Is your organization expanding and adding a growing number of employees to your staff? Or do you see frequent movement in personnel roles, with individuals being promoted or moved to other departments?


If you’ve answered, “Yes!” to either of these questions, SCIM can offer your organization a streamlined, secure way of user provisioning.


SCIM Definition and History


Originally called “simple cloud identity management,” system for cross-domain identity management — or SCIM — is an open standard that enables organizations to automate the interchange of user identity data between IT systems or identity domains.


In 2011, when it became clear that cloud computing was going to grow in importance, the Open Web Foundation released SCIM 1.0. That same year, the standard was transferred to the Internet Engineering Taskforce — or IETF. In 2015, SCIM 2.0 was published as a request for comments — or RFC — publication.


Several tech giants, including Cisco, Google and Salesforce, were the driving forces behind the creation of SCIM, which is founded on earlier standards such as LDAP directory services as well as SPML, vCards and PortableContacts. They intended SCIM to be a less complex solution that would be more readily adopted by cloud services providers.


At the 2011 Cloud Identity Summit, various software vendors demonstrated the interoperability of SCIM. They used the standard to provision and deprovision user accounts across multiple systems. Since then, a growing number of organizations have started to use it to streamline user provisioning between SaaS applications.


How SCIM Works


Based on JSON and REST, SCIM defines two roles — a client and a server. The client is the identity provider — or IdP. It comprises an exhaustive database of user identities along with additional information, such as permissions. The service provider is any SaaS application — such as Bootcamp or Dropbox — that needs a certain amount of information from the identities in the database.


With SCIM, provisioning becomes simple, as any changes that are made to the IdP database are automatically synced in the service provider. If an account is created, updated or deleted in the IdP, it’s simultaneously created, updated or deleted in the service provider.


In addition, the IdP can detect identities in the service provider and add them to its database. If there are any incorrect values that could compromise security, it can also pinpoint them and create an alert so that they can be corrected. As a result, end users have correct, current profiles and permissions and can use applications without any interruptions.


The Value of SCIM for Your Organization


The median tenure of workers is declining, according to the Bureau of Labor Statistics. What’s more: The average tenure of workers between the ages of 25 and 34 is only 2.8 years. And with high turnover, internal promotions and lateral moves, IT departments can quickly become overburdened due to the need to create and delete user accounts as well as ensure users have the correct permissions.


With SCIM, identity management becomes a simple, streamlined and automatic process, as identities can be imported from HR databases or created directly in the system.


In addition, a 2018 study by the revealed that the average number of data breaches involving negligence by employees or contractors has increased from 10.5 percent to 13.4 percent since 2016. The average costs of these breaches were $238,281 per incident. If an employee or contractor’s credentials were stolen, it cost organizations an average of $648,845. This type of breach is often caused or exacerbated by the fact that employees use the same password across multiple applications, making it easy for criminals to gain access.


It’s easier for organizations to enforce compliance with their security policies with SCIM. API integration becomes less of a risk, and end users still enjoy immediate, effortless access to applications, so their workflows aren’t interrupted.


Clearly, a robust SCIM system can provide a layer of security to your identity management protocols while at the same time unburdening your IT department. For more information about SCIM and to find out how we can help your organization, please contact us today.


  • The database in which all of your organization’s sensitive identity data is stored.
  • A digital ledger in which digital transactions are recorded chronologically and publicly.
  • Securely managing customer identity and profile data, and controlling customer access to applications and services.
  • The means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.
  • A legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.
  • The policy-based centralized orchestration of user identity management and access control.
  • An authentication infrastructure that is built, hosted and managed by a third-party service provider.
  • A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
  • A global provider of innovative and affordable identity access management solutions. 
  • Managing and auditing account and data access by privileged users.
  • Tools and technologies for controlling user access to critical information within an organization.
  • An authentication process that allows a user to access multiple applications with one set of login credentials.