LoginWith LoginWith Blog

What is SCIM?

SCIM is the protocol that auto-syncs users from a customer's identity provider into your app — creates, updates, and deactivates accounts automatically.

· LoginWith team

SCIM (System for Cross-domain Identity Management) is a REST/JSON protocol for automatically provisioning and deprovisioning users between an identity provider and a downstream service (like your SaaS).

The problem it solves

Without SCIM, onboarding a 500-person enterprise customer looks like this: their IT admin exports a CSV from Okta, you import it into your app, and every hire or departure opens a support ticket. With SCIM, the customer’s IdP automatically creates, updates, and deletes users in your app in real time.

What you implement

SCIM is a handful of REST endpoints on your side:

  • POST /scim/v2/Users — create a user
  • PATCH /scim/v2/Users/:id — update (typically enable/disable)
  • DELETE /scim/v2/Users/:id — delete (often soft-delete)
  • GET /scim/v2/Users/:id — fetch
  • Similar endpoints for Groups

The IdP authenticates with a bearer token you’ve provisioned in its admin UI.

When you need it

When an enterprise customer specifically asks for “auto-provisioning” or “SCIM.” Usually deals with 100+ seats. Smaller customers rarely request it.

Price SCIM as a paid add-on — typically per enterprise connection — since each IdP variant requires its own integration testing and maintenance.

See the full auth glossary for related terms.

Want auth that just works?

Get started with LoginWith