组织的 SCIM 用户管理
为组织验证域名并设置 SAML 身份验证后,您可以生成 SCIM API 令牌。
本页相关主题
功能
要求
配置 SCIM 用户管理
删除 SCIM 集成
限制
功能
通过向您的身份信息服务提供商提供 SCIM API 令牌,您可以通过您的身份信息提供商执行以下操作:
创建用户
停用用户
要求
在设置 SCIM 用户管理之前,您需要验证您的域名并创建 SAML 配置。您只能管理与已验证的域名关联的用户。
配置 SCIM 用户管理
在您的 Shopify 组织后台中,前往用户 > 安全。
在 SCIM 集成部分中,点击生成 API 令牌。
点击复制,将生成的令牌复制到剪贴板。
向您的身份信息服务提供商提供令牌。添加令牌的过程取决于您使用的身份信息服务提供商。
在 Okta 中完成 SCIM 配置
打开 Shopify Plus 应用。
点击登录选项卡。
将应用程序用户名格式设置为电子邮件。
单击保存。
点击预配选项卡。
点击配置 API 集成。
选中启用 API 集成,然后在提供的字段中粘贴 API 令牌。
点击测试 API 凭据。如果遇到错误,请验证您是否从 Shopify Plus 后台正确复制了 API 令牌。如果继续遇到错误,请联系 Shopify Plus 客服。
单击保存。
在向您的身份服务提供商添加 API 令牌后,您可以通过该服务添加或删除用户。根据用户在 Shopify 和您的身份服务提供商中的用户状态,这可能会更改他们登录 Shopify 的方式。
| 用户状态 | 在 Shopify 中产生的影响 |
|---|---|
| 您的组织中已存在的用户 | 如果您在标识服务提供商中添加某位用户,则在满足以下所有条件时,该用户需要使用 SAML 身份验证登录:
|
| 用户存在于 Shopify 中,但不存在于您的组织中 | 如果您在标识服务提供商中添加某位用户,则还会将该用户添加到您的组织中,并且在满足以下所有条件时,该用户需要使用 SAML 身份验证登录:
|
| Shopify 中不存在的用户 | 如果您在标识服务提供商中添加某位用户,则还会将该用户添加到您的组织中,并且在满足以下所有条件时,该用户需要使用 SAML 身份验证登录:
|
添加 API 令牌后,当您通过身份信息提供商或组织后台添加之前不存在于 Shopify 中的新用户时,您的新用户将被设为待处理状态。如果您的用户需要使用 SAML 进行登录,那么在使用您的身份信息提供商登录前,他们将保持待处理状态。
删除 SCIM 集成
如果您不再需要 SCIM 集成,则可以将其删除。此操作无法撤销。如果您需要重新激活集成,则需要生成新的 API 令牌。
步骤:
在您的 Shopify 组织后台中,前往用户 > 安全。
在 SCIM 集成部分中,点击 API 令牌旁边的 ...
点击删除令牌。
限制
无法通过标识服务提供商删除店主和组织所有者。必须先转让这两种类型的所有权,然后才可删除此类用户。如果您需要更改店主,则可以从 Shopify 后台完成此操作。如果您需要更改组织所有者,请联系 Shopify Plus 支持。
Shopify商户官网原文详情:
SCIM user management for your organization
After you've verified your domain and set up SAML authentication for your organization, you can generate a SCIM API token.
On this page
Features
Requirements
Configure SCIM user management
Removing SCIM integration
Restrictions
Features
Providing the SCIM API token to your identity service provider allows you to take the following actions through your identity provider:
Create users
Deactivate users
Requirements
Before you set up SCIM user management, you need to verify your domain and create a SAML configuration. You can only manage users who are associated with a domain that you've verified.
Configure SCIM user management
In your Shopify organization admin, go to Users > Security.
In the SCIM integration section, click Generate API token.
Click Copy to copy the generated token to your clipboard.
Provide the token to your identity service provider. The procedure for adding the token depends on which identity service provider you use.
Complete SCIM configuration in Okta
Open the Shopify Plus app.
Click the Sign On tab.
Set the Application username format to Email.
Click Save.
Click the Provisioning tab.
Click Configure API Integration.
Check Enable API integration, and then paste the API token in the provided field.
Click Test API Credentials. If you encounter an error, then verify that you have correctly copied the API token from your Shopify Plus admin. If you continue to encounter errors, then contact Shopify Plus support.
Click Save.
After your API token has been added to your identity service provider, you can add or remove users through that service. Depending on the status of that user within Shopify and your identity service provider, this can change how they log in to Shopify.
User status Effect within Shopify User already exists in your organization If you add a user in your identity service provider, then the user is required to log in using SAML authentication if all the following are true: The effect of removing a user's access through your identity provider depends on their user status. If you remove an active user's access to Shopify using your identity service provider, then they are suspended in your organization. If you permanently delete a user using your identity service provider, then they might be deleted from your organization, depending on your identity provider setup.
the user already exists in Shopify
the user already exists in your organization
you use Specific users enforcement
User exists in Shopify, but not your organization If you add a user in your identity service provider, then the user is added to your organization and required to log in using SAML authentication if all the following are true:
the user already exists in Shopify
the user does not exist in your specific organization
you use Required or Specific users enforcement
User does not exist in Shopify If you add a user in your identity service provider, then the user is added to your organization and required to log in using SAML authentication if all the following are true: When the user signs in to the Shopify organization admin for the first time, then that user must do so through the identity provider, not through the Shopify login page.
the user does not exist in Shopify
you use Required or Specific users enforcement
After adding the API token, when you add a new user who did not previously exist in Shopify either through your identity provider or the organization admin, your new user is set to pending status. If your user is required to log in using SAML, then they will remain in pending status until they log in using your identity provider.
Removing SCIM integration
If you no longer require a SCIM integration, then you can remove it. This action can't be undone. If you need to reactivate your integration, then you need to generate a new API token.
Steps:
In your Shopify organization admin, go to Users > Security.
In the SCIM integration section, click ... beside the API token.
Click Delete token.
Restrictions
Store owners and organization owners can't be removed through an identity service provider. Both types of ownership must be transferred before the user can be removed. If you need to change the store owner, then you can do so from your Shopify admin. If you need to change the organization owner, then contact Shopify Plus support.
文章内容来源:Shopify商户官方网站
