Understanding SCIM: the backbone of modern IAM provisioning
Morten Broers
8min read
In modern organisations, Identity & Access Management (IAM) is indispensable. Employees have access to dozens of applications, from Microsoft 365 to Slack and AFAS.
Manually creating, modifying, and deleting accounts is time-consuming and leads to errors.
That's why more organisations are using SCIM provisioning: a standardised method to automatically synchronise identities between systems.
But what is SCIM exactly, and why has it become so crucial in every IAM strategy?
What is SCIM?
SCIM stands for System for Cross-Domain Identity Management.
It's an open standard that defines how user information is automatically exchanged between identity systems (such as Microsoft Entra ID) and applications (such as Slack or Zoom).
In simple terms: SCIM tells an app who someone is and what they are allowed to do, and keeps that automatically up-to-date.
Key features:
Based on REST APIs and JSON data formats
Supports CRUD operations (Create, Read, Update, Delete)
Standardised attributes such as
userName,emails,name,groupsIncludes endpoint definitions such as
/Usersand/Groups
How SCIM provisioning works
SCIM provisioning operates under a pull or push model:
An identity provider (IdP) such as Microsoft Entra ID, Okta or JumpCloud keeps track of which users are active.
A service provider (SP) like Slack or Zoom automatically receives updates via the SCIM endpoint.
When someone joins or leaves, the IdP sends a standardised SCIM payload to the SP.
Why SCIM is important for IAM
Without SCIM, organisations must automate provisioning themselves via APIs or scripts, which is complex, error-prone, and maintenance-intensive. SCIM makes this uniform, secure, and scalable.
Benefits of SCIM provisioning:
Consistency: the same identity in every system
Automation: no more manual management
Security: immediate deactivation upon departure
Compliance: audit trails and traceable source data
With SCIM, organisations can synchronise thousands of users without human intervention.
SCIM and Microsoft Entra ID
Microsoft Entra ID (formerly Azure AD) supports SCIM for the automatic creation and deletion of users in linked SaaS apps (we can connect almost any conceivable system). Through the Entra portal, you can easily set up a “Provisioning URL” and “Bearer Token” for an external application.
Practical example:
Joinly provides a SCIM endpoint
Entra ID automatically connects and sends changes from HR.
Joinly translates this data to the appropriate users and permissions in connected systems.
How Joinly uses SCIM
Joinly uses SCIM as the backbone of its provisioning architecture.
The platform acts as an intermediary between HR systems and Entra ID, allowing HR changes to flow directly to all applications.
HR → Joinly (HR data via API or file)
Joinly → Entra ID (via SCIM provisioning)
Entra ID → Joinly SCIM Gateway → SaaS apps (such as M365, Slack, HubSpot)
This creates a fully automated joiner-mover-leaver flow without manual management.
Future of SCIM
Although SCIM is already widely supported, the standard continues to develop.
New versions will support more contextual data (such as roles and organisational structures).
AI-driven provisioning, like Joinly's Role Mining AI, builds on the same SCIM structure.
Conclusion
SCIM is the silent engine behind modern identity automation.
It ensures that every HR change automatically leads to safe, consistent access across all systems.
Recommended further reading:
In modern organisations, Identity & Access Management (IAM) is indispensable. Employees have access to dozens of applications, from Microsoft 365 to Slack and AFAS.
Manually creating, modifying, and deleting accounts is time-consuming and leads to errors.
That's why more organisations are using SCIM provisioning: a standardised method to automatically synchronise identities between systems.
But what is SCIM exactly, and why has it become so crucial in every IAM strategy?
What is SCIM?
SCIM stands for System for Cross-Domain Identity Management.
It's an open standard that defines how user information is automatically exchanged between identity systems (such as Microsoft Entra ID) and applications (such as Slack or Zoom).
In simple terms: SCIM tells an app who someone is and what they are allowed to do, and keeps that automatically up-to-date.
Key features:
Based on REST APIs and JSON data formats
Supports CRUD operations (Create, Read, Update, Delete)
Standardised attributes such as
userName,emails,name,groupsIncludes endpoint definitions such as
/Usersand/Groups
How SCIM provisioning works
SCIM provisioning operates under a pull or push model:
An identity provider (IdP) such as Microsoft Entra ID, Okta or JumpCloud keeps track of which users are active.
A service provider (SP) like Slack or Zoom automatically receives updates via the SCIM endpoint.
When someone joins or leaves, the IdP sends a standardised SCIM payload to the SP.
Why SCIM is important for IAM
Without SCIM, organisations must automate provisioning themselves via APIs or scripts, which is complex, error-prone, and maintenance-intensive. SCIM makes this uniform, secure, and scalable.
Benefits of SCIM provisioning:
Consistency: the same identity in every system
Automation: no more manual management
Security: immediate deactivation upon departure
Compliance: audit trails and traceable source data
With SCIM, organisations can synchronise thousands of users without human intervention.
SCIM and Microsoft Entra ID
Microsoft Entra ID (formerly Azure AD) supports SCIM for the automatic creation and deletion of users in linked SaaS apps (we can connect almost any conceivable system). Through the Entra portal, you can easily set up a “Provisioning URL” and “Bearer Token” for an external application.
Practical example:
Joinly provides a SCIM endpoint
Entra ID automatically connects and sends changes from HR.
Joinly translates this data to the appropriate users and permissions in connected systems.
How Joinly uses SCIM
Joinly uses SCIM as the backbone of its provisioning architecture.
The platform acts as an intermediary between HR systems and Entra ID, allowing HR changes to flow directly to all applications.
HR → Joinly (HR data via API or file)
Joinly → Entra ID (via SCIM provisioning)
Entra ID → Joinly SCIM Gateway → SaaS apps (such as M365, Slack, HubSpot)
This creates a fully automated joiner-mover-leaver flow without manual management.
Future of SCIM
Although SCIM is already widely supported, the standard continues to develop.
New versions will support more contextual data (such as roles and organisational structures).
AI-driven provisioning, like Joinly's Role Mining AI, builds on the same SCIM structure.
Conclusion
SCIM is the silent engine behind modern identity automation.
It ensures that every HR change automatically leads to safe, consistent access across all systems.
Recommended further reading:
Explore more blogs
Browsing is free
Schedule a no-obligation demo
In 30 minutes, we would love to show you how Joinly adds value for the entire organization.

Browsing is free
Schedule a no-obligation demo
In 30 minutes, we would love to show you how Joinly adds value for the entire organization.

Browsing is free
Schedule a no-obligation demo
In 30 minutes, we would love to show you how Joinly adds value for the entire organization.

