Managing user identities across cloud-based architectures can be difficult. By using the SCIM standards, we can make this task simpler and more cost-effective.
Businesses are turning to cloud-based applications and services more and more every day. These applications and services contain user account information that is specific to an employee’s domain and platform.
This means the identity of your employees across multiple organizations will need to be managed. Additionally, as your business grows, the applications your employees use are going to change.
The Current Problem
Looking to manage user identities in multiple cloud-based applications can be tricky. You may integrate with APIs that share commonalities but with enough differences to prevent a one size fits all solution.
User management can be automated, but this can be extensive, covering the many ways users can be:
- Provisioned
- Deprovisioned
- Read
- Updated
Adding a new cloud service to your technology stack means integrating with another API. When there are multiple representations of a user in several different systems, updating the user’s details in each system while ensuring parity between them is a cumbersome task and often prone to error.
There can be concerning implications of not managing users correctly. If an employee leaves a company and still has access to their account(s), they could see and modify sensitive data. It is beneficial to have a consistent method of decommissioning and managing user accounts.
What Can You Do About It?
One option is to manually sanitize the data in each system, making employees responsible for managing individual services and applications to ensure accuracy. However, this is heavy on human resource.
Another method is to implement your own automation, where you integrate with individual application and service APIs for managing users.
Alternatively, you could utilize the SCIM standards, which provide a common set of APIs and schemas to simplify user management across services and applications.
What is SCIM?
SCIM stands for "System for Cross-domain Identity Management". The SCIM standards define extensive user and group models, along with endpoints for creating, reading, updating, and deleting these resources. These standards are defined across two SCIM specifications: the Core Schema Specification and the Protocol Specification.
Why Should You Use SCIM?
SCIM defines standardized user models, group models, and endpoints for these models. This means that not only is the data being communicated consistently across boundaries in cloud-based scenarios, but so are the APIs being used.
Using the SCIM standards, integrating with new cloud applications or services no longer requires bespoke solutions. Data can also move both ways. You can build a SCIM client to provision, update and delete users or build a SCIM service provider to consume SCIM requests from other sources, allowing updates from a source of truth to be pushed to your system. This means that the mismanagement of users and groups is less likely to occur.
SCIM for ASP.NET Core
Rock Solid Knowledge is launching a new component to help, both as a SCIM service provider and as a SCIM client. The component will allow you to:
- Integrate as a service provider using your ASP.NET Identity store as the user and group store
- Integrate as a service provider using Entity Framework and in-memory stores provided in the component
- Integrate as a client, sending CRUD requests to SCIM service providers
See a preview of our SCIM component and get a 30-day demo key on our product page.