Entra SCIM

The key to understanding the purpose of SCIM is in its name:

• System—SCIM creates a common format for how identity data is exchanged.
• Cross-domain—SCIM securely communicates identity data across platforms.
• Identity Management—SCIM automates the flow of information between an identity provider or identity and access management (IAM) system and cloud-based applications.

In an enterprise work scenario, using SCIM reduces the effort it takes to create, modify, and synchronize employee accounts and govern the resources employees have access to. It has the added benefit of reducing IT friction for employees because it works in tandem with other technologies that simplify how users sign in to apps.

Without SCIM, provisioning can be a lengthy and tedious manual process. The identifying information apps require to determine whether a person has permission to access them is fairly standard, such as employee names, emails, job titles, and departments. However, the formats apps use to represent each element of that information, and how the apps perform simple actions, can often be just a little bit different.

Having to manually add users to each app in a slightly different way every time might not be too problematic for businesses with just a few employees and cloud-based apps or services. But for organizations with a large number of employees and hundreds of cloud applications, manual provisioning can be costly, frustrating, and counterproductive.

SCIM solves this problem by providing a standard for seamlessly and securely exchanging information between identity providers and cloud apps. That standardization makes automating the provisioning process feasible and safe.

Some efficiencies that SCIM enables are:

• Automatic provisioning of new accounts—new employees are efficiently given access to the right systems when they join your team or organization.
• Automatic deprovisioning—when people leave the organization, there’s a centralized way to deactivate their account and app privileges.
• Synchronizing data between systems—when changes are made to accounts, it’s automatically updated everywhere.
• Group provisioning—whole groups of employees can be given access to the apps that they need.
• Governing access—SCIM makes it easier to monitor and audit privileges.

Services that implement SCIM provide a standardized API for creating and managing users. Due to this standardisation, identity providers, such as Microsoft Entra ID, can seamlessly use this API to automatically provision users.

Application developers can use SCIM provisioning standards to ensure their apps integrate seamlessly with enterprise systems. It avoids the problem of having slightly different APIs to perform the same basic actions. Developers that create apps conforming to the SCIM standard can instantly take advantage of pre-existing clients, tools, and code.

Microsoft Entra uses the System for Cross-domain Identity Management (SCIM) protocol to manage identities across different applications. Once configured to trust Jellyfish, Entra will begin pushing user identity information to jellyfish. When a user provisioned through Entra attempts to authenticate, they will be redirected Microsoft Entra to complete authentication.

For more information on Entra user provisioning, please see: https://learn.microsoft.com/en-us/entra/identity/app-provisioning/user-provisioning

For more information on provisioning for Jellyfish, please visit: https://learn.microsoft.com/en-us/entra/identity/saas-apps/jellyfish-provisioning-tutorial

Users will benefit as they do not need to maintain separate accounts in Jellyfish and Entra.