System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems. One example might be that as a company onboards new employees and separates from existing employees, they are added and removed from the company's electronic employee directory. SCIM could be used to automatically add/delete (or, provision/de-provision) accounts for those users in external systems such as

Google Workspace Google Workspace (formerly G Suite, formerly Google Apps) is a collection of cloud computing, Productivity software, productivity and Collaborative software, collaboration tools, software and products developed and marketed by Google. It con ...

Microsoft 365 Microsoft 365 (previously called Office 365) is a product family of productivity software, collaboration and Cloud computing, cloud-based Software as a service, services owned by Microsoft. It encompasses online services such as Outlook.com, One ...

, or

Salesforce.com Salesforce, Inc. is an American cloud-based software company headquartered in San Francisco, California. It provides applications focused on sales, customer service, marketing automation, e-commerce, analytics, artificial intelligence, and appl ...

. Then, a new user account would exist in the external systems for each new employee, and the user accounts for former employees might no longer exist in those systems. In addition to simple user-record management (creating and deleting), SCIM can also be used to share information about user attributes, attribute schema, and group membership. Attributes could range from user contact information to group membership. Group membership or other attribute values are generally used to manage user permissions. Attribute values and group assignments can change, adding to the challenge of maintaining the relevant data across multiple identity domains. The SCIM standard has grown in popularity and importance, as organizations use more

SaaS Software as a service (SaaS ) is a cloud computing service model where the provider offers use of application software to a client and manages all needed physical and software resources. SaaS is usually accessed via a web application. Unlike oth ...

tools. A large organization can have hundreds or thousands of hosted applications (internal and external) and related servers, databases and file shares that require user provisioning. Without a standard connection method, companies must write custom software connectors to join these systems and their

Identity Management Identity and access management (IAM or IdAM) or Identity management (IdM), is a framework of policies and technologies to ensure that the right users (that are part of the ecosystem connected to or within an enterprise) have the appropriate acce ...

(IdM) system. SCIM uses a standardised

API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...

through

REST REST (Representational State Transfer) is a software architectural style that was created to describe the design and guide the development of the architecture for the World Wide Web. REST defines a set of constraints for how the architecture of ...

with data formatted in

JSON JSON (JavaScript Object Notation, pronounced or ) is an open standard file format and electronic data interchange, data interchange format that uses Human-readable medium and data, human-readable text to store and transmit data objects consi ...

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing data. It defines a set of rules for encoding electronic document, documents in a format that is both human-readable and Machine-r ...

History

The first version, SCIM 1.0, was released in 2011 by a SCIM standard working group organized under the Open Web Foundation. In 2011, it was transferred to the

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...

, and the current standard, SCIM 2.0 was released as

IETF RFC A Request for Comments (RFC) is a publication in a series from the principal technical development and standards-setting bodies for the Internet, most prominently the Internet Engineering Task Force (IETF). An RFC is authored by individuals or ...

in 2015. SCIM 2.0 was completed in September 2015 and is published as IETF RFCs 7643 and 7644. A use-case document is also available as RFC 7642. The standard has been implemented in various IdM software. The standard was initially called ''Simple Cloud Identity Management'' (and is still called this in some places), but the name was officially changed to ''System for Cross-domain Identity Management (SCIM)'' when the IETF adopted it.

Interoperability Interoperability is a characteristic of a product or system to work with other products or systems. While the term was initially defined for information technology or systems engineering services to allow for information exchange, a broader de ...

was demonstrated in October, 2011, at the Cloud Identity Summit, an IAM industry conference. There, user accounts were provisioned and de-provisioned across separate systems using SCIM standards, by a collection of IdM software vendors:

Okta In meteorology, an okta is a scale of measurement used to describe the amount of cloud cover at any given location such as a weather station. Sky conditions are estimated in terms of how many eighths of the sky are covered in cloud, ranging fro ...

, CyberArk,

Ping Identity Ping Identity Corporation is an American software company established in 2002 by Andre Durand and Bryan Field-Elliot. It is headquartered in Denver with development offices in Vancouver, Tel Aviv, Austin, Bristol, Grenoble, Boston and Edinburgh. ...

, SailPoint, Technology Nexus and UnboundID. In March 2012, at IETF 83 in Paris,

interoperability Interoperability is a characteristic of a product or system to work with other products or systems. While the term was initially defined for information technology or systems engineering services to allow for information exchange, a broader de ...

tests continued by the same vendors, joined by

, BCPSoft, WSO2, Gluu, and Courion (now SecureAuth) nine companies in total. SCIM is the second standard for exchanging user data, but it builds on prior standards (e.g.

SPML Service Provisioning Markup Language (SPML) is an XML-based framework, being developed by OASIS, for exchanging user, resource and service provisioning information between cooperating organizations. The Service Provisioning Markup language is the ...

, PortableContacts,

vCard vCard, also known as VCF ("Virtual Contact File"), is a file format standard for electronic business cards. vCards can be attached to e-mail messages, sent via Multimedia Messaging Service (MMS), on the World Wide Web, instant messaging, N ...

s, and LDAP directory services) in an attempt to be a simpler and more widely adopted solution for cloud services providers. The SCIM standard is growing in popularity and has been adopted by numerous identity providers as well as applications. As adoption of the standard grows, so do the number of tools available. The standard leverages a number of open-source libraries to facilitate development and testing frameworks ensure that endpoint's compliance with the SCIM standard.

References

External links

* - This is the working group in IETF that defines the standard. * This site is dedicated to the standard and has explanations and details about how to implement the standard. * * {{cite web , first=Pamela , last=Dingle , title=Provisioning with SCIM – getting started , website=Techcommunity.Microsoft.com , date=2019-10-03 , url=https://techcommunity.microsoft.com/t5/identity-standards-blog/provisioning-with-scim-getting-started/ba-p/880010 , access-date=2020-09-15 Identity management Open standards Standards Technological change