Why SCIM Matters

SCIM has existed for a while, but adoption by various solution providers had been sporadic and inconsistent …that is, until recently. In recent months, SCIM has been on a roll! Finally, this fantastic standards-based approach for syncing user information between applications has begun to emerge, with increasing adoption rates that reveal no signs of slowing down.

What is SCIM?

The System for Cross-domain Identity Management (SCIM) is an open standard that developed from the need for a way to synchronize user information between multiple applications. In this way, SCIM is fantastic for streamlining processes, while also reducing mistakes and data inconsistencies between identity ecosystems.

For example, while onboarding a new employee, it’s common for a new user profile to be created in a central directory such as Active Directory or OneLogin. It’s likely the user needs access to other services like SalesforceG Suite, or Slack. It’s inefficient for administrators to enter user information in those environments when users can be automatically provisioned to them using a standards-based SCIM connector.

SCIM also has security benefits. In many cases, when an employee is terminated or leaves a company, the offboarding process is inconsistent. Administrators may forget to deprovision the user’s account for applications that contain sensitive data. According to the FBI, unprovisioned account access is one of the leading causes of data breaches and insider threat attacks.

This is where SCIM comes in handy. When a user departs from your company, admins can terminate the user in your central directory with the knowledge that the user’s account will also be suspended or deleted in your SCIM-enabled apps.

Who is using it?

Many large SaaS vendors started supporting SCIM a few years ago, and even some enterprise solutions are starting to enable it. Recently we’ve seen a tremendous surge in both the number of vendors supporting SCIM and the number of customers who have happily adopted it.

SCIM adoption by OneLogin customers
Image: SCIM adoption by OneLogin customers

 

When we analyze OneLogin customers, it’s evident that our most widely used SCIM connector is Slack. The top 10 customer-adopted connectors include popular companies like LucidchartFacebook WorkplaceGithubTrelloEnvoy, & Asana.

Over the past few months, we’ve added over a dozen new SCIM connectors including EvernoteLastPass, and Wrike, with many more like ZScalerNetskope, and RingCentral coming soon.

Enabling enterprise scalability

It’s getting to the point where enterprise-level companies are demanding that vendors support SCIM. As their complex web of interconnected apps continues to grow out of control, SCIM provides some relief in assuring that user provisioning is taken care of and ghost user accounts are not floating around all over the place.

Wrike identified the opportunity to strengthen their enterprise scalability story by implementing SCIM after an increasing number of requests from large prospects and customers.

They have an interesting story that starts out implementing SCIM for the enterprise and ends up with them also finding value internally.

For example, Wrike uses OneLogin for storing identity information about their employees and partners. Internally, they also use their own software for project management and collaboration, so it made sense that they would dog-food their own integration to automate user provisioning and deprovisioning between the two systems. This immediately took some load off their IT department and also opened the door for more customization as they realized they could also sync custom attributes. Wrike made use of these attributes for things like granting different privileges in Wrike based on an employees department.

It’s still early days for Wrike and their SCIM journey but indications are it will be a roaring success.

Go SCIM!

We’re excited about the future and adoption of SCIM as another building block in a successful Unified Access Management strategy. It’s a fantastic way to save time and effort by streamlining the onboarding/offboarding of employees, with the additional benefit of improving security and standardized processes.

Review the cloud-based software vendors you use today. If they don’t support SCIM yet, nudge them in that direction.

Interested in learning more? Sign up for our newsletter here!

About the Author

Richard Chetwynd

Rich Chetwynd founded Litmos, the market-leading learning technology company, as well as ThisData, a data security company leading the way in Account Takeover (ATO) attack detection. After ThisData was acquired by OneLogin in Summer 2017, Rich began working with the OneLogin engineering team with a focus on adaptive authentication.

Related Articles