What is SCIM?
SCIM is a newer version of the SAML protocol which allows for the automation of user provisioning. Like SAML, it is a protocol that facilitates single sign-on.
Where SCIM differs is that it is API-based, not login-based. SAML uses login events to facilitate the exchange of information between the broker and the end system.
The limitation of SAML to login events can create complications when, for example, when a user leaves a company, the deletion of their account in the end system is not automatically propagated from the IDP to the end system. This information is exchanged only when the user logs in to each end system.
The newer, improved version of SAML is SCIM, which isn’t dependent on login events and can actively make calls to add, delete, or update users. So, if a user leaves the company, an [IDP] would be able to detect this via the HR provider, then use SCIM to make calls to each end system to delete the user proactively.