respective tenant spaces in SLive IS instance.

For a more detailed guide on how to register SCIM providers, see Registering SCIM Providers. 

Example configurations are as follows:

Sample 1: wso2.com

Sample 2: willpower.com



Step 4: Testing Provisioning


Now you can test creating/deleting/updating users, groups in organizational IS instances and verify that they are provisioned to particular tenant space of each organization in SLive IS instance.

  • No labels