passbolt-browser-extension 5.4.1 → 5.5.0

package/CHANGELOG.md

@@ -4,7 +4,35 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
-## [5.4.1] - 2025-08-14
+## [5.5.0] - 2025-09-10
+### Added
+- PB-43921 - Increase directory sync report dialog size
+- PB-44816 Pro teasing - WP1.1 Create DisplaySubscriptionKeyTeasing component
+- PB-44817 Pro teasing - WP1.2 Create DisplayPasswordPoliciesAdministrationTeasing
+- PB-44818 Pro teasing - WP1.3 Create DisplayAdministrationUserPassphrasePoliciesTeasing
+- PB-44819 Pro teasing - WP1.4 Create ManageAccountRecoveryAdministrationSettingsTeasing
+- PB-44820 Pro teasing - WP1.5 Create ManageSsoSettingsTeasing
+- PB-44821 Pro teasing - WP1.6 Create DisplayMfaPolicyAdministrationTeasing
+- PB-44822 Pro teasing - WP1.7 Create DisplayUserDirectoryAdministrationTeasing
+- PB-44823 Pro teasing - WP1.8 Create DisplayScimAdministrationTeasing
+- PB-44826 Pro teasing - WP2.1 Add teasing property and new route on AdministrationHomePage
+- PB-44827 Pro teasing - WP2.2 Update the DisplayAdministrationMenu to display teasing Icon on PRO menu for CE
+- PB-44393 ZK - WP5.1 As an administrator I should be able to enable zero knowledge mode
+- PB-44646 ZK - WP5.3 Add share metadata private keys to MetadataKeysSettingsEntity
+- PB-44641 ZK - WP5.4 Create UpdateMetadataSettingsPrivateKeyService to to be able to disabled zero knowledge mode
+- PB-44631 ZK - WP5.5 Update SaveMetadataKeysSettingsController to be able to disabled zero knowledge mode
+- PB-44757 ZK - WP5.6 As an administrator with missing metadata keys I should not be able to change metadata settings
+- PB-44630 - SCIM administration screen
+
+### Fixed
+- PB-44638 - Password expiry should not be removed when password is not updated
+- PB-44604 - Fix regular expression on public key metadata validation
+- PB-44707 - Fix service worker not restarting after browser extension update on Chrome
+- PB-45060 - Fix custom fields json schema properties type
+- PB-44933 - Fix setup a new user should have missing key set
+
+### Maintenance
+- PB-44594 - Upgrade xregexp to 5.1.2
 - PB-44638 Password expiry should not be removed when password is not updated
 - PB-44668 The create menu import operation should be actionable when encrypted metadata plugin is not available
 

package/RELEASE_NOTES.md

@@ -1,15 +1,52 @@
-Release song: https://www.youtube.com/watch?v=6tpGC4lgpMg
+Release song: https://youtu.be/L3Wo8jcNrkQ?si=HiNK6kSFC-aMFMJe
 
-This hot-fix addresses several issues introduced in recent v5.x releases.
+Passbolt 5.5.0 is a feature release candidate that lets administrators run encrypted metadata in zero-knowledge mode and adds SCIM provisioning (beta) for easier user management.
 
-Since v5.3, organizations running Passbolt on servers with a locale different from en-UK could encounter issues to update or later to use the application, which have now been resolved.
+# Zero-knowledge
+Zero-knowledge for encrypted metadata is intended for organisations that prioritise maximum privacy and can do without server-side auditability. In this mode, the server never receives the shared metadata private key and therefore cannot access any resource metadata.
 
-It also fixes a problem where organizations that had manually disabled encrypted metadata using the kill switch available to system administrators were unable to initiate imports credentials from the web application. This was a side effect of recent work preparing for the upcoming zero-knowledge capability, which will further strengthen the encrypted metadata feature introduced earlier.
+When a new user joins, the server does not automatically share the key with them. Instead, administrators are notified by email once the user has completed their activation and is ready to receive access. From the Users & Groups workspace, administrators can then review the situation and share the key when the time is right.
 
-Finally, since v5.0, resources whose secrets had been modified, irrespective of whether the secret was a password, a TOTP, or a secure note, have had their expiration dates automatically rotated, which was not the expected behaviour. The expected behaviour is now restored: the expiration date is rotated only when the password is edited.
+Until a user receives the key, their experience is intentionally limited: actions that depend on the shared metadata key, such as sharing a resource, moving a private item into a shared folder, or creating content meant to be shared, are blocked.
 
-We thank the community for promptly reporting these issues.
+To know more about the encrypted metadata zero-knowledge mode, check out this [blog post](https://www.passbolt.com/blog/the-road-to-passbolt-v5-encrypted-metadata-and-other-core-security-changes-2).
+
+# SCIM (beta)
+This release also introduces SCIM 2.0 (beta) to automate user provisioning with your identity provider. The first iteration focuses on Microsoft Entra ID (Azure AD) and is available on Passbolt Pro.
+
+With SCIM, administrators can create, update, and deactivate users directly from their identity provider, without ever touching the Passbolt UI. For now, only user synchronisation is supported, while group synchronisation will follow in a future update.
+
+Note that Okta should work out of the box, though some journeys may still need polish, such as the user deactivation.
+
+Several bugs reported by the community have also been fixed. As always, thank you to everyone who took the time to file issues and suggest improvements. Checkout the changelog for more information.
+
+### Added
+- PB-43921 - Increase directory sync report dialog size
+- PB-44816 Pro teasing - WP1.1 Create DisplaySubscriptionKeyTeasing component
+- PB-44817 Pro teasing - WP1.2 Create DisplayPasswordPoliciesAdministrationTeasing
+- PB-44818 Pro teasing - WP1.3 Create DisplayAdministrationUserPassphrasePoliciesTeasing
+- PB-44819 Pro teasing - WP1.4 Create ManageAccountRecoveryAdministrationSettingsTeasing
+- PB-44820 Pro teasing - WP1.5 Create ManageSsoSettingsTeasing
+- PB-44821 Pro teasing - WP1.6 Create DisplayMfaPolicyAdministrationTeasing
+- PB-44822 Pro teasing - WP1.7 Create DisplayUserDirectoryAdministrationTeasing
+- PB-44823 Pro teasing - WP1.8 Create DisplayScimAdministrationTeasing
+- PB-44826 Pro teasing - WP2.1 Add teasing property and new route on AdministrationHomePage
+- PB-44827 Pro teasing - WP2.2 Update the DisplayAdministrationMenu to display teasing Icon on PRO menu for CE
+- PB-44393 ZK - WP5.1 As an administrator I should be able to enable zero knowledge mode
+- PB-44646 ZK - WP5.3 Add share metadata private keys to MetadataKeysSettingsEntity
+- PB-44641 ZK - WP5.4 Create UpdateMetadataSettingsPrivateKeyService to to be able to disabled zero knowledge mode
+- PB-44631 ZK - WP5.5 Update SaveMetadataKeysSettingsController to be able to disabled zero knowledge mode
+- PB-44757 ZK - WP5.6 As an administrator with missing metadata keys I should not be able to change metadata settings
+- PB-44630 - SCIM administration screen
 
 ### Fixed
-PB-44638 Password expiry should not be removed when password is not updated
-PB-44668 The create menu import operation should be actionable when encrypted metadata plugin is not available
+- PB-44638 - Password expiry should not be removed when password is not updated
+- PB-44604 - Fix regular expression on public key metadata validation
+- PB-44707 - Fix service worker not restarting after browser extension update on Chrome
+- PB-45060 - Fix custom fields json schema properties type
+- PB-44933 - Fix setup a new user should have missing key set
+
+### Maintenance
+- PB-44594 - Upgrade xregexp to 5.1.2
+- PB-44638 Password expiry should not be removed when password is not updated
+- PB-44668 The create menu import operation should be actionable when encrypted metadata plugin is not available

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "5.4.1",
+  "version": "5.5.0",
   "license": "AGPL-3.0",
   "copyright": "Copyright 2025 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",
@@ -22,13 +22,13 @@
     "locutus": "~2.0.9",
     "openpgp": "^6.1.1",
     "papaparse": "^5.5.2",
-    "passbolt-styleguide": "^5.4.4",
+    "passbolt-styleguide": "^v5.5.2",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1",
     "validator": "^13.7.0",
     "webextension-polyfill": "^0.10.0",
-    "xregexp": "~5.1.0"
+    "xregexp": "~5.1.2"
   },
   "devDependencies": {
     "@babel/core": "^7.23.2",

package/src/all/background_page/controller/metadata/saveMetadataKeysSettingsController.js

@@ -14,6 +14,8 @@
 import SaveMetadataSettingsService from "../../service/metadata/saveMetadataSettingsService";
 import MetadataKeysSettingsEntity
   from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysSettingsEntity";
+import FindMetadataSettingsService from "../../service/metadata/findMetadataSettingsService";
+import GetPassphraseService from "../../service/passphrase/getPassphraseService";
 
 class SaveMetadataKeysSettingsController {
   /**
@@ -27,6 +29,8 @@ class SaveMetadataKeysSettingsController {
     this.worker = worker;
     this.requestId = requestId;
     this.saveMetadaSettingsService = new SaveMetadataSettingsService(account, apiClientOptions);
+    this.findMetadataSettingsService = new FindMetadataSettingsService(apiClientOptions);
+    this.getPassphraseService = new GetPassphraseService(account);
   }
 
   /**
@@ -50,8 +54,9 @@ class SaveMetadataKeysSettingsController {
    * @throws {EntityValidationError} If the settings dto does not validate against MetadataKeysSettingsEntity
    */
   async exec(dto) {
+    const passphrase = await this.getPassphraseService.getPassphrase(this.worker);
     const settings = new MetadataKeysSettingsEntity(dto);
-    return this.saveMetadaSettingsService.saveKeysSettings(settings);
+    return this.saveMetadaSettingsService.saveKeysSettings(settings, passphrase);
   }
 }
 

package/src/all/background_page/controller/metadata/saveMetadataKeysSettingsController.test.js

@@ -21,13 +21,17 @@ import {
 } from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysSettingsEntity.test.data";
 import MetadataKeysSettingsEntity
   from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysSettingsEntity";
+import {pgpKeys} from "passbolt-styleguide/test/fixture/pgpKeys/keys";
+import RoleEntity from "passbolt-styleguide/src/shared/models/entity/role/roleEntity";
 
 describe("SaveMetadataKeysController", () => {
   describe("::exec", () => {
     let controller, account, apiClientOptions;
 
     beforeEach(async() => {
-      account = new AccountEntity(defaultAccountDto());
+      account = new AccountEntity(defaultAccountDto({
+        role_name: RoleEntity.ROLE_ADMIN
+      }));
       apiClientOptions = defaultApiClientOptions();
       controller = new SaveMetadataKeysController(null, null, apiClientOptions, account);
       // flush account related storage before each.
@@ -41,6 +45,10 @@ describe("SaveMetadataKeysController", () => {
       // mock metadata keys settings api service.
       jest.spyOn(controller.saveMetadaSettingsService.metadataKeysSettingsApiService, "save")
         .mockImplementation(settings => settings.toDto());
+      jest.spyOn(controller.saveMetadaSettingsService.findMetadataSettingsService.metadataKeysSettingsApiService, "findSettings")
+        .mockImplementation(() => defaultMetadataKeysSettingsDto());
+      // mock passphrase
+      jest.spyOn(controller.getPassphraseService, "getPassphrase").mockImplementationOnce(() => pgpKeys.ada.passphrase);
       // spy on local storage service
       jest.spyOn(controller.saveMetadaSettingsService.metadataKeysSettingsLocalStorage, "set");
 
@@ -53,8 +61,33 @@ describe("SaveMetadataKeysController", () => {
         .toHaveBeenCalledWith(new MetadataKeysSettingsEntity(metadataKeysSettingsDto));
     });
 
+    it("saves metadata keys settings and update the local storage with it when go back from zero knowledge to user friendly mode.", async() => {
+      expect.assertions(3);
+
+      const metadataKeysSettingsDto = defaultMetadataKeysSettingsDto();
+      // mock metadata keys settings api service.
+      jest.spyOn(controller.saveMetadaSettingsService.metadataKeysSettingsApiService, "save")
+        .mockImplementation(settings => settings.toDto());
+      jest.spyOn(controller.saveMetadaSettingsService.findMetadataSettingsService.metadataKeysSettingsApiService, "findSettings")
+        .mockImplementation(() => defaultMetadataKeysSettingsDto());
+      // spy on local storage service
+      jest.spyOn(controller.saveMetadaSettingsService.metadataKeysSettingsLocalStorage, "set");
+      // mock passphrase
+      jest.spyOn(controller.getPassphraseService, "getPassphrase").mockImplementationOnce(() => pgpKeys.ada.passphrase);
+
+      const savedMetadataKeysSettings = await controller.exec(metadataKeysSettingsDto);
+
+      expect(savedMetadataKeysSettings).toBeInstanceOf(MetadataKeysSettingsEntity);
+      expect(controller.saveMetadaSettingsService.metadataKeysSettingsApiService.save)
+        .toHaveBeenCalledWith(new MetadataKeysSettingsEntity(metadataKeysSettingsDto));
+      expect(controller.saveMetadaSettingsService.metadataKeysSettingsLocalStorage.set)
+        .toHaveBeenCalledWith(new MetadataKeysSettingsEntity(metadataKeysSettingsDto));
+    });
+
     it("throws if the parameters are not valid.", async() => {
       expect.assertions(1);
+      // mock passphrase
+      jest.spyOn(controller.getPassphraseService, "getPassphrase").mockImplementationOnce(() => pgpKeys.ada.passphrase);
       await expect(() => controller.exec("invalid metadata keys settings entity", {}))
         .toThrowEntityValidationError("allow_usage_of_personal_keys", "required");
     });

package/src/all/background_page/controller/metadata/shareMetadataKeyPrivateController.js

@@ -57,7 +57,7 @@ class ShareMetadataKeyPrivateController {
 
     const passphrase = await this.getPassphraseService.getPassphrase(this.worker);
     await this.verifyOrTrustMetadataKeyService.verifyTrustedOrTrustNewMetadataKey(passphrase);
-    await this.shareMetadataKeyPrivateService.shareMissing(userId, passphrase);
+    await this.shareMetadataKeyPrivateService.shareOneMissing(userId, passphrase);
   }
 }
 

package/src/all/background_page/controller/scimSettings/createScimSettingsController.js

@@ -0,0 +1,56 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.5.0
+ */
+
+import ScimSettingsEntity from "passbolt-styleguide/src/shared/models/entity/scimSettings/scimSettingsEntity";
+import EnableScimSettingsService from "../../service/scimSettings/enableScimSettingsService";
+
+class CreateScimSettingsController {
+  /**
+   * @constructor
+   * @param {Worker} worker
+   * @param {string} requestId
+   * @param {ApiClientOptions} apiClientOptions the api client options
+   */
+  constructor(worker, requestId, apiClientOptions) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.enableScimSettingsService = new EnableScimSettingsService(apiClientOptions);
+  }
+
+  /**
+   * Controller executor.
+   * @returns {Promise<void>}
+   */
+  async _exec(data) {
+    try {
+      const result = await this.exec(data);
+      this.worker.port.emit(this.requestId, 'SUCCESS', result);
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Create SCIM settings.
+   * @param {Object} data
+   * @returns {Promise<*>} SCIM settings
+   */
+  async exec(data) {
+    const scimSettingForCreation = ScimSettingsEntity.createFromScimSettingsCreation(data);
+    return await this.enableScimSettingsService.enable(scimSettingForCreation);
+  }
+}
+
+export default CreateScimSettingsController;

package/src/all/background_page/controller/scimSettings/createScimSettingsController.test.js

@@ -0,0 +1,64 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.5.0
+ */
+
+import expect from "expect";
+import CreateScimSettingsController from "./createScimSettingsController";
+import ScimSettingsEntity from "passbolt-styleguide/src/shared/models/entity/scimSettings/scimSettingsEntity";
+import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+import {defaultScimSettingsDto, scimSettingsWithoutSecretTokenDto} from "../../service/api/scimSettings/scimSettingsApiService.test.data";
+import EntityValidationError from "passbolt-styleguide/src/shared/models/entity/abstract/entityValidationError";
+
+describe("CreateScimSettingsController", () => {
+  let apiClientOptions, controller;
+
+  beforeEach(() => {
+    apiClientOptions = defaultApiClientOptions();
+    controller = new CreateScimSettingsController(null, null, apiClientOptions);
+  });
+
+  describe("::exec", () => {
+    it("should create SCIM settings", async() => {
+      expect.assertions(3);
+      const scimSettingsDto = defaultScimSettingsDto();
+      const scimSettingsEntity = new ScimSettingsEntity(scimSettingsDto);
+      jest.spyOn(controller.enableScimSettingsService, "enable").mockResolvedValue(scimSettingsEntity);
+
+      const result = await controller.exec(scimSettingsDto);
+
+      expect(result).toEqual(scimSettingsEntity);
+      expect(controller.enableScimSettingsService.enable).toHaveBeenCalledWith(scimSettingsEntity);
+      expect(result).toBeInstanceOf(ScimSettingsEntity);
+    });
+
+    it("should handle errors when creating SCIM settings", async() => {
+      expect.assertions(2);
+      const error = new Error("Failed to create SCIM settings");
+      jest.spyOn(controller.enableScimSettingsService, "enable").mockRejectedValue(error);
+
+      await expect(controller.exec(defaultScimSettingsDto())).rejects.toThrow(error);
+      expect(controller.enableScimSettingsService.enable).toHaveBeenCalled();
+    });
+
+    it("should throw error if secret_token is missing", async() => {
+      expect.assertions(2);
+      jest.spyOn(controller.enableScimSettingsService, "enable");
+
+      const scimSettingsDto = scimSettingsWithoutSecretTokenDto();
+      delete scimSettingsDto.secret_token;
+
+      await expect(controller.exec(scimSettingsDto)).rejects.toThrowError(EntityValidationError);
+      expect(controller.enableScimSettingsService.enable).not.toHaveBeenCalled();
+    });
+  });
+});

package/src/all/background_page/controller/scimSettings/disableScimSettingsController.js

@@ -0,0 +1,56 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.5.0
+ */
+
+import DisableScimSettingsService from "../../service/scimSettings/disableScimSettingsService";
+import {assertUuid} from "../../utils/assertions";
+
+class DisableScimSettingsController {
+  /**
+   * @constructor
+   * @param {Worker} worker
+   * @param {string} requestId
+   * @param {ApiClientOptions} apiClientOptions the api client options
+   */
+  constructor(worker, requestId, apiClientOptions) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.disableScimSettingsService = new DisableScimSettingsService(apiClientOptions);
+  }
+
+  /**
+   * Controller executor.
+   * @returns {Promise<void>}
+   */
+  async _exec(id) {
+    try {
+      const result = await this.exec(id);
+      this.worker.port.emit(this.requestId, 'SUCCESS', result);
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Disable SCIM settings.
+   * @param {string} id
+   * @returns {Promise<*>} SCIM settings
+   */
+  async exec(id) {
+    assertUuid(id);
+    return this.disableScimSettingsService.disable(id);
+  }
+}
+
+export default DisableScimSettingsController;

package/src/all/background_page/controller/scimSettings/disableScimSettingsController.test.js

@@ -0,0 +1,51 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.5.0
+ */
+
+import expect from "expect";
+import DisableScimSettingsController from "./disableScimSettingsController";
+import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+import {v4 as uuidv4} from "uuid";
+
+describe("DisableScimSettingsController", () => {
+  let apiClientOptions, controller;
+
+  beforeEach(() => {
+    apiClientOptions = defaultApiClientOptions();
+    controller = new DisableScimSettingsController(null, null, apiClientOptions);
+  });
+
+  describe("::exec", () => {
+    it("should disable SCIM settings", async() => {
+      expect.assertions(2);
+      const id = uuidv4();
+      const expectedResult = {success: true};
+      jest.spyOn(controller.disableScimSettingsService, "disable").mockResolvedValue(expectedResult);
+
+      const result = await controller.exec(id);
+
+      expect(result).toEqual(expectedResult);
+      expect(controller.disableScimSettingsService.disable).toHaveBeenCalledWith(id);
+    });
+
+    it("should handle errors when disabling SCIM settings", async() => {
+      expect.assertions(2);
+      const error = new Error("Failed to disable SCIM settings");
+      const id = uuidv4();
+      jest.spyOn(controller.disableScimSettingsService, "disable").mockRejectedValue(error);
+
+      await expect(controller.exec(id)).rejects.toThrow(error);
+      expect(controller.disableScimSettingsService.disable).toHaveBeenCalledWith(id);
+    });
+  });
+});

package/src/all/background_page/controller/scimSettings/findScimSettingsController.js

@@ -0,0 +1,53 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.5.0
+ */
+
+import FindScimSettingsService from "../../service/scimSettings/findScimSettingsService";
+
+class FindScimSettingsController {
+  /**
+   * @constructor
+   * @param {Worker} worker
+   * @param {string} requestId
+   * @param {ApiClientOptions} apiClientOptions the api client options
+   */
+  constructor(worker, requestId, apiClientOptions) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.findScimSettingsService = new FindScimSettingsService(apiClientOptions);
+  }
+
+  /**
+   * Controller executor.
+   * @returns {Promise<void>}
+   */
+  async _exec() {
+    try {
+      const result = await this.exec();
+      this.worker.port.emit(this.requestId, 'SUCCESS', result);
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Find SCIM settings.
+   * @returns {Promise<*>} SCIM settings
+   */
+  async exec() {
+    return await this.findScimSettingsService.get();
+  }
+}
+
+export default FindScimSettingsController;

package/src/all/background_page/controller/scimSettings/findScimSettingsController.test.js

@@ -0,0 +1,49 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.5.0
+ */
+
+import expect from "expect";
+import FindScimSettingsController from "./findScimSettingsController";
+import ScimSettingsEntity from "passbolt-styleguide/src/shared/models/entity/scimSettings/scimSettingsEntity";
+import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+import {defaultScimSettingsDto} from "../../service/api/scimSettings/scimSettingsApiService.test.data";
+
+describe("FindScimSettingsController", () => {
+  let apiClientOptions, controller;
+
+  beforeEach(() => {
+    apiClientOptions = defaultApiClientOptions();
+    controller = new FindScimSettingsController(null, null, apiClientOptions);
+  });
+
+  describe("::exec", () => {
+    it("should find SCIM settings", async() => {
+      const scimSettingsDto = defaultScimSettingsDto();
+      const scimSettingsEntity = new ScimSettingsEntity(scimSettingsDto);
+      jest.spyOn(controller.findScimSettingsService, "get").mockResolvedValue(scimSettingsEntity);
+
+      const result = await controller.exec();
+
+      expect(result).toEqual(scimSettingsEntity);
+      expect(controller.findScimSettingsService.get).toHaveBeenCalled();
+    });
+
+    it("should handle errors when finding SCIM settings", async() => {
+      const error = new Error("Failed to find SCIM settings");
+      jest.spyOn(controller.findScimSettingsService, "get").mockRejectedValue(error);
+
+      await expect(controller.exec()).rejects.toThrow(error);
+      expect(controller.findScimSettingsService.get).toHaveBeenCalled();
+    });
+  });
+});

package/src/all/background_page/controller/scimSettings/updateScimSettingsController.js

@@ -0,0 +1,60 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.5.0
+ */
+
+import ScimSettingsEntity from "passbolt-styleguide/src/shared/models/entity/scimSettings/scimSettingsEntity";
+import UpdateScimSettingsService from "../../service/scimSettings/updateScimSettingsService";
+import {assertUuid} from "../../utils/assertions";
+
+class UpdateScimSettingsController {
+  /**
+   * @constructor
+   * @param {Worker} worker
+   * @param {string} requestId
+   * @param {ApiClientOptions} apiClientOptions the api client options
+   */
+  constructor(worker, requestId, apiClientOptions) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.updateScimSettingsService = new UpdateScimSettingsService(apiClientOptions);
+  }
+
+  /**
+   * Controller executor.
+   * @returns {Promise<void>}
+   */
+  async _exec(id, data) {
+    try {
+      const result = await this.exec(id, data);
+      this.worker.port.emit(this.requestId, 'SUCCESS', result);
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Update SCIM settings.
+   * @param {string} id
+   * @param {Object} data
+   * @returns {Promise<*>} SCIM settings
+   */
+  async exec(id, data) {
+    assertUuid(id);
+
+    const scimSettingForUpdating = ScimSettingsEntity.createFromScimSettingsUpdate(data);
+    return await this.updateScimSettingsService.update(id, scimSettingForUpdating);
+  }
+}
+
+export default UpdateScimSettingsController;