Security > Provisioning > Using SCIM with ThingWorx > Configure SCIM in the PingFederate Administrative Console > Define an SP Connection for SCIM
  
Define an SP Connection for SCIM
In this step, you will define a new SP connection to manage outbound provisioning.
* 
For more information, see the Ping Identity Knowledge Center: Creating a basic connection (as a Service Provider)
1. Select IdP Configuration > SP Connections > Create New.
2. Under Connection Type, select Outbound Provisioning. For Type, select SCIM 1.1 Service Provider and then click Next.
3. Under General Info, enter the following:
PARTNER’S ENTITY ID (CONNECTION ID)
Your partner's unique connection identifier.
Connection Name
Unique name to identify the connection.
Base URL
Enter the fully qualified ThingWorx server URL. For example:
http://example.com/ThingWorx/SCIMProvider
4. Under Outbound Provisioning, click Configure Provisioning and enter the following information:
Users Resource URL
Enter the fully qualified URL to the ThingWorx server users. For example:
http://example.com/ThingWorx/SCIMProvider/SCIM/Users
Groups Resource URL
Enter the fully qualified URL to the ThingWorx server groups. For example:
http://example.com/ThingWorx/SCIMProvider/SCIM/Groups
Authentication Method
OAUTH 2.0 BEARER TOKEN
User
Password
Enter the ThingWorx username and password that you provided when creating the Password Credential Validator instance.
Client Id
Client Secret
Use the Client ID and Client Secret values specified in Create an OAuth Client for SCIM.
Token Endpoint URL
Enter the fully qualified URL to the ThingWorx OAuth token. For example:
https://<PingFederate server>/as/token.oauth2
* 
This was created as part of the SSO setup.
You can verify the endpoint from the PingFederate Administrative Console. Select OAuth Settings > Authorization Server Info > OAuth Endpoints.
Provision Groups With Distinguished Name
Deselect this checkbox.
SCIM SP Supports Patch Updates
Deselect this checkbox.
Deprovision Method
Select one of the following:
DELETE USER—When the user is deleted from the LDAP, they are also deleted from ThingWorx.
DISABLE USER—When the user is deleted from the LDAP, they will continue to exist in ThingWorx but will be unable to log in.
5. Under Custom SCIM Attributes, enter the following:
Extension Namespace
Keep the default value:
urn:scim:schemas:extension:custom:1.0
Custom Attributes
Use this field to define any custom SCIM attributes. For more information, see the Ping Identity Knowledge Center: Specify custom SCIM attributes
6. Click Next to Manage Channels. From here, you will create a new channel to your data store: Create a Channel to the Directory Server