Overview
We have heard about the phrase “a case of mistaken identity” which actually implies a person was mistakenly identified as someone else and was given authority to do some important information. In context of IT environment, a case of mistaken identity can be fatal and might lead to losing billions and reputation of a company. With the new trend of migrating your environment to cloud, identity management has become crucial. The need of the hour is to if not fully, partially automate the processes to keep the company IPs secured.
System for Cross-domain Identity Management (SCIM) is an open standard that allows for the automation of user provisioning and de provisioning. SCIM is becoming critical component addressing identity management on the cloud. This can make user provisioning in cloud based applications easier and cheaper. SCIM is based on REST and JSON protocols. SCIM supports CRUD (Create, Read, Update and Delete) which are core requirement of Identity Management.
Enterprise’s Challenges for cloud user account provisioning
Providing access to SaaS applications is not easy due to numerous SaaS applications. Traditionally, IAM manages user life cycle using connector that resides in IAM and connect to any systems or applications. It is impossible to have IAM connector for each SaaS application for user provisioning. Additionally, its expensive developing or buying a connector for every application that your enterprise wants to use.
How to address this challenge?
Though the problem is becoming prevalent the solution is a simple one. The solution is a consistent way to provision and de-provision identities in different systems or applications. Eventually costs of integrating new applications with IAM will go down drastically and can be achieved using open standard SCIM. SCIM can reduce complexity of user provisioning and de-provisioning in SaaS applications and eliminating need of different connector for different applications.
SCIM for IDAAS
Identity and access management as a service (IDaaS) has been gaining a lot of interest for last few years. As per Gartner, by 2020, 40% of identity and access management (IAM) purchases will use the identity and access management as a service (IDaaS) delivery model. All market leading IDaaS vendors has rich capabilities on user authentication, single sign-on (SSO) and authorization enforcement. Wide adoption of Open standards like SAML, OpenID Connect for authentication and OAUTH for authorization helps IDAAS vendors to integrate with thousands of SaaS applications for authentication, authorization and single sign on. IDAAS vendors have numerous connectors for single sign on, but in case of user provisioning and de-provisioning, it’s still lags far behind. One of the reason for this is non availability of open standard for user provisioning and de-provisioning. Wide adoption of SCIM can address this challenge. It is clear that SCIM will play major role in IAM and IDAAS space.
Benefits of SCIM
The implementation of SCIM bring the following benefits:
- Standardized API makes external integration easy
- Applications that support SCIM can be integrated immediately. No custom connector required.
- Any product upgrade in IAM or end systems/applications doesn’t impact SCIM integration.
- Easy to develop using open source libraries. Develop once and reuse.
- SCIM can be integrated with non-SCIM supported systems.
- Modern API Framework using REST and JSON, which is relatively low complex
Need for SCIM
As a security team member, you will agree that SCIM is the only standard for provisioning currently. The other standard used for provisioning earlier was SPML (Service Provisioning Markup Language), but due to complexity of SPML, adoption was very less, which makes SCIM the only and preferred standard available for user provisioning. Enterprises are looking for simple and standardized way of managing identities in SaaS applications. This growing need enforce SaaS vendors and IAM vendors to make use of SCIM. Major IAM, IDAAS and SaaS vendors support SCIM standard. Though SCIM had a slow early adoption, but with big implementations and support from large IAM vendors SCIM adoption is growing by leaps and bounds.
Jageesh is a former Happiest Mind and this content was created and published during his tenure.
