search

FusionAuth / fusionauth-issues

FusionAuth issue submission project
https://fusionauth.io
90 stars 12 forks source link

Use Fusion Auth SCIM as a proxy to an internal authorization/permission system #2403

Open rod-martens-alida opened 1 year ago

rod-martens-alida commented 1 year ago

Use Fusion Auth SCIM as a proxy to an internal authorization/permission system

Problem

Would like to give separate customers ability to add/remove access to users only their portion of the system.

Solution

Alida wants to do customer community based SCIM. We have all the users in a shared Tenant. We would like way to make the FA SCIM interface a proxy to an internal SCIM lite service. All the user/group CRUD APIs would make no changes to the Fusion Auth system and would instead call out to simplified versions of the API in an internal application.

Alternatives/workarounds

  1. segregating customers into Tenants. Has implications for the number of external OIDC clients
  2. implementing our own SCIM service based on a reference implementation. Would require us to keep up to date with SCIM compatibility.

Additional context

none

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

mooreds commented 1 year ago

Another alternative is to have a shadow system, either with a separate deployment or tenants within one deployment, that is only used for SCIM interactions and webhooks. The webhooks would fire on user addition/modification/deletion and the webhook recipient code could modify other systems, including the main CIAM tenant or other internal systems.