2.3 KiB
| title | description | color | weight |
|---|---|---|---|
| Identity Management | A **quick overview** of some different issues that exist when **discussing identity management**, and in which environments using SCIM could be relevant. | yellow | 1 |
{{< grid >}} {{< card icon="user" >}}
Authentication
Who is this user ? {{< /card >}}
{{< card icon="lock" >}}
Authorization
Is this user allowed to access this resource ? {{< /card >}}
{{< card icon="cloud" >}}
Storage
Where are user’s identity & credentials stored? {{< /card >}}
{{< card icon="prov" >}}
Provisioning
How to manage & transfer user’s identity ? {{< /card >}} {{< /grid >}}
Among all these identity management concepts, SCIM is a matter of provisioning ; it concerns how information linked to an identity is transferred between different apps.
SCIM environement
Because SCIM tackle the question of provisioning, one of best the identity management environments where SCIM is relevant is an environment composed of many apps or services that are not well integrated natively and are used by many users.
To better understand, let's consider the use case of a hosting provider that develops a collaboration platform based on different free software.
The digital work environment is then composed of many applications and web services used by different users. These users want a seamless user experience across the different apps.
With a Single Sign-on (SSO) system, users get a unified login and logout experience but there is a catch.
The problem
Traditional SSO protocols like OpenID Connect do not support syncing user profiles across applications. That's means :
- users are not created by default in all apps (only after they have logged in at least once)
- no mechanisms to propagate the deletion of users
- So its not GDPR compliant (by default)
In essence
Current existing protocols are difficult to implement or/and to use or are custom for specific use case then non-standardized.