What is SCIM?
System for Cross-Domain Identity Management (SCIM) is an open standard (RFC 7643 & 7644) for automating identity provisioning between systems.
Goal: Automatically create, update, and deactivate user accounts across platforms (e.g., HR → Entra → SaaS).
SCIM Components
| Component | Description |
|---|---|
| HCM System | HR or Human Capital Management software (e.g., Workday, SAP SuccessFactors). |
| Microsoft Entra Provisioning Service | Uses SCIM 2.0 protocol to synchronize users/groups to target systems. |
| Microsoft Entra ID | Identity repository — central user store. |
| Target System | App with a SCIM endpoint (e.g., ServiceNow, Salesforce). |
Why Use SCIM
Example: When a new hire is added to Workday, SCIM automatically creates the user in Entra ID and assigns licenses. When HR terminates the employee, SCIM removes access from all connected apps instantly.
Security and Exam Notes
✅ Module 2 Summary: Create, Configure, and Manage Identities
| Area | Key Concepts |
|---|---|
| Users | Cloud, synced, and guest accounts. Managed via Entra admin center or PowerShell. |
| Groups | Simplify access and licensing; supports dynamic rules. |
| Devices | Entra registered (BYOD), joined (cloud), and hybrid joined (on-prem + cloud). |
| Licenses | Group-based licensing automates provisioning; track error states and usage location. |
| Custom Attributes | Extend directory schema for business-specific classification and access control. |
| SCIM Automation | Automates user provisioning between HR, Entra, and SaaS apps. |
Real-World Summary: Contoso implements full identity lifecycle automation: