Help CenterBeginning with Portal version 3.8, ThreatLocker offers SCIM integration, which can be used to provision administrators from user groups in your Identity Provider (IdP).
How to Configure the SCIM Integration
Navigate to the Integrations page. Start typing 'SC' in the search bar to find SCIM.
SCIM Settings
Select SCIM Integration to open the 'Create SCIM Integration for ThreatLocker Administrator Accounts' sidebar.
At the top is the API Url. You will need the API Url and an API token to configure user provisioning from your IdP.
Select the 'Generate API Token' button to generate a new token.
Once it is generated, the token will only be visible once.
Copy and store the token securely. If a new API token is generated, it will invalidate the previous token, breaking the integration if it has already been configured.
At the top, you will see that an Enabled toggle has populated. If at any time you wish to disable the synchronization between the IdP and ThreatLocker, you can toggle this off. Please ensure the 'Enabled' button is toggled on to allow the IdP to connect to ThreatLocker.
Click the 'Save' button after generating and copying the token.
The Admin Login Settings section is where you will select how users will obtain the ability to log into the ThreatLocker portal once they are provisioned from the IdP.
You can choose to either create a SAML-enabled account for the provisioned users or to send an email invitation to newly provisioned users so they can set up their own login for the ThreatLocker portal. The option to create a SAML-enabled account requires that the SAML integration be configured first. See the associated article here: SAML Integration | ThreatLocker Help Center
Group Mapping
The 'Group Mapping' tab is where you will map user groups from the IdP to ThreatLocker User Roles.
Synchronization with the IdP could take up to an hour initially, and any time changes are made.
Select the desired group from the "Identity Provider Group' dropdown. Once a group has been selected and mapped to ThreatLocker User Roles it will no longer be available in the Identity Provider Group dropdown.
In the ThreatLocker User Role dropdown, select the User Role or Roles that you wish to apply to the selected group.
Don't forget to click the '+' button to add the mapping to the list below.
When all mapping has been completed, select the 'Save' button to apply the settings.
Once users have been provisioned from the IdP groups, additional non-mapped ThreatLocker User Roles cannot be added to the users, but individual permissions can be applied if needed.
API History
The API History tab will display api logs for the integration.
IdP-Specific Configuration Instructions