Unified Directory Identity Sources

RSA Unified Directory is a new user identity store for the Cloud Authentication Service that will enable full Cloud-only deployments in the future. RSA Unified Directory has the ability to create and store local users and their passwords using the open standard System for Cross-domain Identity Management (SCIM) API. Administrators can manage local users from the Cloud Administration Console or My Page self-service portal. Users can manage themselves using the My Page self-service portal. Local user passwords are validated completely within the Cloud Authentication Service.

In the Unified Directory, you can add the following types of identity sources:

  • Local identity source

  • Azure Active Directory (SCIM) identity source

  • SCIM Managed identity source

Add a Unified Directory Identity Source

In the Unified Directory, you can create Local, SCIM Managed, and Azure Active Directory (SCIM) identity sources. You can create users locally or provision them from an external source or an Azure Active Directory through the SCIM APIs based on the created identity source type and your subscription.

The ability to add Local and Azure Active Directory (SCIM) identity sources is available for all ID Plus subscriptions (from E1 to E3). However, using SCIM provisioning in Local identity sources and adding SCIM Managed identity sources are available for ID Plus E2 and E3 subscriptions.


  1. In the Cloud Administration Console, click Users > Identity Sources.

  2. Click Add an Identity Source.

  3. Click Select next to the required identity source type.

  4. In the Identity Source Name field, enter a name for the identity source.

  5. (Optional) In the Description field, enter a description for the identity source.

  6. If you want to Enable User Provisioning from a SCIM Identity Source, select Yes.

    1. (Optional) In the External SCIM ID Source Admin URL field, enter the URL from which the SCIM API client sends details.
    2. In the SCIM Service Provider Base URI field, click Copy URI to copy the URI to which the SCIM API client sends details.
    3. For the SCIM Service API key field, click Generate Key to generate the Service API key used for SCIM API authentication.
  7. In the Password Creation section, by default, the RSA Unified Directory option is selected. The RSA Unified Directory option allows users to use their passwords for authentication in any sign-in page, and the Cloud Authentication Service stores and validates their passwords.

    Select No Password if you want an identity provider to authenticate users. In this case, the Cloud Authentication Service does not store or validate users' passwords. For information about configuring an identity provider, see Adding Identity Provider.

  8. Click Save

  9. Click Publish Changes to activate the identity source.

Disable Unified Directory Identity Sources

When you disable an identity source in the Unified Directory, you cannot edit its existing users or add new ones, and existing users will not be able to authenticate or access My Page.


  1. In the Cloud Administration Console, click Users > Identity Sources.

  2. Find the name of the Unified Directory identity source you want and select Disable from the drop-down menu.
  3. Click Disable in the dialog box that appears.

  4. Click Publish Changes to activate the settings immediately.

To enable a Unified Directory identity source, find the name of the required identity source with status Disabled, and select Enable from the drop-down menu.
To delete an identity source, see Delete an Identity Source.