1

I would like to understand why most IdPs only offer the SCIM service together with SSO (especially SAML).

For me, these are two different concepts

  • SSO: loging in
  • SCIM: user provisioning

I'm referring to user provisioning via SCIM via an API, not as part of the SAML payload.

ezdazuzena
  • 6,120
  • 6
  • 41
  • 71

1 Answers1

2

The function of an IDP is to authenticate against a repository not to provision it. So an IDP that only did SCIM would not be an IDP.

Some IDP also offer SCIM as a separate function. This is outside of the authentication e.g. Azure AD, Auth0, Okta.

Some IDP do not offer SCIM e.g. ADFS.

rbrayb
  • 46,440
  • 34
  • 114
  • 174