User Provisioning

What is SCIM (user provisioning)?

SCIM (System for Cross-domain Identity Management) is an open standard for automatically syncing user accounts and groups between an identity provider and an application. It lets IT create, update, and deactivate users in your app automatically as changes happen in their directory.

How SCIM works

SCIM defines a standard REST API and user schema. An identity provider such as Okta or Microsoft Entra ID acts as the client, sending create, update, and delete requests to your application's SCIM endpoint whenever an account changes upstream.

Because the schema and endpoints are standardized, one compliant SCIM endpoint works with every compliant IdP. That means you build provisioning once, rather than a custom connector per customer.

Provisioning and deprovisioning

SCIM's biggest security value is deprovisioning. When IT disables an employee in their directory β€” for example, on the employee's last day β€” SCIM propagates that change to your app immediately, closing off access with no manual step and no lingering β€œghost” accounts.

It also automates onboarding: a new hire added to the right group in the directory is automatically granted access to your app with the correct attributes, so users are productive on day one.

Why SCIM matters for B2B sales

Automated provisioning is table stakes on enterprise security reviews. Buyers expect their directory to drive who has access to your product, and the absence of SCIM can stall an otherwise-won deal. Shipping a standards-based SCIM endpoint unblocks upmarket sales and removes ongoing integration work for both sides.

Frequently asked questions

What does SCIM stand for?
SCIM stands for System for Cross-domain Identity Management. It is an open standard (currently SCIM 2.0) for automating the exchange of user identity information between systems.
What is the difference between SSO and SCIM?
SSO handles authentication β€” letting users log in with their corporate identity. SCIM handles provisioning β€” automatically creating, updating, and deactivating the underlying user accounts. Enterprises typically require both.
Which identity providers support SCIM?
Most major identity providers support SCIM 2.0, including Okta, Microsoft Entra ID, Google Workspace, OneLogin, and JumpCloud. A standards-compliant SCIM endpoint works with all of them.

Related terms

Explore Authdog SCIM β†’

Add auth to your app in minutes

Authentication, SSO, MFA, RBAC, SCIM, and multi-tenant identity β€” with developer-first APIs and a console non-devs can use.