Is your organization expanding and adding a growing number of employees to your staff? Or do you see frequent movement in personnel roles, with individuals being promoted or moved to other departments?
If you’ve answered, “Yes!” to either of these questions, SCIM can offer your organization a streamlined, secure way of user provisioning.
SCIM Definition and History
Originally called “simple cloud identity management,” system for cross-domain identity management — or SCIM — is an open standard that enables organizations to automate the interchange of user identity data between IT systems or identity domains.
In 2011, when it became clear that cloud computing was going to grow in importance, the Open Web Foundation released SCIM 1.0. That same year, the standard was transferred to the Internet Engineering Taskforce — or IETF. In 2015, SCIM 2.0 was published as a request for comments — or RFC — publication.
Several tech giants, including Cisco, Google and Salesforce, were the driving forces behind the creation of SCIM, which is founded on earlier standards such as LDAP directory services as well as SPML, vCards and PortableContacts. They intended SCIM to be a less complex solution that would be more readily adopted by cloud services providers.
At the 2011 Cloud Identity Summit, various software vendors demonstrated the interoperability of SCIM. They used the standard to provision and deprovision user accounts across multiple systems. Since then, a growing number of organizations have started to use it to streamline user provisioning between SaaS applications.
How SCIM Works
Based on JSON and REST, SCIM defines two roles — a client and a server. The client is the identity provider — or IdP. It comprises an exhaustive database of user identities along with additional information, such as permissions. The service provider is any SaaS application — such as Bootcamp or Dropbox — that needs a certain amount of information from the identities in the database.
With SCIM, provisioning becomes simple, as any changes that are made to the IdP database are automatically synced in the service provider. If an account is created, updated or deleted in the IdP, it’s simultaneously created, updated or deleted in the service provider.
In addition, the IdP can detect identities in the service provider and add them to its database. If there are any incorrect values that could compromise security, it can also pinpoint them and create an alert so that they can be corrected. As a result, end users have correct, current profiles and permissions and can use applications without any interruptions.
The Value of SCIM for Your Organization
The median tenure of workers is declining, according to the Bureau of Labor Statistics. What’s more: The average tenure of workers between the ages of 25 and 34 is only 2.8 years. And with high turnover, internal promotions and lateral moves, IT departments can quickly become overburdened due to the need to create and delete user accounts as well as ensure users have the correct permissions.
With SCIM, identity management becomes a simple, streamlined and automatic process, as identities can be imported from HR databases or created directly in the system.
It’s easier for organizations to enforce compliance with their security policies with SCIM. API integration becomes less of a risk, and end users still enjoy immediate, effortless access to applications, so their workflows aren’t interrupted.
Clearly, a robust SCIM system can provide a layer of security to your identity management protocols while at the same time unburdening your IT department. For more information about SCIM and to find out how we can help your organization, please contact us today.