SCIM User Management


System for Cross-Domain Identity Management (SCIM) is an open standard protocol for automating the exchange of user identity information between identity domains and IT systems. SCIM ensures that employees added to the Human Capital Management (HCM) system automatically have accounts created in Azure Active Directory (Azure AD) or Windows Server Active Directory. User attributes and profiles are synchronised between the two systems, updating and removing users based on the user status or role change.

SCIM is a standardised definition of two endpoints: a /Users’ endpoint and a /Groups endpoint. It uses common REST verbs to create, update, and delete objects. It also uses a predefined schema for common attributes like group name, username, first name, last name, and email. Applications that offer a SCIM 2.0 REST API can reduce or eliminate the pain of working with proprietary user management APIs or products. For example, any SCIM-compliant client can make an HTTP POST of a JSON object to the /Users endpoint to create a new user entry. Instead of needing a slightly different API for the same basic actions, apps that conform to the SCIM standard can instantly take advantage of pre-existing clients, tools, and code.

Key Features & Functionality

Appian does not natively support SCIM, hence the custom application that this documentation refers to. The downloaded content contains two distinct Appian applications:

  • SCIM User Management (SCIM)
    • This implements the /User and /Group service endpoints that implement the various operations that allow Users to be created / changed / deactivated / reactivated, and for User membership of Groups to be managed (Users added / removed)
  • SCIM Test Application (SCIMTA)
    • This provides a set of test harnesses to flex the functionality exposed in the above application, as an alternative to using other testing tools such Postman or SOAP UI