The System for Cross-domain Identity Management (SCIM) specification is designed to make managing user identities in the WSO2 Identity Server easier. Identity provisioning is a key aspect of any Identity Management Solution. In simple terms, it is to create, maintain and delete user accounts and related identities in one or more systems or applications in response to business processes which are initiated either by humans directly or by automated tasks.
Today the enterprise solutions adopt products and services from multiple cloud providers in order to accomplish various business requirements. Hence it is no longer sufficient to maintain user identities only in corporate LDAP.
In most cases, SaaS providers also need dedicated user accounts created for the cloud service users, which raises the need of proper identity provisioning mechanisms to be in place. Currently, different cloud vendors expose non-standard provisioning APIs which makes it a nightmare for the enterprises to develop and maintain proprietary connectors to integrate with multiple SaaS providers.
For example, Google exposes Google Provisioning API for provisioning user accounts in Google Apps Domain.
When enterprise IT systems consist of distributed, heterogeneous components from multiple vendors and from both in house and from cloud, it is key to have an open standard that all agree upon, in order to achieve interoperability and simplicity while getting rid of multiple connectors to perform the same thing.
System for Cross-domain Identity Management is an emerging open standard which defines a comprehensive REST API along with a platform neutral schema and a SAML binding to facilitate the user management operations across SaaS applications; placing specific emphasis on simplicity and interoperability as well.
The following are various aspects of the SCIM functionality which you can use.
- Implementing SCIM with Charon
- WSO2 Identity Server as a SCIM Service Provider
- Registering SCIM Providers
- Viewing SCIM Provider Configurations
- Updating SCIM Provider Configurations
- Deleting the SCIM Provider
- Identity Provisioning from On-premise to Cloud
- SCIM User Provisioning With IS Having Active Directory User Store
- Identity Synchronization Across Multiple Nodes
- Extensible SCIM User Schemas With WSO2 Identity Server
- OAuth Bearer Token-based Authentication for SCIM Endpoints