SCIM Connector

What is SCIM

System for Cross-domain Identity Management (SCIM) is a protocol that enables automated and secure user account management across different computer systems and applications.

Managing user accounts can be time-consuming and error-prone in organizations with many systems and applications. SCIM streamlines this process by allowing an Identity Provider (IDP) to automatically provision user accounts and associated access rights on target systems or applications.

When a user account is created, modified, or deleted in the IDP, SCIM can automatically update that information in other systems or applications that rely on it for access control or other purposes. This ensures that access to critical systems and applications is consistently managed and reduces the risk of unauthorized access or data breaches.

For example, suppose a new employee joins a company, and their account is created in the IDP. In that case, SCIM can automatically provision that information to other systems and applications the employee needs access to, such as email, file sharing, access to order management systems like Fluent Commerce and project management tools. Similarly, suppose an employee leaves the company, and their account is deactivated in the IDP. In that case, SCIM can automatically revoke access to other systems and applications, reducing the risk of data breaches or other security incidents.

Overall, SCIM simplifies user account management across different computer systems and applications, making it easier for organizations to maintain strong security practices and ensure compliance with relevant regulations.

What is Provisioning

In the context of Identity Provider (IDP) and System for Cross-domain Identity Management (SCIM) protocol, provisioning refers to creating, modifying, or deleting user accounts and associated access rights on target systems or applications.

When a user account is created or updated in the IDP, the SCIM protocol can automatically provision that information to other systems or applications that rely on that information for access control or other purposes. This allows for centralized management of user accounts and access rights across multiple systems, reducing the administrative burden and improving security.

For example, suppose a new employee joins a company, and their account is created in the IDP. In that case, provisioning can ensure that their account is also created in other systems and applications that they need access to, such as email, file sharing, and project management tools. Conversely, suppose an employee leaves the company and their account is deactivated in the IDP. In that case, provisioning can ensure that their access to other systems and applications is also revoked, helping to prevent unauthorized access to sensitive data.