![\"\"](\"https:\/\/www.securekloud.com\/blog\/wp-content\/uploads\/2021\/04\/SCIM.png\")
<\/p>\nSimple Cloud Identity Management (SCIM) Protocol is a standard-based provisioning and de-provisioning user identity to the cloud-based SaaS applications. SCIM\u2019s pragmatic approach it is designed quick and easy to move the user identity across the cloud applications. It\u2019s mainly intent is to reduce the cost and complexity of user management operations by providing a common user schema and extension model, as well as binding documents to provide patterns for exchanging this schema using standard protocols.<\/p>\n
SCIM is built on a model where a resource is the common denominator and all SCIM objects are derived from it. SCIM has three objects that directly derives from the Resource object. The ServiceProviderConfiguration and Schema are used to discover the service provider configuration. The Core Resource object specifies the endpoint resources User, Group and Organization.<\/p>\n
The SCIM protocol exchange the user identities between two applications over HTTP protocol using REST (Representational State Transfer) protocol. SCIM protocol exposes a common user schema and resource object expressed JSON format and XML format. SCIM requests are made via HTTP requests with different HTTP methods and responses are returned in the body of the HTTP response, formatted as JSON or XML depending on the request.<\/p>\n
Following are the SCIM Endpoint services for standard-based user identity provisioning and de-provisioning across cloud-based applications.<\/p>\n
# SCIM provides two end point to discover supported features and specific attribute details.<\/p>\n
\u2022 GET \/ServiceProviderConfigs \u2013 This endpoint specify the service provider<\/p>\n
specification and compliance, authentication schemes and data models.<\/p>\n
\u2022 GET \/Schemas \u2013 This endpoint specify the service provider\u2019s resources and attribute extensions.<\/p>\n
# SCIM Provides a REST API with simple set of HTTP\/HTTPS (For CRUD) operations.<\/p>\n
\u2022 POST \u2013 https:\/\/endpoint.com\/{v}\/{resource} \u2013 Create a new resource or Bulk resource.<\/p>\n
\u2022 GET \u2013 https:\/\/endpoint.com\/{v}\/{resource}\/{id} \u2013 Retrieves a particular resource.<\/p>\n
\u2022 GET \u2013 https:\/\/endpoint.com\/{v}\/{resource}?\ufb01lter={attribute}{op}{value}&<\/p>\n
sortBy={attributeName}&sortOrder={ascending|descending} \u2013 Retrieves a resource with filter parameters.<\/p>\n
\u2022 PUT \u2013 https:\/\/endpoint.com\/{v}\/{resource}\/{id} \u2013 Modifies a resource with a<\/p>\n
complete, consumer specified resource (Replace the full resource).<\/p>\n
\u2022 PATCH \u2013 https:\/\/endpoint.com\/{v}\/{resource}\/{id} \u2013 Modifies a resource with a set of<\/p>\n
consumer specified changes (Update particular resource).<\/p>\n
\u2022 DELETE \u2013 https:\/\/endpoint.com\/{v}\/{resource}\/{id} \u2013 Deletes a resource. (Delete particular resource)<\/p>\n
How SCIM protocol to provision the user identities into the Cloud (SaaS) application.<\/p>\n
<\/p>\n
The SCIM protocol does not define a scheme for authentication and authorization therefore Service Provider are free to choose mechanisms appropriate to their use cases. Most of the SaaS applications (Service provider) provide OAuth2.0 security protocol for authentication and authorization, some of the SaaS application provide their own authentication mechanism. However now days most of the IDM vendors (CA, SailPoint, PingIdentity.) support SCIM protocol.<\/p>\n