SCIM User Provisioning
What is SCIM?
SCIM is an open standard, REST and JSON based protocol that simplifies the user identity lifecycle management process by enabling automation between cloud-based identity providers (e.g., Okta) and service providers (e.g., Encompass). With SCIM, user identities are created and managed in a single user directory (identity and HR systems) and the user provisioning and deprovisioning changes are communicated across different applications such as Encompass.
Why use SCIM for user provisioning?
- Interoperability: SCIM's standardized approach ensures compatibility between different system and identity providers, reducing the need for custom integrations. The ICE MT SCIM APIs can be integrated into a centralized lender IDP to manage users across the different enterprise applications including ICE MT supported products.
- Automation: Automate routine identity management tasks, reducing administrative overhead and minimizing human error.
- Scalability: Supports large-scale identity management, making it suitable for organizations with a high number of users and applications.
- Security: Ensures timely and consistent enforcement of security policies across all connected systems.
- Efficiency: Streamlines user onboarding and offboarding processes, improving overall operational efficiency.
- Support for ICE MT cross-domain SSO: User profiles across the supported ICE MT products are linked with the SCIM globalUserID which is used to faciliate cross-domain SSO. For example, an Encompass user can launch the DDA Analyzers from within Encompass without needing to re-login.
How does it work?
When a user profile is created using the POST/users SCIM API, the data in the request is passed to the respective ICE MT application as specified in the product schema for the given request. In addition, a globalUserId is generated for the new user. This globalUserID can be used to further manage and deprovision the user profile(s) across the supported ICE MT products.
Updated 4 months ago