SCIM provisioning overview
System for Cross-domain Identity Management (SCIM) is an open standard that manages user identity information between identity domains. The goal of SCIM is to make managing the exchange of user identities between cloud applications and services easier. Once configured, user profiles that are added, edited, or deleted in the SecureAuth® Identity Platform are automatically updated in supported applications.
The following workflow is an example of a user logging into a SCIM integrated application for the first time with new or updated credentials:
The user accesses a SCIM integrated third-party application which redirects to the Identity Platform.
The user authenticates and the Identity Platform verifies their credentials with the associated data store.
The Identity Platform recognizes that the verified user is accessing the third-party application for the first time or with newly updated credentials. It sends this information to the Service Provider to create or update the verified user's profile.
The user is granted access to the application and their profile is automatically created or updated with the Service Provider with no other steps needed.
Refer to the diagram below for a visual of how SCIM provisioning works:
Currently, the Identity Platform supports SCIM provisioning with the following Service Providers:
GitHub
AWS
Salesforce
The following authentication methods are supported:
Basic
OAuth 2.0
Access Token
Supported SCIM provisioning functionality
The following matrix details the supported SCIM provisioning in the Identity Platform release 22.12-1 or later.
SCIM provisioning – SCIM provisioning automates provisioning, deprovisioning, and management of users through the service provider.
Supported – Supports the automation of SCIM provisioning and deprovisioning.
Not supported – Does not support the automation of SCIM provisioning and deprovisoning. However, as an admin, you can go into the directory of the service provider and make this adjustment.
Service provider | SCIM provisioning: User | SCIM provisioning: Group / Team synchronization | SCIM management: User profile update | SCIM deprovisioning: User deactivation | SCIM deprovisioning: Group |
---|---|---|---|---|---|
AWS | Supported | Supported
| Supported | Supported | Not supported
|
GitHub | Supported | Not supported | Not supported | Supported | Not supported |
Salesforce | Supported | Not supported | Limited support | Supported | Not supported |
Next steps
Follow the configuration steps to enable SCIM with any of the supported service providers.