System for Cross-domain Identity Management (SCIM)

PingFederate supports the SCIM 1.1 protocol for outbound and inbound provisioning.

At an identity provider (IdP) outbound site, you have the option to automatically provision and maintain user accounts at service provider (SP) sites that have implemented SCIM. When you have PingFederate configured as an SP inbound site, you can automatically provision and manage user accounts and groups for your own organization using the standard SCIM protocol. For a brief summary of supported features, see the following table.

Feature	Outbound provisioning	Inbound provisioning
SCIM specification	SCIM 1.1	SCIM 1.1
Data format	JSON	JSON
User and group create, read, update, and delete (CRUD) operations	Yes	Yes
Custom schema support	Yes	Yes
List/query and filtering support	Not applicable	Yes
PATCH	Yes	No
Authentication method	HTTP Basic and OAuth Resource Owner Password Credentials grant type	HTTP Basic and client certificate (mutual TLS)
Source data stores	PingDirectory, Microsoft Active Directory, and Oracle Unified Directory	Not applicable
Target data stores	Not applicable	Active Directory and other data stores via the Identity Store Provisioner Java SDK interface

Feature

Outbound provisioning

Inbound provisioning

SCIM specification

SCIM 1.1

Data format

JSON

User and group create, read, update, and delete (CRUD) operations

Yes

Custom schema support

Yes

List/query and filtering support

Not applicable

Yes

PATCH

Yes

Authentication method

HTTP Basic and OAuth Resource Owner Password Credentials grant type

HTTP Basic and client certificate (mutual TLS)

Source data stores

PingDirectory, Microsoft Active Directory, and Oracle Unified Directory

Not applicable

Target data stores

Not applicable

Active Directory and other data stores via the Identity Store Provisioner Java SDK interface

For detailed information about SCIM, see www.simplecloud.info.

PingFederate Server

System for Cross-domain Identity Management (SCIM)