System for Cross-domain Identity Management (SCIM)
PingFederate supports the SCIM 1.1 protocol for outbound provisioning and the SCIM 1.1 and SCIM 2.0 protocols for inbound provisioning.
At an identity provider (IdP) outbound site, you have the option to provision and maintain user accounts automatically at service provider (SP) sites that have implemented SCIM. When you have PingFederate configured as an SP inbound site, you can automatically provision and manage user accounts and groups for your own organization using the standard SCIM protocol. You can find a brief summary of the supported features in the following tables.
SCIM 1.1
| Feature | Outbound provisioning | Inbound provisioning |
|---|---|---|
Data format |
JSON |
JSON |
User and group create, read, update, and delete (CRUD) operations |
Yes |
Yes |
Custom schema support |
Yes |
Yes |
List/query and filtering support |
Not applicable |
Yes |
PATCH |
Yes |
No |
Authentication method |
HTTP Basic and OAuth Resource Owner Password Credentials grant type |
HTTP Basic and client certificate (mutual TLS) |
Source data stores |
PingDirectory, Microsoft Active Directory, and Oracle Unified Directory |
Not applicable |
Target data stores |
Not applicable |
Active Directory and other data stores via the Identity Store Provisioner Java SDK interface |
SCIM 2.0
| Feature | Inbound provisioning |
|---|---|
Data format |
JSON |
User and group create, read, update, and delete (CRUD) operations |
Only user support |
Custom schema support |
Yes |
List/query and filtering support |
Yes |
PATCH |
Yes |
Authentication method |
HTTP Basic and client certificate (mutual TLS) |
Target data stores |
Active Directory and other data stores using the |
You can find detailed information about SCIM at www.simplecloud.info.