Cloud Security
Published in

Cloud Security

SCIM (System for Cross-domain Identity Management)

ACM.150 Automated management of identities across systems

RFC 7642- System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements

  • Triggers: activities that start SCIM flows.
  • Actors: The parties involved in transferring identity information.
  • Modes: Push or pull identity information.
  • Flows: Different scenarios when identity information will be pushed or pulled between actors (e.g. creating, updating, or deleting an identity or changing a password).
  • Scenarios when SCIM might be used such as migrating between systems or syncing identities for the purpose of SSO.

RFC 7643 — System for Cross-domain Identity Management: Core Schema

"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "2819c223-7f76-453a-919d-413861904646",
"userName": "",
"meta": {
"resourceType": "User",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W\/\"3694e05e9dff590\"",

RFC 7644 — System for Cross-domain Identity Management: Protocol

Resource Endpoint            [HTTP] Operations      Description
-------- ---------------- ---------------------- --------------------
User /Users GET (Section 3.4.1), Retrieve, add,
POST (Section 3.3), modify Users.
PUT (Section 3.5.1),
PATCH (Section 3.5.2),
DELETE (Section 3.6)

Group /Groups GET (Section 3.4.1), Retrieve, add,
POST (Section 3.3), modify Groups.
PUT (Section 3.5.1),
PATCH (Section 3.5.2),
DELETE (Section 3.6)

Self /Me GET, POST, PUT, PATCH, Alias for operations
DELETE (Section 3.11) against a resource
mapped to an
subject (e.g.,

Service /ServiceProvider GET (Section 4) Retrieve service
provider Config provider's
config. configuration.

Resource /ResourceTypes GET (Section 4) Retrieve supported
type resource types.

Schema /Schemas GET (Section 4) Retrieve one or more
supported schemas.

Bulk /Bulk POST (Section 3.7) Bulk updates to one
or more resources.

Search [prefix]/.search POST (Section 3.4.3) Search from system
root or within a
resource endpoint
for one or more
resource types using

SCIM — Summary

for this story or refer others to follow me.
Follow on Medium: Teri Radichel
Sign up for Email List: Teri Radichel
Follow on Twitter: @teriradichel
Follow on Mastodon:
Follow on Post: @teriradichel
Like on Facebook: 2nd Sight Lab
Buy a Book: Teri Radichel on Amazon
Buy me a coffee:
Teri Radichel
Request services via LinkedIn:
Teri Radichel or through IANS Research
Slideshare: Presentations by Teri Radichel
Speakerdeck: Presentations by Teri Radichel
Recognition: SANS Difference Makers Award, AWS Hero, IANS Faculty
Certifications: SANS
Education: BA Business, Master of Sofware Engineering, Master of Infosec
How I got into security: Woman in tech
Company (Penetration Tests, Assessments, Training): 2nd Sight Lab



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Teri Radichel

Cloud Security Training and Penetration Testing | GSE, GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN | AWS Hero | Infragard | IANS Faculty |