SCIM Global User ID
What is a Global User ID?
The globalUserId (GUID) is a unique, immutable identifier assigned to a user by the ICE Mortgage Technology SCIM service. The GUID facilitates interoperability and consistent identification of users across the ICE MT applications that implement SCIM for identity management and cross-product Single Sign-on.
Lenders who are licensed for multiple ICE MT products (e.g. Encompass & DDA) must ensure that the user profiles for the same employee, across the different products, are linked to the same GUID.
The SCIM GUID is generated when the Create User POST API call is executed to create a user. In addition, a SCIM GUID can be generated using the SCIM Account Links API for an existing product user that was not created using the SCIM User Provisioning API. In both cases, the SCIM globalUserId is included in the response payload of the API call.
The GUID is a backend identifier managed by administrators. The GUID is used by the system to ensure users have unified access across all linked accounts and is used for centralized user management across enterprise apps. The end user will not know or interact with the globalUserId, they log in to the ICE MT application and the system takes care of the rest.
Do I need to store Global User IDs?
The globalUserId is a required query parameter when updating a user profile or offboarding users using SCIM APIS. For enterprises that manage users from a centralized identity management system using SCIM APIs, it is recommended to store the GUID in the client application to reduce the number of API calls to the ICE MT SCIM service to retrieve the GUID for a given user to manage the user profile.
What If I have multiple Global User IDs for the same user?
If multiple GUIDs have been generated for provisioning access to different ICE MT products for the same employee in error, one of the Global User IDs must be removed and the user profile must be linked to the correct globalUserId using the scim2/v1/accountLinks/{globalUserId} API.
Once the GUID is generated for at least one ICE MT product, provisioning to any additional ICE MT products (e.g. DDA) for the given employee must be executed via the SCIM PATCH call, where the user profile for a given product is created and linked to the same GUID.
Updated 2 months ago