System Cross-domain Identity Management

(SCIM)

What is SCIM?

SCIM is an open standard protocol that facilitates the exchange of identity information between entities. It is widely used to simplify the process of granting access to cloud-based applications.

  • System—SCIM common format is established for exchanging identity data
  • Cross-domain—SCIM securely communicates identity data across different platforms
  • Identity Management—SCIM Information flow between IAM and cloud apps is automated.

Provisioning can be a lengthy and arduous process for IT admins, especially if you have a small workforce, where resources are necessary for what could be considered more important tas. SCIM was designed to simplify the process for IT admins to provision users.

SCIM and Jellyfish

There is a standard that is commonly used in RFC7643 and RFC7644. This standard enables any SCIM client application to provision users into the Jellyfish system. We have a native SCIM integration with Azure AD (which may now be called Entra ID) in the form of a Gallery application. This application makes the configuration of the integration extremely easy and straightforward. An administrator can configure the setup in roughly 10 minutes. By setting up SCIM provisioning, onboarding and offboarding of users become simpler. When a user is added to Entra ID, it propagates to Jellyfish, and when a user is offboarded, deactivation events also propagate to Jellyfish. This reduces the risk that offboarded users will have any access remaining due to a missed or forgotten account deactivation.

Key Features of SCIM

  1. Interoperability: SCIM enables interoperability between identity management systems, allowing for seamless integration and communication across diverse platforms.
  2. Automation: SCIM automates user provisioning and deprovisioning processes, reducing manual intervention and streamlining identity management workflows.
  3. Standardisation: As an open standard protocol, SCIM promotes consistency and standardisation in identity management practices, facilitating easier adoption and implementation.
  4. Cloud Compatibility: SCIM is well-suited for cloud-based environments, where organisations often manage identities across multiple applications and services hosted on various platforms.
  5. Security: SCIM includes security features such as authentication and authorisation mechanisms to ensure secure identity management operations

Benefits

Efficiency Automating identity management tasks with SCIM saves time and resources, allowing organizations to focus on strategic initiatives.

Accuracy

By reducing manual errors and inconsistencies, SCIM helps maintain accurate user identity data across systems.

Scalability 

SCIM scales effectively to accommodate growing numbers of users and applications within an organisation.

Enhanced Security 

SCIM’s security features contribute to robust identity management practices, reducing the risk of unauthorized access and data breaches.

Cost-Effectiveness

The automation and standardisation offered by SCIM can lead to cost savings by optimising resource utilization and minimising administrative overhead.

Use Cases

Enterprise Identity Management: SCIM enables organizations to centrally manage user identities across various enterprise applications and services, including email, collaboration tools, and CRM systems.

Cloud Service Providers: Cloud service providers utilize SCIM to facilitate seamless user provisioning and management for their customers, improving the overall user experience.

Federated Identity Systems:  SCIM supports federated identity management scenarios, allowing organizations to manage identities across trusted domains or partners.

Compliance and Governance: SCIM assists organizations in meeting regulatory compliance requirements by providing standardized identity management processes and audit trails.

Adoption and Standards

– SCIM is widely adopted across industries and is supported by major identity management vendors, cloud service providers, and software applications.

– The protocol is standardised by the Internet Engineering Task Force (IETF), ensuring its compatibility and interoperability across different implementations.