$300 billion. That’s the amount analysts at Gartner predict worldwide IT budgets will decrease by the end of 2020. If your organization is dealing with cuts in funding, automating how you manage user application life cycles provides a way to reduce spending and save you time.
System for Cross-domain Identity Management (SCIM) is often used by administrators to automate the user profile creation and management for web applications, but unfortunately, some solutions that offer SCIM come with steep price tags. A free SCIM endpoint would allow admins to cut down on time spent managing these accounts without having to pay anything upfront.
Using SCIM to Save Time
SCIM is an API-driven identity management protocol that was created for securely transmitting user data between an identity provider (IdP) and service provider (SP). SCIM is generally paired with the SAML authentication protocol for single sign-on (SSO) to web applications.
In practice, SCIM leverages attributes assigned to user identities by an administrator to create and manage new user accounts in an application. This includes modifying access privileges by group membership and deprovisioning the account during offboarding.
Without SCIM, many admins provision user app accounts manually, a tedious process with larger new hire classes and extensive organizational web application use. SCIM only requires that each user is assigned the proper attributes in the IdP, creating significant time savings for IT admins and technicians. Some organizations save even more time by syncing their HR platform (or HCM or HRIS) with a SCIM provider, sourcing identities through SCIM from the HCM into their IdP, and fully automating the process from an IT perspective.
Evaluating Options for SCIM
Because it’s used for web app provisioning, SCIM is generally offered as a part of Identity-as-a-Service (IDaaS)/SSO solutions. Organizations often roll these tools out alongside a core directory service to act as the IdP and source of truth.
Many IDaaS tools offer per-user pricing models, making them an affordable option for a variety of organizations. Often, however, these vendors consider SCIM as a separate service from their SSO capabilities, meaning organizations will need to pay more to incorporate provisioning into their application management.
Further, organizations need to consider the costs associated with integrating the IDaaS solution into their IdP, as well as the client access licenses (CALs) and server hardware costs involved if the IdP is housed on-premises. Add in the subscription costs of each app tied into SCIM/SSO and it’s apparent that, with looming budget cuts, a free SCIM endpoint is of great benefit to organizations. What’s more, if an admin can directly integrate SCIM into their IdP, then they could save even more — both in terms of budget and time.
Open-source SCIM Endpoints
Developers can also use the open-source SCIM API to build their own endpoints. This practice is usually reserved for someone creating an app that they would like to allow SCIM provisioning to, but tech savvy IT admins may find a way to make the API suit their needs. Of course, while this option is free to use, it will require extensive time and know how to properly set up.
Free SCIM from a Cloud Directory Service
Organizations can leverage a cloud directory service, or Directory-as-a-Service®, to provision accounts in applications through a pre-configured SCIM endpoint. This SCIM offering, currently applicable to Slack with more applications on the way, is directly integrated with the JumpCloud® Directory-as-a-Service platform’s SSO solution, which also offers Just-in-Time (JIT) provisioning for many popular apps.
Directory-as-a-Service is available, free forever for up to 10 users and systems with 10 days of premium implementation support available at no extra charge. Sign up today to leverage a free SCIM endpoint for Slack and SSO to hundreds of other applications.