SCIM Groups

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Available from version 2021.3

Alation has 3 types of Custom Groups. A Group type is defined by how Group members are added to the Group and can be:

  • Defined in Alation

  • Defined in LDAP

  • Defined in SCIM

Unlike groups defined in Alation or LDAP Groups, SCIM Groups cannot be manually created by Alation admins. They are auto-created when the Alation server and an external IdP are synchronized over the SCIM API. SCIM Groups can only exist if an Alation instance uses SAML as the authentication method with SCIM integration enabled and Groups have been pushed to Alation from the IdP.

SCIM Groups cannot be created, updated or deleted in Alation. Changes to SCIM Groups, such as adding or removing group members, are performed in the IdP and pushed to Alation from the IdP by an automatic process. The properties of SCIM Groups that an Alation admin can update are the Alation role mapped onto the Group and the Group name.

For detailed information about using SCIM, see Enable SCIM Integration for User and Group Management.