SCIM is a standard for automating identity provisioning and lifecycle updates between systems.
SCIM, short for System for Cross-domain Identity Management, is a standard used to automate identity provisioning and lifecycle updates between systems. In plain language, it helps organizations create, update, and remove user or group records more consistently across connected services.
SCIM matters because identity risk is not only about login. Accounts that should be disabled, group memberships that should be updated, and role changes that should propagate quickly all affect security outcomes.
It also matters because manual identity administration does not scale well. Automated provisioning reduces delay, inconsistency, and the chance that former staff or outdated permissions remain active longer than intended.
SCIM appears in workforce identity platforms, SaaS onboarding, lifecycle management, and centralized identity governance. Organizations often use it alongside Single Sign-On, SAML, or OpenID Connect so the same identity system handles both login and account lifecycle updates.
Security teams review SCIM when they care about faster deprovisioning, more accurate group membership, and reduced standing access left behind by organizational changes.
A company uses a central identity provider for workforce applications. When an employee changes departments or leaves the company, SCIM-based provisioning updates the user’s account and group membership in connected SaaS systems so access follows the current identity state more quickly.
SCIM is not an authentication protocol. It does not replace Authentication or Authorization. Its focus is identity lifecycle and provisioning.
It is also different from LDAP. LDAP is a directory-access protocol, while SCIM is more directly aimed at identity provisioning across domains and services.