What SCIM does
SCIM defines a standard protocol for managing identities across various SaaS applications. It allows organisations to automate the process of creating, updating, and deleting user accounts and groups, ensuring consistency and reducing manual effort. Microsoft Entra Application Governance leverages SCIM under the hood to manage application provisioning. Scoping filters within SCIM implementations allow for granular control over which users and groups are synchronised, enhancing security and efficiency.
SCIM in Australian tenants today
In the AU mid-market, SCIM is increasingly critical for managing the joiner-mover-leaver lifecycle, particularly to address deprovisioning gaps. Incomplete or delayed deprovisioning can lead to unauthorised access and potential data breaches, triggering obligations under the Notifiable Data Breaches scheme and potentially attracting scrutiny from the OAIC. Implementing SCIM helps automate this process, reducing the risk of leaving former employees with access. Adherence to APRA CPS 234 and CPS 230, which mandate robust data security controls, strongly encourages the adoption of automated provisioning and deprovisioning solutions like SCIM.