SlideShare a Scribd company logo

Standardizing Identity Provisioning with SCIM

Download as PPTX, PDF
H
HasiniG

The document discusses the Simple Cloud Identity Management (SCIM) specification for provisioning and managing user identities in cloud applications and services. It provides an overview of SCIM, including its use of REST APIs, platform-neutral schemas, and SAML bindings. Examples are given of how SCIM allows for automated provisioning, just-in-time provisioning with single sign-on, bulk user management operations, and de-provisioning of user accounts. The document also notes how SCIM addresses issues with redundant integration efforts and maintenance headaches when provisioning to multiple systems.

Technology
1 of 43
Downloaded 61 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Hasini Gunasinghe Software Engineer
Example – an employee joining WSO2 LDAP Other internal apps Provisioning system Other cloud apps/services Image courtesy : http://www.crn.com/slide-shows/applications-os/223800159/google-apps-marketplace-10-hot-cloud-applications.htm http://newmediasense.net/more-than-50-cloud-developers-commit-to-jive-apps-market%E2%84%A2/222888/
Creation, maintenance & deactivation of user accounts, in one or more systems or applications, in response to automated or interactive business processes. -Wikipedia What is it..?
Identifying the parties involved… ECS – Enterprise Cloud Subscriber CSU – cloud service user Other internal apps Provisioning system Other cloud apps/services CSP– cloud service provider LDAP
Current approach... Other internal apps Provisioning system Other cloud apps/services LDAP
Problems with current approach..  Rredundant integration efforts for ECS & CSP.  Maintenance nightmare of multiple connectors.  Complexity and cost.
Solution would be a common protocol that everyone agrees on. Image courtesy : http://causerelatedmarketing.blogspot.com/2011/09/lets-bring-open-standards-to-practice.html
1. Authentication : SAML based WS-Trust & SSO, OpenID, OAuth 2. Authorization: XACML 3. Provisioning: SPML, WS-Provisioning, SCIM
How open standard solves current problems..? Other internal apps Provisioning system Other cloud apps/services LDAP
 Emerging open standard.  REST API.  Platform neutral schema.  SAML binding.  Emphasis on simplicity and interoperability. In a nutshell...
 REST API  resource endpoints  supported HTTP methods PROTOCOL In a nutshell...
 REST API  SCIM REST API is relative to a base URL https://example.com/scim/v1/  Requests made via HTTP operations on a URL derived from the Base URL POST -> https://example.com/scim/v1/Users  JSON / XML formats PROTOCOL In a nutshell...
 Resource – collection of attributes.  Schema defines attributes.  SCIM Core Schema  Extension Model: Additive – similar to auxiliary object classes in LDAP. SCHEMA In a nutshell...
 Other SCIM schemas  User Schema, Enterprise User Schema Extension  Group Schema  Service Provider Configuration Schema  Resource Schema SCHEMA In a nutshell...
 Minimal user representation in JSON & XML formats. SCHEMA In a nutshell...
 SCIM - SAML Mapping  Attributes  SSO Assertion  AttributeQuery  Metadata SAMLBINDING In a nutshell...
 Started in mid 2010.  Version 1.0 approved in Dec 2011.  Working on submitting to IETF.  Discussions made open at cloud-directory@googlegroups.com Brief history…
Platform neutral schema  Mandatory core schema with extension model.  Flexibility  Interoperability  Simplicity.
REST API  Light weight with JSON support.  Avoids performance bottleneck on the connector.
SAML Binding  Just InTime Provisioning with SSO.  Pull / Push based Identity Management.
More...  Defined core + optional capabilities.  Based on existing deployments and standards - LDAP, SAML.  Several implementations.  Adoption by major cloud vendors.
 Identity Provisioning.  Value of open standards in the space of provisioning.  SCIM.  Why SCIM...?
Standardizing Identity Provisioning with SCIM
 Security Considerations  Authentication and Authorization - OAuth2 bearer recommended.  Should be overTLS  Password attribute not to be returned. PROTOCOL
 Automated Provisioning : Internal Apps SaaS 1 SaaS 2 SCIM based enterprise provisioning system HR Administrator (1) Create user account (2)Create user (3)ok
 Example – Creare User - Request PROTOCOL
 Example – Creare User - Response PROTOCOL
 JIT provisioning with SSO - Pull SaaS Enterprise SSO IdP User Create user account SCIM User Identity SAML Attribute Query SAML Response SSO Redirect Login
 Example – SAML Attribute Query SAMLBinding
 Bulk UM Operations:  Initial imports of CSU accounts.  Scheduled synchronizations. LDAP SaaS LDAP SaaS
 Example : POST on Bulk endpoint PROTOCOL
 Identity Synchronization:  Partial updates with PATCH  Conditional overwrites with ETag
 Example – PATCH PROTOCOL
 Identity Retrieval:  Filtering  Conditional retrieval with Etag
 Identity Retrieval:  Partial retrival – with “attributes” query parameter  Pagination  Sorting GET /Users?startIndex=1&count=10
De-provisioning: SaaS Enterprise SSO IdP SCIM based enterprise provisioning system LDAP (1) Delete user account (2)Delete user(3)ok (4)Delete user (5)ok (6)Request access(7)Deny
Internal apps Provisioning system Other cloud apps/services LDAP
 Identity Provisioning.  Value of open standards in the space of provisioning.  SCIM along with highlights from the spec.  Why SCIM...?  Use cases of SCIM in Identity Management solution.  Adoption of SCIM inWSO2 Identity Server and Stratos.
 http://www.simplecloud.info/  http://en.wikipedia.org/wiki/Provisioning#User_provisioning
Standardizing Identity Provisioning with SCIM
https://ail.google.com/mail/u/0/?ui=2&ik=ad9a e58f41&view=att&th=1331a70983344a32&atti d=0.1&disp=thd&realattid=f_gtxto6mk0&zw Selected Customers
• QuickStart • Development Support • Development Services • Production Support • Turnkey Solutions • WSO2 Mobile Services Solution • WSO2 FIX Gateway Solution • WSO2 SAP Gateway Solution
 Contact Us…  bizdev@wso2.com

More Related Content

PDF
WSO2 Charon
HasiniG
 
PPTX
Scim overview
Morteza Ansari
 
PPTX
Master IAM in the Cloud with SCIM v2.0
Kelly Grizzle
 
PPTX
SCIM in the Real World: Adoption is Growing
Kelly Grizzle
 
PDF
Standardizing Identity Provisioning with SCIM
WSO2
 
PDF
SCIM presentation from CIS 2012
Twobo Technologies
 
PDF
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CloudIDSummit
 
PPTX
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 
WSO2 Charon
HasiniG
 
Scim overview
Morteza Ansari
 
Master IAM in the Cloud with SCIM v2.0
Kelly Grizzle
 
SCIM in the Real World: Adoption is Growing
Kelly Grizzle
 
Standardizing Identity Provisioning with SCIM
WSO2
 
SCIM presentation from CIS 2012
Twobo Technologies
 
CIS 2015- Provisioning IDaas- Using SCIM to Enable Cloud Identity- Pat Patter...
CloudIDSummit
 
SCIM: Why It’s More Important, and More Simple, Than You Think - CIS 2014
Kelly Grizzle
 

What's hot (20)

PPTX
Jan19 scim webinar-04
Paul Madsen
 
PDF
Oracle Identity Governance Technical Overview - 11gR2PS3
Atul Goyal
 
PPTX
Con8823 access management for the internet of things-final
OracleIDM
 
PPTX
Overview of Oracle Identity Management - Customer Presentation
Delivery Centric
 
PDF
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CloudIDSummit
 
PPTX
SANS Institute Product Review of Oracle Identity Manager
OracleIDM
 
PDF
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CloudIDSummit
 
PDF
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...
oow123
 
PDF
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
WSO2
 
PDF
Sim-webcast-part1-1aa
OracleIDM
 
PPTX
Certifications for Azure Developers
Krunal Trivedi
 
PPS
Idm Workshop
Mohamed Atef
 
PPTX
Adfs Shib Interop Um Oxford
guestd9aa5
 
PPT
Oim Poc1.0
Mohamed Atef
 
PPTX
Presentation- on OIM
Tamim Khan
 
PPTX
jQuery and OData - Perfect Together
David Hoerster
 
PPTX
Oracle Access Management - Customer presentation
Delivery Centric
 
PDF
Oracle Access Manager Overview
guestf6dc99b
 
PDF
Oracle Identity & Access Management
DLT Solutions
 
PDF
Self Service Access Control - Help Yourself to More Productivity
Atul Goyal
 
Jan19 scim webinar-04
Paul Madsen
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Atul Goyal
 
Con8823 access management for the internet of things-final
OracleIDM
 
Overview of Oracle Identity Management - Customer Presentation
Delivery Centric
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CloudIDSummit
 
SANS Institute Product Review of Oracle Identity Manager
OracleIDM
 
CIS13: Avoiding the Pitfalls of Managing IAM for a Hybrid Environment
CloudIDSummit
 
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...
oow123
 
An Enhanced User Experience for Automobile Purchases with the WSO2 Mobile Ser...
WSO2
 
Sim-webcast-part1-1aa
OracleIDM
 
Certifications for Azure Developers
Krunal Trivedi
 
Idm Workshop
Mohamed Atef
 
Adfs Shib Interop Um Oxford
guestd9aa5
 
Oim Poc1.0
Mohamed Atef
 
Presentation- on OIM
Tamim Khan
 
jQuery and OData - Perfect Together
David Hoerster
 
Oracle Access Management - Customer presentation
Delivery Centric
 
Oracle Access Manager Overview
guestf6dc99b
 
Oracle Identity & Access Management
DLT Solutions
 
Self Service Access Control - Help Yourself to More Productivity
Atul Goyal
 
Ad

Viewers also liked (10)

PDF
CIS14: Lean In: Enterprise Cloud Identity
CloudIDSummit
 
PPTX
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
ForgeRock
 
PDF
Open Standard Based identity Provisioning System for Cloud
Prabath Siriwardena
 
PDF
CIS13: Authorization Agent (AZA) Mobile Protocol
CloudIDSummit
 
PDF
Securing and Scaling SaaS
guest05bda0
 
PPTX
Denver Startup Week '15: Mobile SSO
Brian Campbell
 
PDF
CIS13: Bootcamp: PingOne as a Simple Identity Service
CloudIDSummit
 
PPTX
SCIM 2.0 - Choose your own identity adventure
Kelly Grizzle
 
PDF
Towards a Federated Cloud Ecosystem
Clovis Chapman
 
PPT
Moving To SaaS
Alistair Croll
 
CIS14: Lean In: Enterprise Cloud Identity
CloudIDSummit
 
IAM/IRM CONSIDERATIONS FOR SAAS PROVIDER SELECTION
ForgeRock
 
Open Standard Based identity Provisioning System for Cloud
Prabath Siriwardena
 
CIS13: Authorization Agent (AZA) Mobile Protocol
CloudIDSummit
 
Securing and Scaling SaaS
guest05bda0
 
Denver Startup Week '15: Mobile SSO
Brian Campbell
 
CIS13: Bootcamp: PingOne as a Simple Identity Service
CloudIDSummit
 
SCIM 2.0 - Choose your own identity adventure
Kelly Grizzle
 
Towards a Federated Cloud Ecosystem
Clovis Chapman
 
Moving To SaaS
Alistair Croll
 
Ad

Similar to Standardizing Identity Provisioning with SCIM (20)

PPTX
Tech UG - Newcastle 09-17 - logic apps
Michael Stephenson
 
PPT
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Eduardo Patrocinio
 
PDF
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld
 
PDF
CIT-2697 - Customer Success Stories with IBM PureApplication System
Hendrik van Run
 
PPTX
CSC AWS re:Invent Enterprise DevOps session
Tom Laszewski
 
PPT
Ws Soa V6 Theory And Practice
Pini Cohen
 
PDF
Cloud APIs Overview Tucker
Infrastructure 2.0
 
PPTX
Mdd Lcds
ravinxg
 
PPTX
Twelve factor-app
José Javier Vélez Colón
 
PDF
Soa12c launch 1 overview cr
Vasily Demin
 
PPTX
Why Cloud Management Makes Sense
RightScale
 
PPTX
Hybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow Up
Nicole Bray
 
PPTX
Four Scenarios for an Integration Service Environment (ISE)
Daniel Toomey
 
PDF
Spring and Pivotal Application Service - SpringOne Tour Dallas
VMware Tanzu
 
PDF
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
PDF
Smart Integration to the Cloud - Kellton Tech Webinar
Kellton Tech Solutions Ltd
 
PDF
AWS Cloud Essentials - An Overview
Edureka!
 
PPT
Introduction To Cloud Computing By Beant Singh Duggal
Beantsingh
 
PPTX
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrations
paulfallon
 
PPTX
Introduction To Cloud Computing
Rinat Shagisultanov
 
Tech UG - Newcastle 09-17 - logic apps
Michael Stephenson
 
Lessons Learned during IBM SmartCloud Orchestrator Deployment at a Large Tel...
Eduardo Patrocinio
 
VMworld 2013: Moving Enterprise Application Dev/Test to VMware’s Internal Pri...
VMworld
 
CIT-2697 - Customer Success Stories with IBM PureApplication System
Hendrik van Run
 
CSC AWS re:Invent Enterprise DevOps session
Tom Laszewski
 
Ws Soa V6 Theory And Practice
Pini Cohen
 
Cloud APIs Overview Tucker
Infrastructure 2.0
 
Mdd Lcds
ravinxg
 
Twelve factor-app
José Javier Vélez Colón
 
Soa12c launch 1 overview cr
Vasily Demin
 
Why Cloud Management Makes Sense
RightScale
 
Hybrid Identity Made Simple - Microsoft World Partner Conference 2016 Follow Up
Nicole Bray
 
Four Scenarios for an Integration Service Environment (ISE)
Daniel Toomey
 
Spring and Pivotal Application Service - SpringOne Tour Dallas
VMware Tanzu
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
Smart Integration to the Cloud - Kellton Tech Webinar
Kellton Tech Solutions Ltd
 
AWS Cloud Essentials - An Overview
Edureka!
 
Introduction To Cloud Computing By Beant Singh Duggal
Beantsingh
 
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrations
paulfallon
 
Introduction To Cloud Computing
Rinat Shagisultanov
 

Recently uploaded (20)

PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PPTX
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PPTX
Simple and concise overview about Quantum computing..pptx
mughal641
 
PDF
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PPTX
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
AI and Robotics for Human Well-being.pptx
JAYMIN SUTHAR
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Accelerating Oracle Database 23ai Troubleshooting with Oracle AHF Fleet Insig...
Sandesh Rao
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
Simple and concise overview about Quantum computing..pptx
mughal641
 
Tea4chat - another LLM Project by Kerem Atam
a0m0rajab1
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...
AgileNetwork
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 

Standardizing Identity Provisioning with SCIM