Skip to content
Veraproof Veraproof Docs

Scimify Proxy Integration

Scimify Proxy Integration

Scimify Proxy enables you to forward SCIM requests from your identity provider to any downstream SCIM server, with support for custom HTTP header injection. This integration acts as a transparent proxy, allowing you to connect Google Workspace or other IdPs to any SaaS application that supports SCIM.

Overview

Scimify Proxy forwards SCIM requests (users and groups) from your identity provider to any downstream SCIM server. It supports custom HTTP header injection, making it ideal for applications like Braze that require additional headers (e.g. X-Request-Origin). This integration also enables SCIM provisioning for applications that don’t have native Scimify integrations.

Prerequisites

  • A downstream SCIM server URL (e.g. https://api.braze.com/scim/v2)
  • An API token or Bearer token for authenticating with the downstream SCIM server
  • (Optional) Knowledge of any required custom HTTP headers for your target application

Configuration Steps

1. Obtain SCIM Server URL

  1. Consult your target application’s SCIM configuration documentation
  2. Locate the SCIM server base URL (e.g., https://api.braze.com/scim/v2)
  3. Ensure you have the complete base URL without a trailing slash

Note: The SCIM server URL is typically provided in your application’s SCIM or API settings documentation.

2. Get API Token/Credentials

  1. Navigate to your target application’s SCIM or API settings
  2. Generate or locate the API token/Bearer token required for SCIM authentication
  3. Copy the token (it will be encrypted when saved in Scimify)

Note: Most SCIM servers use Bearer token authentication. The token format varies by application.

3. Identify Required Custom Headers (If Applicable)

Some applications require additional HTTP headers for SCIM requests:

  • Braze: Requires X-Request-Origin header
  • Other applications may have similar requirements

Check your target application’s SCIM documentation for any required custom headers.

4. Configure the Integration in Scimify

  1. Navigate to the Integrations page in your Scimify admin console
  2. Create a new Scimify Proxy integration instance
  3. Enter the following configuration:
    • API Token: Paste the Bearer token from Step 2 (this will be encrypted when saved)
    • SCIM Server URL: Enter the base URL from Step 1 (e.g., https://api.braze.com/scim/v2)
    • Custom HTTP Headers (Optional): Add up to 5 custom headers if required by your application
      • Click ”+ Add Header” for each header
      • Enter the header name (e.g., X-Request-Origin)
      • Enter the header value (e.g., scimify)
    • Group Description (Optional): Custom description for created groups (default: “Created via Scimify for tenant {tenant_id}“)

5. Test the Connection

  1. Click the “Test Connection” button in the integration configuration
  2. Verify that Scimify can reach your SCIM server and authenticate successfully
  3. If the test fails, verify:
    • The SCIM server URL is correct and accessible
    • The API token is valid and has the correct permissions
    • Any required custom headers are configured correctly

6. Configure IdP SCIM

Follow the Okta SCIM Configuration guide to set up SCIM provisioning in your identity provider (Okta, Google Workspace, etc.).

How It Works

  • Scimify Proxy receives SCIM requests from your identity provider
  • It forwards these requests to your downstream SCIM server
  • Custom HTTP headers are automatically injected into each request
  • Responses from the downstream server are parsed and returned to your IdP
  • The integration supports both user and group operations (create, read, update, delete)

Use Cases

Enable Google Workspace SCIM

Scimify Proxy allows you to use Google Workspace SCIM with any SaaS application that supports SCIM, even if Google Workspace doesn’t natively support that application.

Custom Header Requirements

Some applications require specific HTTP headers for SCIM requests:

  • Braze: Requires X-Request-Origin header with a specific value
  • Other applications may have similar security or routing requirements

Proxy and Logging

Scimify Proxy provides additional benefits:

  • Centralized logging of all SCIM requests
  • Request/response monitoring and debugging
  • Ability to add custom headers without modifying your IdP configuration

Supported SCIM Operations

Scimify Proxy supports all standard SCIM 2.0 operations:

  • Users: Create, Read, Update (PUT/PATCH), Delete, List
  • Groups: Create, Read, Update (PATCH), Delete, List
  • Pagination: Automatic handling of paginated responses
  • Error Handling: Proper SCIM error response formatting

Troubleshooting

Connection Test Fails

If the connection test fails:

  1. Verify SCIM Server URL:

    • Ensure the URL is correct and accessible from Scimify’s servers
    • Check that the URL doesn’t have a trailing slash
    • Verify the URL format matches your application’s documentation

  2. Check API Token:

    • Ensure the token is valid and hasn’t expired
    • Verify the token has the correct permissions for SCIM operations
    • Check that the token format matches your application’s requirements

  3. Verify Custom Headers:

    • Ensure any required custom headers are configured correctly
    • Check header names and values match your application’s requirements exactly
    • Verify header names are case-sensitive if required

Users or Groups Not Syncing

If users or groups are not syncing properly:

  1. Check IdP Configuration:

    • Verify your IdP is correctly configured to send SCIM requests to Scimify
    • Ensure the SCIM API key is correctly configured in your IdP
    • Check that users/groups are assigned to the SCIM app in your IdP

  2. Verify Downstream Server:

    • Test the downstream SCIM server directly to ensure it’s working
    • Check the downstream server’s logs for any errors
    • Verify the downstream server supports the SCIM operations you’re trying to use

  3. Review Scimify Logs:

    • Check Scimify’s audit logs for any errors or warnings
    • Look for authentication failures or request format issues

Custom Headers Not Working

If custom headers aren’t being applied:

  1. Verify Header Configuration:

    • Ensure headers are added in the integration configuration
    • Check that header names and values are correct
    • Verify you haven’t exceeded the 5-header limit

  2. Check Header Format:

    • Ensure header names don’t contain spaces or invalid characters
    • Verify header values are properly formatted
    • Some applications may be case-sensitive for header names

Need Help?

If you encounter any issues during configuration, please contact [email protected] for assistance.