SCIM

Definition

SCIM (System for Cross-domain Identity Management) is a protocol for automating user provisioning across applications. When employees join, change roles, or leave, SCIM automatically creates, updates, or removes their accounts in connected tools.

How SCIM Works

Change occurs in identity provider (new hire, role change, termination)
IdP sends SCIM request to connected applications
Applications create, update, or delete user accounts
Changes propagate automatically without manual intervention

SCIM Operations

Operation	What It Does
Create	Add new user account
Read	Retrieve user information
Update	Modify user attributes or roles
Delete	Remove user account
Deactivate	Disable without deleting

Why SCIM Matters

Security

Automatic deprovisioning when employees leave
No forgotten accounts in old tools
Reduced risk of unauthorized access

Efficiency

No manual account creation
Consistent user data across tools
Faster onboarding

Compliance

Audit trail of provisioning actions
Consistent access controls
Easier access reviews

SCIM vs SSO

Aspect	SCIM	SSO
Purpose	User lifecycle management	Authentication
Action	Create/update/delete accounts	Verify identity
When used	Account changes	Login time

Most enterprises use both together.

Frequently Asked Questions

Does every tool support SCIM?

No. SCIM support is typically an enterprise feature. Smaller tools may not support it at all. Check vendor documentation or ask sales about SCIM support.

Can I use SCIM without SSO?

Technically yes, but they work best together. SCIM provisions accounts; SSO authenticates users. Without SSO, users still need separate passwords for each tool.

What identity providers support SCIM?

Major IdPs including Okta, Azure AD, Google Workspace, and OneLogin support SCIM. The IdP acts as the source of truth, pushing changes to connected applications.