version: 1 metadata: labels: blueprints.goauthentik.io/system: "true" name: System - SCIM Provider - Mappings entries: - identifiers: managed: goauthentik.io/providers/scim/user model: authentik_providers_scim.scimmapping attrs: name: "authentik default SCIM Mapping: User" expression: | # Some implementations require givenName and familyName to be set givenName, familyName = request.user.name, "" # This default sets givenName to the name before the first space # and the remainder as family name # if the user's name has no space the givenName is the entire name # (this might cause issues with some SCIM implementations) if " " in request.user.name: givenName, _, familyName = request.user.name.partition(" ") # photos supports URLs to images, however authentik might return data URIs avatar = request.user.avatar photos = [] if "://" in avatar: photos = [{"value": avatar, "type": "photo"}] locale = request.user.locale() if locale == "": locale = None emails = [] if request.user.email != "": emails.append({ "value": request.user.email, "type": "other", "primary": True, }) return { "userName": request.user.username, "name": { "formatted": request.user.name, "givenName": givenName, "familyName": familyName, }, "displayName": request.user.name, "photos": photos, "locale": locale, "active": request.user.is_active, "emails": emails, } - identifiers: managed: goauthentik.io/providers/scim/group model: authentik_providers_scim.scimmapping attrs: name: "authentik default SCIM Mapping: Group" expression: | return { "displayName": group.name, }