Software integrations manifest in Infrastructure Engineering as well. As cloud engineers provision resources and configure them for their data scientists and application engineering teams, they must be mindful of interoperability. One specific example is used to discuss the changes to the practices of Cloud IaC in this article and it pertains to System for Cross-Domain Identity Management aka SCIM.

Identity and access solutions have always looked for bringing together users recognized by different systems that do not share anything. A user in AWS public cloud might not be recognized in Azure for instance. SCIM is a protocol that standardizes how identity information is exchanged between one entity and another. By virtue of being an open standard for people to access cloud-based resources, it eases onboarding and interoperability. That includes how identity data is exchanged, how the communication is fostered across different platforms and how identity providers and IAM systems can work together even they are heterogeneous. Having manually add users to each application and a few other Role-based access control chores become tedious in organizations that have many employees, partners and stakeholders. SCIM makes it easy to grant access to new hires to the appropriate applications and revoke access from those leaving with seamless synchronization across a variety of platforms. SCIM leverages JSON data format and database create-update-delete operations on resources which improves programmability. An SCIM endpoint is created usually within Azure AD which can communicate with on-premises Active Directory. Using a predefined schema and automatic synchronization of identity resources, it improves consistency and security across disparate systems. The automatic user provisioning, standardized API and user attributes management simplifies identity management by bringing together a single source of truth.

As a protocol, IAM solution developers are already aware of Security Assertion and Markup Language that has worked for a while. While SAML works with SSO to integrate login across security domains and features similar to SCIM for a unified experience, SCIM lays the foundation for SAML to work in a new target system. SAML leverages XML for assertions and gives you a token to use with your browser session, SCIM is for provisioning identities across multiple applications. SCIM and SSO work together but like SAML, SSO is for authentication not provisioning.

Bulk recognition of identities is possible with SCIM which saves time and cost and spans proprietary and third-party technologies even though certain IAM products like Active Directory have also tried to embrace open standards with their OpenLDAP protocol. While OpenLDAP used to be for legacy systems and on-premises, SCIM is cloud-first and cloud-friendly where different identity providers can participatge.