--- title: Identity Management description : "What we speak about and in **which environment**. We must agree on some **different problematics** that exists to better understand why we use SCIM." color : yellow weight : 1 --- Illustation of the basics of identity magagment {{< grid >}} {{< card icon="user" >}} #### Authentication Who is this user ? {{< /card >}} {{< card icon="lock" >}} #### Authorization Is this user allowed to access this resource ? {{< /card >}} {{< card icon="cloud" >}} #### Storage Where are user’s identity & credentials stored? {{< /card >}} {{< card icon="prov" >}} #### Provisioning How to manage & transfer user’s identity ? {{< /card >}} {{< /grid >}} illustration of losing data ### Our environment Our digital work environment is composed of **many applications** and web services. We want a **seamless user experience** for our free software based collaboration platform. With a **Single Sign-on (SSO)** system users get a unified login and logout experience but there is a catch. ### Our problem Traditional SSO protocols like OpenID Connect do **not support syncing user profiles across applications.** That's means : * **users are not created by default in all apps** (only after they have logged in at least once) * **no mechanisms to propagate the deletion of users** * So its **not GDPR compliant** (by default) #### In essence Current existing protocols are **difficult to implement or/and to use** or are **custom for specific use case** then **non-standardized**.