Become a Member My Atlas
Insights
Training
Advisory & Negotiation
Free Resources
About
Contact Us
Search
Become a Member

Updated: October 8, 2024 (March 8, 2020)

  Charts & Illustrations

SCIM Identity Provisioning Workflow

My Atlas / Charts & Illustrations

302 wordsTime to read: 2 min
Wes Miller by
Wes Miller

Wes Miller analyzes and writes about Microsoft’s security, identity management, and systems management technologies. Before joining Directions on Microsoft, Wes... more

Automated identity provisioning between Azure Active Directory (AAD) and third-party applications.This illustration shows the workflow for updating AAD from a third-party Human Resources (HR) system like Workday (left) and the workflow for updating Software as a Service (SaaS) applications from AAD (right).

The provisioning service uses the System for Cross-domain Identity Management (SCIM) 2.0 protocol to retrieve and process updates from third-party HR systems based on how user attributes from inbound sources map to AAD. Administrators configure the user mapping when they initially provision the third-party application for AAD single sign-on.

When the AAD provisioning service runs, it searches sources (HR systems) for new user information to update AAD. After AAD has been updated, the provisioning service will then update third-party applications in the following ways:

•          Create a new user account in the remote applications if the user is in scope (they are to receive access to the remote applications)

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now