PingFederate supports the SCIM 1.1 protocol for outbound and inbound provisioning.
At an identity provider (IdP) outbound site, you have the option to automatically provision and maintain user accounts at service provider (SP) sites that have implemented SCIM. When you have PingFederate configured as an SP inbound site, you can automatically provision and manage user accounts and groups for your own organization using the standard SCIM protocol. For a brief summary of supported features, see the following table.
|Feature||Outbound provisioning||Inbound provisioning|
|SCIM specification||SCIM 1.1||SCIM 1.1|
|User and group create, read, update, and delete (CRUD) operations||Yes||Yes|
|Custom schema support||Yes||Yes|
|List/query and filtering support||Not applicable||Yes|
|Authentication method||HTTP Basic and OAuth Resource Owner Password Credentials grant type||HTTP Basic and client certificate (mutual TLS)|
|Source data stores||PingDirectory, Microsoft Active Directory, and Oracle Unified Directory||Not applicable|
|Target data stores||Not applicable||Active Directory and other data stores via the Identity Store Provisioner Java SDK interface|
For detailed information about SCIM, see www.simplecloud.info.