Start with Identity
Subscribe
← Guides
Fundamentals · Beginner

What Is SCIM? Automated User Provisioning Explained

By SWI Community Team · Updated 2026-06-13 · 6 min

SCIM (System for Cross-domain Identity Management) is the open standard for automatically provisioning and deprovisioning user accounts across applications. When HR adds an employee or an admin assigns an app, SCIM pushes that change so accounts are created, updated, and, critically, removed without manual work.

Why it matters

Manual account management is slow and leaky. The biggest risk is deprovisioning: accounts that linger after someone leaves become orphaned accounts and attacker targets. SCIM closes that gap by automating the joiner-mover-leaver lifecycle.

How it works

SCIM defines a standard schema for users and groups (RFC 7643) and a REST protocol to manage them (RFC 7644). An identity provider acts as the client and pushes changes to applications that expose a SCIM endpoint.

What to check

  • Does the app support SCIM 2.0, and which attributes and groups?
  • Is deprovisioning real-time or batch?
  • For B2B SaaS, do you offer SCIM to your enterprise customers? It is often a deal requirement.

Where to start

Read the SCIM provisioning implementation guide and browse IGA platforms and workforce IAM.