SCIM integration must use named user or dedicated account
Hi all
I was keen to add SCIM to my mid-sized Zendesk tenant. However the way Zendesk has configured it, it wants to integrate with a user account rather than the tenant like move SCIM integrations do.
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/zendesk-provisioning-tutorial
SCIM has no such requirement for an active user account, so I question to the design decision to require this attribute. If I were to bind it to e.g. one of the admin's accounts, the integration would almost inevitably break should that admin leave the organisation.
The usual workaround for service account requiring named users to to set up a dedicated integration user. However since the cost of a Zendesk admin account is over $100/month, this is completely cost-prohibitive.
I would urge the SCIM Zendesk developers to consider removing the requirement for a username for their SCIM integration all together more in line with industry standards and best practices, and allow greater uptake of SCIM from organisations such as mine.
-
Likewise - cross-platform integrations are critical for us, and I definitely like that my integrations won't break if an admin leaves since we use the service user, but needing to allocate a user seat seems excessive
-
Hi Chris,
Currently, we don't support SCIM based user provisioning. This specific plugin is non-SCIM user provisioning. However, it is something our teams having been looking at. I really appreciate you sharing your business needs for it. This definitely helps our teams with prioritizing development needs.
-
Oh, I understand, you're actually integrating with a user account.
Why not support a license for 'provisioning only' then, to allow provisioning to take place without an expensive admin license?
Please sign in to leave a comment.
3 Comments