PingFederate Server

System for Cross-domain Identity Management (SCIM)

PingFederate supports the SCIM 1.1 protocol for outbound and inbound provisioning.

At an identity provider (IdP) outbound site, you have the option to automatically provision and maintain user accounts at service provider (SP) sites that have implemented SCIM. When you have PingFederate configured as an SP inbound site, you can automatically provision and manage user accounts and groups for your own organization using the standard SCIM protocol. For a brief summary of supported features, see the following table.

Feature Outbound provisioning Inbound provisioning

SCIM specification

SCIM 1.1

SCIM 1.1

Data format

JSON

JSON

User and group create, read, update, and delete (CRUD) operations

Yes

Yes

Custom schema support

Yes

Yes

List/query and filtering support

Not applicable

Yes

PATCH

Yes

No

Authentication method

HTTP Basic and OAuth Resource Owner Password Credentials grant type

HTTP Basic and client certificate (mutual TLS)

Source data stores

PingDirectory, Microsoft Active Directory, and Oracle Unified Directory

Not applicable

Target data stores

Not applicable

Active Directory and other data stores via the Identity Store Provisioner Java SDK interface

For detailed information about SCIM, see www.simplecloud.info.