Reputation: 598
How to decide whether or not to implement SCIM endpoint
This question is asked in the context where a company wants to implement a new SaaS solution with a REST API plus a single-page web-application on top of it,
where authentication and authorization and also user management are to be implemented using Microsoft Identity Platform and Microsoft Azure Active Directory.
I am wondering if in such a scenario, an own SCIM (2.0) endpoint is needed at all, or if perhaps simply a user management API (which itself may or may not be SCIM compliant) of Microsoft Identity Platform or Microsoft Azure Active Directory can be used for user management, so that users would only be stored and managed within AD for now.
Upvotes: 0
Views: 239
Answers (1)
Reputation: 912
Baseline expectations for multi-tenant SaaS applications nowadays include user provisioning functionality. SCIM 2.0 is the only widely adopted modern standard for internet-based provisioning. Your options are therefore going to be to implement your own proprietary user/group management APIs or implement SCIM 2.0. If you're looking for support from major identity providers (AAD, Okta, etc..) then SCIM 2.0 is likely the only standard that any identity provider will build against.
TL;DR: SCIM 2.0 is the way to go.
Upvotes: 0
Related Questions
- Azure Active Directory Enterprise App OpenID and User Provisioning (SCIM)
- Use SCIM API to send data from Azure AD to another endpoint
- Azure AD: how to key users when using OIDC and SCIM
- Azure AD SCIM client implementation - Users/Groups clarification
- Does it make sense to use OIDC and SCIM together?
- What are usually the token grant type needed for the secret token in scim provisioning?
- Why should I enabled OAuth from APIM when it is already secure using Microsoft Identity platform
- Azure Service Management API authentication using Azure Active Directory Oauth
- SCIM endpoint. Error when testing from Azure AD
- SCIM endpoint and user provisioning with Azure Active Directory & Symfony