System for Cross-Domain Identity Management (SCIM)

System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems. SCIM is used by companies that make use of applications/systems that are hosted on external domains – i.e. cloud applications like Google Apps, Office365 or Salesforce.com – to programmatically add/delete accounts for users on the external applications/systems. Instead of writing connectors to enable company’s IdM to setup, update and tear down accounts on external apps and systems, SCIM provides a standard way to do this.

SCIM uses a standardized REST API with data formatted in JSON or XML.

Unlike Federate Identity Management systems that rely on using an established account in one domain to authenticate a user to another domain, SCIM is used to automate the process of setting up, updating and tearing down user identity accounts across domains.

Frequently Asked Questions
What is the purpose of SCIM?

System for Cross-domain Identity Management (SCIM) is a standard for automating the exchange of user identity information between identity domains, or IT systems.

Which type of API does SCIM uses?

SCIM uses a standardized REST API with data formatted in JSON or XML.

What about DSML and SPML?

Service Provisioning Markup Language (SPML), which is based on the concepts of Directory Services Markup Language, is an XML-based framework developed for exchanging user, resource and service provisioning information between cooperating organizations. Relative to SPML, SCIM is a that offers less functionality in exchange for being simpler and easier to use. It is also based on standard REST APIs.

Can SCIM be used on any type of application?

SCIM can be used to setup, update or tear down user accounts on any application or system that supports the SCIM standard and can communicate using REST APIs