System for Cross-___domain Identity Management: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 18:35, 15 September 2020 edit Peaceray (talk \| contribs) Autopatrolled, Administrators 105,656 edits →External links: Removed "SCIM Implementations - The initial working group's collaboration site, with a list of SCIM implementations as of February 2012 [clarification needed]" as it was not an external link Tag: Visual edit ← Previous edit		Latest revision as of 21:51, 2 May 2025 edit undo 24.17.228.41 (talk) Updated "Office 365" to "Microsoft 365" to reflect new service name. Tag: Visual edit
(39 intermediate revisions by 29 users not shown)
Line 1: {{short description\|Application Programming Interface for user provisioning}} ~~{{Other uses\|SCIM (disambiguation){{!}}SCIM}}~~ {{Infobox technology standard '''System for Cross-___domain Identity Management (SCIM)''' is a standard for automating the exchange of user identity information between identity domains, or IT systems.▼ \| title = System for Cross-___domain Identity Management \| long_name = \| image = \| image_size = \| alt = \| caption = \| abbreviation = SCIM \| status = Active \| year_started = <!-- {{Start date\|YYYY\|MM\|DD\|df=y}} --> \| first_published = {{Start date\|2011}} \| version = 2.0 \| version_date = {{Start date\|2015\|09}} \| preview = \| preview_date = \| organization = [[Internet Engineering Task Force\|IETF]] \| committee = \| series = \| editors = \| authors = \| base_standards = [[JSON]], [[XML]] \| related_standards = \| predecessor = \| successor = \| ___domain = [[Identity management]] \| license = \| copyright = \| website = {{URL\|https://tools.ietf.org/wg/scim/}} }} ▲'''System for Cross-___domain Identity Management''' ('''SCIM)''') is a standard for automating the exchange of user identity information between identity domains, or IT systems. One ~~[https://techcommunity.microsoft.com/t5/Identity-Standards-Blog/Provisioning-with-SCIM-getting-started/ba-p/880010~~ example] might be that as a company onboards new employees and separates from existing employees, they are added and removed from the company's electronic employee [[Directory service\|directory]]. SCIM could be used to automatically add/delete (or, [[~~Provisioning#User~~account provisioning\|provision]]/de-provision]]) accounts for those users in external systems such as [[GGoogle ~~Suite~~Workspace]], [[~~Office~~Microsoft 365]], or [[Salesforce.com]]. Then, a new user account would exist in the external systems for each new employee, and the user accounts for former employees might no longer exist in those systems. In addition to simple user-record management (creating &and deleting), SCIM can also be used to share information about user attributes, attribute schema, and group membership. Attributes could range from user contact information to group membership. Group membership or other attribute values are generally used to manage user permissions. Attribute values and group assignments can change, adding to the challenge of maintaining the relevant data across multiple identity domains.<ref name="SCIM-19">{{cite book \|author = Internet Engineering Task Force, Network Working Group\|title = System for Cross-Domain Identity Management: Core Schema\|version = Draft 19\|date = May 11, 2015\|url = http://tools.ietf.org/html/draft-ietf-scim-core-schema-19\|accessdate = 2015-05-17}}</ref> The SCIM standard has grown in popularity and importance, as organizations use more [[Software as a service\|SaaS]] tools.<ref name="SCIMming" /><ref name="SailPoint">{{cite press release \| title = Identity Management Companies To Demonstrate Simple Cloud Identity Management (SCIM) Specification at Internet Identity Workshop (IIW) \| publisher = SailPoint \| date = October 18, 2011 \| url = https://www.sailpoint.com/news/identity-management-companies-to-demonstrate-simple-cloud-identity-manageme \| accessdate = May 11, 2015 \| archive-url=https://web.archive.org/web/20160304091205/www.sailpoint.com/news/identity-management-companies-to-demonstrate-simple-cloud-identity-manageme \| archive-date=2016-03-04 \| url-status=dead}}</ref> A large organization can have hundreds or thousands of hosted applications (internal and external) and related servers, databases and file shares that require user provisioning. Without a standard connection method, companies must write custom software connectors to join these systems and their [[Identity management\|Identity Management]] (IdM) system.<ref>{{cite journal \| last = Grizzle \| first = Kelly \| title = SCIM: Provisioning users, killing connectors \| journal = SecureID News \| publisher = SecureID \| date = March 10, 2014 \| url = http://www.secureidnews.com/news-item/scim-provisioning-users-killing-connectors/ \| accessdate = May 17, 2015}}</ref> SCIM uses a standardised [[API]] through [[REST]] with data formatted in [[JSON]] or [[XML]].<ref name="SCIM-19" /> ==History== The first version, SCIM 1.0, was released in 2011 by a SCIM standard working group organized under the Open Web Foundation.<ref name="simplecloud">{{Cite web\|url = ~~http~~https://~~www~~scim.~~simplecloud.info~~cloud/#overview\|title = SCIM Overview\|accessdate = May 17, 2015\|website = ~~SimpleCloud~~scim.~~info~~cloud\| publisher = Simple Cloud Identity Management }}</ref> In 2011, it was transferred to the [[IETF]], and the current standard, SCIM 2.0 was released as [[Request for Comments\|IETF RFC]] in 2015.<ref name=SCIMming>{{cite web \|last= Wilson \|first= Neil \|id= (link: [https://www.unboundid.com/blog/author/neil-wilson neil-wilson]) \|title= SCIMming along... \|publisher= UnboundID blog \|date= June 22, 2011 \|url= https://www.unboundid.com/blog/2011/06/22/scimming-along \|accessdate= May 11, 2015}}</ref><ref>{{cite book \|author= Internet Engineering Task Force, Network Working Group \|title= System for Cross-Domain Identity Management: Core Schema 1.1 \| version= Version 1.1 \|date= August 2, 2012 \|url= https://tools.ietf.org/html/draft-scim-core-schema-01 \|accessdate= 2015-05-11}}</ref> SCIM 2.0 was completed in September 2015 and is published as IETF RFCs 7643<ref>{{Cite ~~web~~journal \|url= http://tools.ietf.org/html/rfc7643 \|title= RFC 7643: System for Cross-___domain Identity Management: Core Schema \|date= September 2015 \|website = ietf.org \|publisher= Internet Engineering Task Force \|last1= Hunt \|first1= Phil \|last2= Grizzle \|first2= Kelly \|last3= Wahlstroem \|first3= Erik \|last4= Mortimore \|first4= Chuck }}</ref> and 7644.<ref>{{Cite ~~web~~journal \|url= http://tools.ietf.org/html/rfc7644 \|title= RFC 7644: System for Cross-___domain Identity Management: Protocol \|date= September 2015 \|website= ietf.org \|publisher= Internet Engineering Task Force \|last1= Hunt \|first1= Phil \|last2= Grizzle \|first2= Kelly \|last3= Ansari \|first3= Morteza \|last4= Wahlstroem \|first4= Erik \|last5= Mortimore \|first5= Chuck }}</ref> A use-case document is also available as RFC 7642.<ref>{{Cite ~~web~~journal \|url= http://tools.ietf.org/html/rfc7642 \|title= RFC 7642: System for Cross-___domain Identity Management: Definitions, Overview, Concepts, and Requirements \|date= September 2015 \|website= ietf.org \|publisher= Internet Engineering Task Force \|last1= Li \|first1= Kepeng \|last2= Hunt \|first2= Phil \|last3= Khasnabish \|first3= Bhumip \|last4= Nadalin \|first4= Anthony \|last5= Zeltsan \|first5= Zachary }}</ref> The standard has been implemented in various [[Identity management\|IdM]] software.<ref>{{Cite web \|url = ~~http~~https://~~www~~scim.~~simplecloud.info~~cloud/#implementations\|title= Known SCIM implementations \|date= \|website= ~~SimpleCloud~~scim.~~info~~cloud \|publisher= Simple Cloud Identity Management }}</ref> The standard was initially called '''''Simple Cloud Identity Management''''' (and is still called this in some places), but the name was officially changed to ''System for Cross-___domain Identity Management (SCIM)'' when the IETF adopted it.<ref>{{cite web \|last= Hunt \|first= Phil \|title= Standards Corner: SCIM and the Shifting Enterprise Identity Center of Gravity \|website= Oracle Fusion Middleware (blog) \|publisher= Oracle \|date= February 27, 2014 \|url = https://blogs.oracle.com/fusionmiddleware/entry/standards_corner_scim_and_the \| accessdate= May 17, 2015 }}</ref> [[Interoperability]] was demonstrated in October, 2011, at the Cloud Identity Summit, an [[Identity management\|IAM]] industry conference. There, user accounts were provisioned and de-provisioned across separate systems using SCIM standards, by a collection of [[Identity management system\|IdM software]] vendors: [[Okta (identity management)\|Okta]], [[CyberArk]], [[Ping Identity]], [[SailPoint]], [[Technology Nexus]] and [[UnboundID]].~~<ref name="SailPoint" />~~ In March 2012, at IETF 83 in Paris, [[~~Interoperability~~interoperability]] tests continued by the same vendors, joined by [[Salesforce.com]], BCPSoft, [[WSO2]], Gluu, and Courion (now [[SecureAuth]]) - nine companies in total.<ref>{{cite web \| title = Logistics and attendee info for the March 2012 SCIM interop event \| website = SCIM, Simple Cloud Identity Management \| date = April 26, 2012 \| url = https://code.google.com/p/scim/wiki/FirstInteropEvent \| accessdate = May 11, 2015}}</ref> SCIM is the second standard for exchanging user data, but it builds on prior standards (e.g. [[Service Provisioning Markup Language\|SPML]], [[Portable Contacts\|PortableContacts]], [[vCard]]s, and [[LDAP Data Interchange Format\|LDAP directory services]]) in an attempt to be a simpler and more widely adopted solution for cloud services providers.<ref name="Ping-SCIM">{{cite web\| title = SCIM: How It Works\| website = PingIdentity.com\| url = https://www.pingidentity.com/en/resources/client-library/articles/scim.html\| format = Article\| accessdate = July 28, 2020}}</ref><ref name="SCIM-19-intro">{{cite book \| author= Internet Engineering Task Force, Network Working Group \| title = System for Cross-Domain Identity Management: Core Schema \| version = ~~Draft 19~~RFC7643 \| date = ~~May 11,~~September 2015 \| section = Section 1, Introduction \| url = ~~http~~https://~~tools~~datatracker.ietf.org/doc/html/~~draft-ietf-scim-core-schema-19~~rfc7643#section-1 \| accessdate = ~~2015~~2023-05-1119}}</ref> The SCIM standard is growing in popularity and has been adopted by numerous identity providers ~~(e.g. [https://docs.microsoft.com/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups Azure Active Directory])~~ as well as applications (e.g. [https://support.dynamicsignal.com/hc/en-us/articles/360030415372-Connect-Dynamic-Signal-to-Azure-Active-Directory-for-User-Provisioning Dynamic Signal], [https://help.zscaler.com/zia/saml-scim-configuration-guide-azure-active-directory Zscaler], and [https://help.dropbox.com/installs-integrations/third-party/update-dropbox-azure-ad-connector Dropbox]). As adoption of the standard grows, so do the number of tools available ~~to you~~. ~~You~~The ~~can~~standard ~~leverage~~leverages a number of [open-source libraries<ref>{{Cite web\|url=https://techcommunity.microsoft.com/t5/identity-standards-blog/provisioning-with-scim-design-build-and-test-your-scim-endpoint/ba-p/1204883\|title ~~open~~= ~~source~~Provisioning ~~libraries]~~with toSCIM ~~jump~~– ~~start~~design, build, and test your SCIM endpoint\|date = 2 March 2020}}</ref> to facilitate development and [testing frameworks<ref>{{Cite web\|url=https://github.com/AzureAD/SCIMReferenceCode/wiki/Test-Your-SCIM-Endpoint\|title ~~testing~~= ~~frameworks]~~Test Your SCIM Endpoint · AzureAD/SCIMReferenceCode toWiki\|website = [[GitHub]]}}</ref> ensure that ~~your~~ endpoint's iscompliance with the SCIM ~~compliant~~standard. ==References== Line 29 ⟶ 58: ==External links== * ~~[http~~{{cite web \|title=SCIM Status Pages \|website=IETF Tools \|url=https://tools.ietf.org/wg/scim/}} ~~Scim~~- ~~Status~~This ~~Pages]~~is ~~- The~~the working group in IETF ~~for~~that ~~defining~~defines the standard. ~~[http://www.simplecloud.info~~ {{cite web \|title=SCIM: System for Cross-___domain Identity Management] \|website=SCIM \|date=2011-08-01 \|url=https://scim.cloud/ \|access-date=2020-09-15}} AThis site is dedicated to the standard, ~~with~~and has explanations and details about how to implement the standard. {{cite web \|last=Unger \|first=Jay \|title=Internet Identity Workshop #13 October ~~18-20~~18–20 in Mountain View \|website=Identity Commons \|date=2011-10-22 \|url=https://www.idcommons.org/internet-identity-workshop-13-october-18-20-in-mountain-view-2/ \|archive-url=https://web.archive.org/web/20111022021121/https://www.idcommons.org/internet-identity-workshop-13-october-18-20-in-mountain-view-2/ \|archive-date=2011-10-22 \|url-status=live}} * {{cite web \|first=Pamela \|last=Dingle \|title=Provisioning with SCIM – getting started \|website=Techcommunity.Microsoft.com \|date=2019-10-03 \|url=https://techcommunity.microsoft.com/t5/identity-standards-blog/provisioning-with-scim-getting-started/ba-p/880010 \|access-date=2020-09-15}} [[Category:Identity management]]