Hey there,
currently i have some trouble setting up SAML with SCIM properly. SAML itself is already working properly. Also the JIT Integration is working as expected. Finally i would like to setup SCIM as well.
I followed this Guide 12 SAML setup with Microsoft Entra ID
- In Users => Authenticiation => SAML the Checkbox "Enable SCIM provisioning" is checked.
- I created a dedicated user named "Entra-SCIM-Provisioning" and gave them the role Super admin
- I created an API token, assigned them to this user and saved the key
- To allow access to the API i use an on-premises SCIM agent
Finally i configured the enterprise application as shown in the screenshot below. If i click on Test Connection i see the error - which is also shown in the screenshot below
I already confirmed on my firewall logs that there is communication between my on-premises scim agent and the zabbix instance.
I am also able to see the following in the webserver access logs as soon as i click on "Test Connection"
I can confirm that the API Token itself seems working. If i try this from the server i got a response.
Doing the same against the api_scim.php endpoint again i get a 403
Any Tips are appreciated. Does anyone have an idea what i can further check?
currently i have some trouble setting up SAML with SCIM properly. SAML itself is already working properly. Also the JIT Integration is working as expected. Finally i would like to setup SCIM as well.
I followed this Guide 12 SAML setup with Microsoft Entra ID
- In Users => Authenticiation => SAML the Checkbox "Enable SCIM provisioning" is checked.
- I created a dedicated user named "Entra-SCIM-Provisioning" and gave them the role Super admin
- I created an API token, assigned them to this user and saved the key
- To allow access to the API i use an on-premises SCIM agent
Finally i configured the enterprise application as shown in the screenshot below. If i click on Test Connection i see the error - which is also shown in the screenshot below
I already confirmed on my firewall logs that there is communication between my on-premises scim agent and the zabbix instance.
I am also able to see the following in the webserver access logs as soon as i click on "Test Connection"
Code:
10.216.107.132 - - [16/Dec/2025:15:32:46 +0000] "GET /api_scim.php/Users?filter=userName+eq+%22ff7298be-96e2-4c5d-a9b7-e0faeb7426fc%22 HTTP/1.1" 403 99 "-" "-"
Code:
TOKEN="api-key-goes-here"
curl -sk "https://servername/api_jsonrpc.php" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{"jsonrpc":"2.0","method":"apiinfo.version","para ms":{},"id":1}'
Doing the same against the api_scim.php endpoint again i get a 403
Any Tips are appreciated. Does anyone have an idea what i can further check?
Comment