Free SCIM Endpoint

Written by Zach DeMeyer on June 9, 2020

Share This Article

$300 billion. That’s the amount analysts at Gartner predict worldwide IT budgets will decrease by the end of 2020. If your organization is dealing with cuts in funding, automating how you manage user application life cycles provides a way to reduce spending and save you time. 

System for Cross-domain Identity Management (SCIM) is often used by administrators to automate the user profile creation and management for web applications, but unfortunately, some solutions that offer SCIM come with steep price tags. A free SCIM endpoint would allow admins to cut down on time spent managing these accounts without having to pay anything upfront.

Using SCIM to Save Time

SCIM is an API-driven identity management protocol that was created for securely transmitting user data between an identity provider (IdP) and service provider (SP). SCIM is generally paired with the SAML authentication protocol for single sign-on (SSO) to web applications.

In practice, SCIM leverages attributes assigned to user identities by an administrator to create and manage new user accounts in an application. This includes modifying access privileges by group membership and deprovisioning the account during offboarding.

Without SCIM, many admins provision user app accounts manually, a tedious process with larger new hire classes and extensive organizational web application use. SCIM only requires that each user is assigned the proper attributes in the IdP, creating significant time savings for IT admins and technicians. Some organizations save even more time by syncing their HR platform (or HCM or HRIS) with a SCIM provider, sourcing identities through SCIM from the HCM into their IdP, and fully automating the process from an IT perspective.

Evaluating Options for SCIM

Because it’s used for web app provisioning, SCIM is generally offered as a part of Identity-as-a-Service (IDaaS)/SSO solutions. Organizations often roll these tools out alongside a core directory service to act as the IdP and source of truth.

Many IDaaS tools offer per-user pricing models, making them an affordable option for a variety of organizations. Often, however, these vendors consider SCIM as a separate service from their SSO capabilities, meaning organizations will need to pay more to incorporate provisioning into their application management.

Further, organizations need to consider the costs associated with integrating the IDaaS solution into their IdP, as well as the client access licenses (CALs) and server hardware costs involved if the IdP is housed on-premises. Add in the subscription costs of each app tied into SCIM/SSO and it’s apparent that, with looming budget cuts, a free SCIM endpoint is of great benefit to organizations. What’s more, if an admin can directly integrate SCIM into their IdP, then they could save even more — both in terms of budget and time.

Get SCIM from a Cloud Directory Service

Organizations can leverage a cloud directory service, or JumpCloud, to provision accounts in applications through a pre-configured SCIM endpoint. This SCIM offering, currently applicable to Slack with more applications on the way, is directly integrated with JumpCloud’s platform SSO solution, which also offers Just-in-Time (JIT) provisioning for many popular apps.

Sign up for a trial of JumpCloud today to try out a free SCIM endpoint for Slack and SSO to hundreds of other applications.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter