SCIM (System for Cross-domain Identity Management)
A REST + JSON-based standard for identity provisioning between systems — defined in RFC 7643 (schema) and RFC 7644 (protocol). Where saml and oidc handle authentication, SCIM handles the create/update/delete operations on user and group records.
SCIM 2.0 is the version in production use. The protocol defines a small set of resource types — Users and Groups — and operations (GET / POST / PUT / PATCH / DELETE) over them with a fixed URL pattern (/Users, /Groups, /Users/{id}).
In the AE Guardian context, SCIM is the wire protocol the upstream IdP (Okta, Entra ID) uses when pushing provisioning into downstream applications — including, in some configurations, into AE Guardian itself. AE Guardian's own IAM connectors typically don't consume SCIM directly — they use vendor-native REST APIs (Microsoft Graph API for Entra, Workday REST for Workday) — but SCIM is the standard the customer's IdP-side admin will be familiar with.
What other systems call it
Per-vendor / per-standard terminology for this same concept.
| System | Term / Notes |
|---|---|
| STStandards | RFC 7643 (schema) + RFC 7644 (protocol) |
| OKOkta | SCIM 2.0 supported as a downstream-provisioning protocol |
| MEMicrosoft Entra ID | SCIM 2.0 supported for outbound provisioning to applications |
Used by 3 connectors
Connectors in the catalog that reference this concept.