Overview
Sift supports the integration of external Identity Providers (IdPs) to manage users and groups. Sift can connect to IdPs that implement push provisioning, which enables real-time synchronization of data from the IdP to Sift. When changes occur in the IdP, such as creating, deleting, or renaming users or groups, or modifying group memberships, those changes are synchronized to Sift.Connecting your IdP with Sift
The IdP feature is in Beta, meaning that connecting an Identity Provider (IdP) to Sift requires initial configuration by your Sift account representative. After this is complete, you will need to obtain a SCIM endpoint URL and an access token, both of which are available from the Users page in Sift. To learn more, see Tutorial: Integrate an Identity Provider (IdP) with Sift (Beta).Supported IdPs
Sift supports Identity Providers (IdPs) that use push-based provisioning to create and update users and groups in Sift based on the current configuration in the IdP. For example, the following IdPs support push-based provisioning and have been verified to work with Sift:- Microsoft Entra ID
-
Oracle Identity and Access Management (Oracle IAM)
Oracle IAM SCIM URL: Format
- When entering the SCIM endpoint URL in Oracle IAM, split it into two parts: enter everything before
.comexcluding the protocol in the Host Name field, and enter everything after.com(including the initial/) in the Base URI field.- For example, if the SCIM Server URL is
https://sift.keycloak.com/realms/ScimExample/scim/v2, the Host Name issift.keycloak.comand the Base URI is/realms/ScimExample/scim/v2.
- For example, if the SCIM Server URL is
- When entering the SCIM endpoint URL in Oracle IAM, split it into two parts: enter everything before
Pull-based provisioning: Sift only supports IdPs that use push provisioning. IdPs that require pull-based provisioning, such as Google Workspace, require custom integration work.