Glossary / Provisioning
SCIM
SCIM is a standard REST API and schema for automatically creating, updating, and deactivating user accounts across systems, so that identity data stays in sync without manual work.
Also: SCIM, System for Cross-domain Identity Management
System for Cross-domain Identity Management is the standard for automated user provisioning. It defines a common schema for users and groups and a REST API for creating, reading, updating, and deactivating those records, so that when an account changes in a source of truth the change propagates to connected applications.
SCIM removes the manual and error-prone work of onboarding and offboarding accounts by hand. When a user is added or removed in an identity provider, SCIM pushes that state to every downstream system that supports it, which also closes a common security gap where deactivated users keep lingering access.
SCIM is most associated with workforce identity, but it matters in CIAM whenever a customer-facing product must keep accounts in sync with partner systems or provision access for business customers’ teams.
Sources
- IETF RFC 7644, SCIM Protocol: https://datatracker.ietf.org/doc/html/rfc7644
Related terms
Standards
- IETF RFC 7643
- IETF RFC 7644