System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems. One example might be that as a company onboards new employees and separates from existing employees, they are added and removed from the company's electronic employee

directory Directory may refer to: * Directory (computing), or folder, a file system structure in which to store computer files * Directory (OpenVMS command) * Directory service, a software application for organizing information about a computer network' ...

. SCIM could be used to automatically add/delete (or, provision/de-provision) accounts for those users in external systems such as

Google Workspace Google Workspace (formerly known as Google Apps and later G Suite) is a collection of cloud computing, productivity and collaboration tools, software and products developed and marketed by Google. It consists of Gmail, Contacts, Calendar, M ...

Office 365 Microsoft 365 is a product family of productivity software, collaboration and cloud-based services owned by Microsoft. It encompasses online services such as Outlook.com, OneDrive, Microsoft Teams, programs formerly marketed under the name ...

, or

Salesforce.com Salesforce, Inc. is an American cloud-based software company headquartered in San Francisco, California. It provides customer relationship management (CRM) software and applications focused on sales, customer service, marketing automation, a ...

. Then, a new user account would exist in the external systems for each new employee, and the user accounts for former employees might no longer exist in those systems. In addition to simple user-record management (creating and deleting), SCIM can also be used to share information about user attributes, attribute schema, and group membership. Attributes could range from user contact information to group membership. Group membership or other attribute values are generally used to manage user permissions. Attribute values and group assignments can change, adding to the challenge of maintaining the relevant data across multiple identity domains. The SCIM standard has grown in popularity and importance, as organizations use more

SaaS Software as a service (SaaS ) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as "on-demand software" and Web-based/Web-hosted software. SaaS is co ...

tools. A large organization can have hundreds or thousands of hosted applications (internal and external) and related servers, databases and file shares that require user provisioning. Without a standard connection method, companies must write custom software connectors to join these systems and their Identity Management (IdM) system. SCIM uses a standardised

API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...

through

REST Rest or REST may refer to: Relief from activity * Sleep ** Bed rest * Kneeling * Lying (position) * Sitting * Squatting position Structural support * Structural support ** Rest (cue sports) ** Armrest ** Headrest ** Footrest Arts and ente ...

with data formatted in

JSON JSON (JavaScript Object Notation, pronounced ; also ) is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of attribute–value pairs and arrays (or other s ...

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. ...

History

The first version, SCIM 1.0, was released in 2011 by a SCIM standard working group organized under the Open Web Foundation. In 2011, it was transferred to the

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...

, and the current standard, SCIM 2.0 was released as

IETF RFC A Request for Comments (RFC) is a publication in a series from the principal technical development and standards-setting bodies for the Internet, most prominently the Internet Engineering Task Force (IETF). An RFC is authored by individuals or g ...

in 2015. SCIM 2.0 was completed in September 2015 and is published as IETF RFCs 7643 and 7644. A use-case document is also available as RFC 7642. The standard has been implemented in various IdM software. The standard was initially called ''Simple Cloud Identity Management'' (and is still called this in some places), but the name was officially changed to ''System for Cross-domain Identity Management (SCIM)'' when the IETF adopted it.

Interoperability Interoperability is a characteristic of a product or system to work with other products or systems. While the term was initially defined for information technology or systems engineering services to allow for information exchange, a broader def ...

was demonstrated in October, 2011, at the Cloud Identity Summit, an

IAM IAM may refer to: Concepts * Identity and access management, a concept that combines business processes, policies and technologies *Indo-Aryan migration, the theory that speakers of Indo-Aryan languages migrated into the Indian subcontinent duri ...

industry conference. There, user accounts were provisioned and de-provisioned across separate systems using SCIM standards, by a collection of IdM software vendors:

Okta In meteorology, an okta is a unit of measurement used to describe the amount of cloud cover at any given location such as a weather station. Sky conditions are estimated in terms of how many eighths of the sky are covered in cloud, ranging from ...

, CyberArk,

Ping Identity Ping Identity Corporation is an American software company established in 2002 by Andre Durand and Bryan Field-Elliot. It is headquartered in Denver, Colorado, United States with development offices in Vancouver, British Columbia, Tel Aviv, Israel, ...

, SailPoint, Technology Nexus and UnboundID. In March 2012, at IETF 83 in Paris,

interoperability Interoperability is a characteristic of a product or system to work with other products or systems. While the term was initially defined for information technology or systems engineering services to allow for information exchange, a broader def ...

tests continued by the same vendors, joined by

, BCPSoft,

WSO2 WSO2 is an open-source technology provider founded in 2005. It offers an enterprise platform for integrating application programming interfaces (APIs), applications, and web services locally and across the Internet. History WSO2 was founded ...

, Gluu, and Courion (now SecureAuth) nine companies in total. SCIM is the second standard for exchanging user data, but it builds on prior standards (e.g. SPML, PortableContacts,

vCard vCard, also known as VCF (Virtual Contact File), is a file format standard for electronic business cards. vCards can be attached to e-mail messages, sent via Multimedia Messaging Service (MMS), on the World Wide Web, instant messaging, NFC o ...

s, and LDAP directory services) in an attempt to be a simpler and more widely adopted solution for cloud services providers. The SCIM standard is growing in popularity and has been adopted by numerous identity providers (e.g. Azure Active Directory, Okta) as well as applications (e.g. Dynamic Signal, Zscaler, Dropbox, and Perimeter81). As adoption of the standard grows, so do the number of tools available. The standard leverages a number of open-source libraries to facilitate development and testing frameworks ensure that endpoint's compliance with the SCIM standard.

References

External links

* - This is the working group in IETF that defines the standard. * This site is dedicated to the standard and has explanations and details about how to implement the standard. * *{{cite web , first=Pamela , last=Dingle , title=Provisioning with SCIM – getting started , website=Techcommunity.Microsoft.com , date=2019-10-03 , url=https://techcommunity.microsoft.com/t5/identity-standards-blog/provisioning-with-scim-getting-started/ba-p/880010 , access-date=2020-09-15 Identity management Open standards Standards Technological change