What a developer needs to know about SCIM

Summary

Why SCIM exists Imagine you’re running a relatively large company, one with a few thousand employees. All of those employees use at least some software to do their jobs. It’s probably safe to assume that you’re dealing with hundreds of different SaaS applications across the company. You’ll have an app for approving expenses, an app for managing salespeople’s compensation, an app for piping data into your data warehouse, and much more. There’s an awfully long list of stuff. Every employee needs access to some subset of apps. They need to do their jobs, after all. But you can’t give everyone access to everything. That’d cause all kinds of security, compliance, and practical problems. You need a way to assign different permissions to different people. To handle access and permissions all in one centralized place, companies tend to use IT management software like Entra, Okta, or OneLogin (among many others); people tend to describe these tools as identity providers. An identity provider (IDP) behaves a bit like a database. It maintains a list of employees along with a bunch of information about each person. Similarly, it maintains a list of different software applications. It keeps track of the mappings between people and applications. It’s very easy for the IT team to modify and create relationships between records. Simply having a list of users and their access privileges in a database doesn’t help anyone much, though. The identity provider also needs to communicate information about users with other software. The identity provider basically needs to communicate three kinds of changes to other software: The addition of new users (e.g. new hires) The change of any existing user’s attributes (e.g. name, job title, etc.) The removal of any existing users (e.g. departing employees) Identity providers typically rely on a standard called SCIM (the System for Cross-domain Identity Management) for these three communication tasks. They use SCIM to make every integration with o...