PingFederate supports the SCIM 1.1 protocol for outbound and inbound provisioning. At an IdP (outbound) site, you can automatically provision and maintain user accounts at service-provider sites that have implemented SCIM. When PingFederate is configured as an SP (inbound), you can provision and manage user accounts and groups for your own organization automatically using the standard SCIM protocol. The following table provides a brief summary of the supported features.

Feature Outbound provisioning Inbound provisioning
SCIM specification SCIM 1.1 SCIM 1.1
Data format JSON JSON
User and group CRUD operations Yes Yes
Custom schema support Yes Yes
List/query and filtering support Not applicable Yes
Authentication method HTTP Basic and OAuth Resource Owner Password Credentials grant type HTTP Basic and client certificate (mutual TLS)
Source data stores PingDirectory, Microsoft Active Directory, Oracle Directory Server Enterprise Edition, and Oracle Unified Directory Not applicable
Target data stores Not applicable Active Directory and other data stores via the Identity Store Provisioner Java SDK interface

For detailed information about SCIM, see the website