At an identity provider (IdP) outbound site, you have the option to automatically provision and maintain user accounts at service provider (SP) sites that have implemented SCIM. When you have PingFederate configured as an SP inbound site, you can automatically provision and manage user accounts and groups for your own organization using the standard SCIM protocol. For a brief summary of supported features, see the following table.

Feature Outbound provisioning Inbound provisioning
SCIM specification SCIM 1.1 SCIM 1.1
Data format JSON JSON
User and group create, read, update, and delete (CRUD) operations Yes Yes
Custom schema support Yes Yes
List/query and filtering support Not applicable Yes
Authentication method HTTP Basic and OAuth Resource Owner Password Credentials grant type HTTP Basic and client certificate (mutual TLS)
Source data stores PingDirectory, Microsoft Active Directory, and Oracle Unified Directory Not applicable
Target data stores Not applicable Active Directory and other data stores via the Identity Store Provisioner Java SDK interface

For detailed information about SCIM, see