Doppler Logo

Glossary

System for Cross-domain Identity Management (SCIM)

SCIM stands for System for Cross-domain Identity Management. ‘System’ here refers to a standardized format for the exchange of identity information. ‘Cross-domain’ references an issue with early solutions to Single Sign-On services which relied on cookies and were single domain only as a result. ‘Identity Management’ is the true subject of SCIM - and refers to how SCIM facilitates information exchange between an identity provider (IdP) or identity and access management (IAM) system and cloud-based applications.

SCIM was created to facilitate IT admins governing permissions and access to cloud-based applications in employee accounts. SCIM enables automation of the creation, maintenance, and updating processes for these accounts. Without a standardized framework, provisioning must be done individually and manually, which is a tedious, lengthy process that introduces additional security risks.

As teams grow, pivot projects, and experience employee turnover, the number of user accounts increases, as does the number of associated permissions and required IT actions. Requests to create new users, offboard old ones and add or remove permissions from current accounts all take up IT resources that could otherwise be spent elsewhere.

With a standardized protocol like SCIM, user data is stored in a consistent and predictable format and can be communicated across different apps easily. This enables IT departments to automate the provisioning and de-provisioning process while managing user permissions through a single system. Through the use of an automatic transfer process, the risk of human error is minimized.

SCIM uses JavaScript Open Notation (JSON), an open-standard file and data exchange format, to support seamless interoperability across domains. Without an open standard, the necessary format of information transfer between different web services and cloud-based applications might differ ever-so-slightly, requiring a unique and manual solution for each integrated service. Manual IT control is simply not a solution that scales.

Back to glossary
Share
Enjoying this content? Stay up to date and get our latest glossarys, guides, and tutorials.

Related Content

Explore More
Common questions for enterprise secrets management
Security
Common questions for enterprise secrets managementDoppler empowers enterprises to focus on innovation and development rather than struggling with credential management.
Read More
Improving SOC criteria with Doppler
Security
Improving SOC criteria with DopplerFeatures like User Groups, Logging, and Automated Rotation help development teams meet SOC 2 compliance requirements and strengthen security practices.
Read More
Securely sharing secrets across distributed teams
Security
Securely sharing secrets across distributed teamsLearn how to securely share secrets like API keys and credentials across distributed teams while avoiding common security pitfalls
Read More

Enter the new era of secrets management

Trusted by the world’s best DevOps and security teams. Doppler is the secrets manager developers love.

Start for FreeGet Demo