SCIM FAQ

What is SCIM used for?

SCIM is used to automate user and group provisioning between identity providers and applications. Instead of manually creating, updating, disabling, or deleting users, an identity provider can call a SCIM API when access changes.

What does SCIM stand for?

SCIM stands for System for Cross-domain Identity Management. The current widely used version is SCIM 2.0, defined by RFC 7643 and RFC 7644.

What is a SCIM test server?

A SCIM test server is a safe API endpoint where developers can send provisioning requests without changing production data. scim.dev provides a hosted SCIM test server and interactive SCIM Playground for learning and debugging.

Which identity providers support SCIM?

Many identity providers support SCIM provisioning, including Microsoft Entra ID, Okta, SailPoint, OneLogin, and Omada. See the application setup guides for provider-specific notes.

Does SCIM support groups?

Yes. SCIM 2.0 defines Group resources and membership operations. You can test group creation and membership updates in the Groups playground.

Is SCIM the same as SSO?

No. SSO protocols such as SAML and OpenID Connect authenticate users. SCIM provisions users and groups so the application has the right accounts and access before or after authentication.

Do I need OAuth for SCIM?

Not always. Many SCIM integrations use bearer tokens. Some deployments use OAuth-based authorization. The important part is that the SCIM endpoint is authenticated, tenant-scoped, and served over HTTPS.

Where can I find SCIM API examples?

Start with the SCIM API examples page. It includes common requests for discovery, users, groups, filtering, PATCH, and bulk operations.