Understanding SCIM: the backbone of modern IAM provisioning

Morten Broers

8min read

In modern organisations, Identity & Access Management (IAM) is indispensable. Employees have access to dozens of applications, from Microsoft 365 to Slack and AFAS.
Manually creating, modifying, and deleting accounts is time-consuming and leads to errors.

That's why more organisations are using SCIM provisioning: a standardised method to automatically synchronise identities between systems.
But what is SCIM exactly, and why has it become so crucial in every IAM strategy?

What is SCIM?

SCIM stands for System for Cross-Domain Identity Management.
It's an open standard that defines how user information is automatically exchanged between identity systems (such as Microsoft Entra ID) and applications (such as Slack or Zoom).

In simple terms: SCIM tells an app who someone is and what they are allowed to do, and keeps that automatically up-to-date.

Key features:

  • Based on REST APIs and JSON data formats

  • Supports CRUD operations (Create, Read, Update, Delete)

  • Standardised attributes such as userName, emails, name, groups

  • Includes endpoint definitions such as /Users and /Groups

How SCIM provisioning works

SCIM provisioning operates under a pull or push model:

  1. An identity provider (IdP) such as Microsoft Entra ID, Okta or JumpCloud keeps track of which users are active.

  2. A service provider (SP) like Slack or Zoom automatically receives updates via the SCIM endpoint.

  3. When someone joins or leaves, the IdP sends a standardised SCIM payload to the SP.

Why SCIM is important for IAM

Without SCIM, organisations must automate provisioning themselves via APIs or scripts, which is complex, error-prone, and maintenance-intensive. SCIM makes this uniform, secure, and scalable.

Benefits of SCIM provisioning:

  • Consistency: the same identity in every system

  • Automation: no more manual management

  • Security: immediate deactivation upon departure

  • Compliance: audit trails and traceable source data

With SCIM, organisations can synchronise thousands of users without human intervention.

SCIM and Microsoft Entra ID

Microsoft Entra ID (formerly Azure AD) supports SCIM for the automatic creation and deletion of users in linked SaaS apps (we can connect almost any conceivable system). Through the Entra portal, you can easily set up a “Provisioning URL” and “Bearer Token” for an external application.

Practical example:

  • Joinly provides a SCIM endpoint

  • Entra ID automatically connects and sends changes from HR.

  • Joinly translates this data to the appropriate users and permissions in connected systems.

How Joinly uses SCIM

Joinly uses SCIM as the backbone of its provisioning architecture.
The platform acts as an intermediary between HR systems and Entra ID, allowing HR changes to flow directly to all applications.

  • HR → Joinly (HR data via API or file)

  • Joinly → Entra ID (via SCIM provisioning)

  • Entra ID → Joinly SCIM Gateway → SaaS apps (such as M365, Slack, HubSpot)

This creates a fully automated joiner-mover-leaver flow without manual management.

Future of SCIM

Although SCIM is already widely supported, the standard continues to develop.
New versions will support more contextual data (such as roles and organisational structures).
AI-driven provisioning, like Joinly's Role Mining AI, builds on the same SCIM structure.

Conclusion

SCIM is the silent engine behind modern identity automation.
It ensures that every HR change automatically leads to safe, consistent access across all systems.

Recommended further reading:

In modern organisations, Identity & Access Management (IAM) is indispensable. Employees have access to dozens of applications, from Microsoft 365 to Slack and AFAS.
Manually creating, modifying, and deleting accounts is time-consuming and leads to errors.

That's why more organisations are using SCIM provisioning: a standardised method to automatically synchronise identities between systems.
But what is SCIM exactly, and why has it become so crucial in every IAM strategy?

What is SCIM?

SCIM stands for System for Cross-Domain Identity Management.
It's an open standard that defines how user information is automatically exchanged between identity systems (such as Microsoft Entra ID) and applications (such as Slack or Zoom).

In simple terms: SCIM tells an app who someone is and what they are allowed to do, and keeps that automatically up-to-date.

Key features:

  • Based on REST APIs and JSON data formats

  • Supports CRUD operations (Create, Read, Update, Delete)

  • Standardised attributes such as userName, emails, name, groups

  • Includes endpoint definitions such as /Users and /Groups

How SCIM provisioning works

SCIM provisioning operates under a pull or push model:

  1. An identity provider (IdP) such as Microsoft Entra ID, Okta or JumpCloud keeps track of which users are active.

  2. A service provider (SP) like Slack or Zoom automatically receives updates via the SCIM endpoint.

  3. When someone joins or leaves, the IdP sends a standardised SCIM payload to the SP.

Why SCIM is important for IAM

Without SCIM, organisations must automate provisioning themselves via APIs or scripts, which is complex, error-prone, and maintenance-intensive. SCIM makes this uniform, secure, and scalable.

Benefits of SCIM provisioning:

  • Consistency: the same identity in every system

  • Automation: no more manual management

  • Security: immediate deactivation upon departure

  • Compliance: audit trails and traceable source data

With SCIM, organisations can synchronise thousands of users without human intervention.

SCIM and Microsoft Entra ID

Microsoft Entra ID (formerly Azure AD) supports SCIM for the automatic creation and deletion of users in linked SaaS apps (we can connect almost any conceivable system). Through the Entra portal, you can easily set up a “Provisioning URL” and “Bearer Token” for an external application.

Practical example:

  • Joinly provides a SCIM endpoint

  • Entra ID automatically connects and sends changes from HR.

  • Joinly translates this data to the appropriate users and permissions in connected systems.

How Joinly uses SCIM

Joinly uses SCIM as the backbone of its provisioning architecture.
The platform acts as an intermediary between HR systems and Entra ID, allowing HR changes to flow directly to all applications.

  • HR → Joinly (HR data via API or file)

  • Joinly → Entra ID (via SCIM provisioning)

  • Entra ID → Joinly SCIM Gateway → SaaS apps (such as M365, Slack, HubSpot)

This creates a fully automated joiner-mover-leaver flow without manual management.

Future of SCIM

Although SCIM is already widely supported, the standard continues to develop.
New versions will support more contextual data (such as roles and organisational structures).
AI-driven provisioning, like Joinly's Role Mining AI, builds on the same SCIM structure.

Conclusion

SCIM is the silent engine behind modern identity automation.
It ensures that every HR change automatically leads to safe, consistent access across all systems.

Recommended further reading:

Explore more blogs

Insights Image

Authentication vs Authorisation

Insights Image

Authentication vs Authorisation

Insights Image

Authentication vs Authorisation

Insights Image

What is Multi-Factor Authentication (MFA)?

Insights Image

What is Multi-Factor Authentication (MFA)?

Insights Image

What is Multi-Factor Authentication (MFA)?

Insights Image

What is Single Sign-on (SSO)?

Insights Image

What is Single Sign-on (SSO)?

Insights Image

What is Single Sign-on (SSO)?

Browsing is free

Schedule a no-obligation demo

In 30 minutes, we would love to show you how Joinly adds value for the entire organization.

Schedule a demo

Browsing is free

Schedule a no-obligation demo

In 30 minutes, we would love to show you how Joinly adds value for the entire organization.

Schedule a demo

Browsing is free

Schedule a no-obligation demo

In 30 minutes, we would love to show you how Joinly adds value for the entire organization.

Schedule a demo