Today I’m happy to let you know that we’ve turned on support for SCIM (“System for Cross-domain Identity Management”) in Azure AD Premium. SCIM is a new emerging standard with makes it easier for SaaS applications and directories like Azure AD to interoperate by giving us a standards based model for how to provision, update and de-provision user accounts across cloud services.
As many of you know, Azure AD already provides automatic provisioning for all our featured apps, including Google Apps, ServiceNow and Dropbox. But for each of those applications, we had to design custom connectors for their custom API’s. SCIM is designed to eliminate the need to do this kind of custom work and make it easier to snap directories and applications together. For example, the automated provisioning with Facebook@Work which we announced last week uses SCIM and we were able to get it working in about a week!
And now we’ve turned this SCIM support on for Azure AD Premium customers who want to bring their own apps!
Here’s how it works:
- In just a few clicks, you can easily use the Azure AD app gallery to add a custom app, and have Azure AD provision assigned users and groups to a SCIM endpoint provided for that app.
- Applications that support SCIM 2.0 and support accepting an OAuth bearer token from Azure AD will work with Azure AD out-of-the-box. See this article for more details on Azure AD SCIM integration.
- Use this feature with Azure AD Premium’s ability to connect any application that supports SAML, for a complete app single sign-on and user provisioning solution.
So now you can use SCIM to connect up your own standards based applications to Azure AD.
Finally, we’d love to hear from you! Your input will help us ensure that we are delivering a solution that is flexible and helps enable user provisioning to all of the apps you need. We’re engaged with other technology vendors and application developers to promote and ensure ‘plug and play’ compatibility with other implementations of SCIM.
If you have any suggestions, questions, or comments, please let us know.
Alex Simons (Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division