Today OpsLevel is announcing support for user management with SCIM. To most end users of SaaS products, acronyms like SAML, SSO, and SCIM are behind the scenes jargon not worth a second thought.
But anyone involved with configuring and maintaining SaaS applications at scale knows how tedious user management can be. Users are constantly coming and going, and the needs of the org are constantly evolving.
There's never a steady state, so admins are continuously granting, revoking, or reassigning user access across tens (or even hundreds) of SaaS applications.
Fortunately, SCIM massively improves workflows for these admins. And with OpsLevel, SCIM is especially useful, because accurate user management is a critical piece of any Service Ownership solution.
Don’t skim this: SCIM is a gamehanger
The goal of the SCIM specification is to “reduce the cost and complexity of user management operations." So how is SCIM better than other standard options? Let’s review the ways SCIM is more robust than SAML SSO authentication.
Automated user provisioning and mirroring
With SAML, provisioning user accounts happens Just in Time (JIT). Users are only created the first time they actively log into a new application.
With SCIM, admins automatically sync all relevant users directly from their IdP to the target application. Users are automatically created in that application, mirroring the IdP-source-of-truth. End users don't need to do anything for their accounts to be created.
Even better, SCIM covers the entire user management lifecycle. Any changes that occur to users in the IdP are automatically mirrored in SCIM-configured applications.
Most importantly, if a user profile is deactivated in the IdP (for any reason, even temporarily), the user profile automatically loses access to any SCIM-configured applications.
JIT provisioning with SAML does not include automated de-provisioning. This creates loose ends, manual clean-up, and stress for IT, security, and compliance teams.
Automating OpsLevel user management means a complete catalog, faster
Lightening the burden on admins and running a cleaner, more secure IT environment make SCIM a compelling option. But with OpsLevel, there are second-order benefits that make SCIM especially valuable.
Service Ownership is a socio-technical problem
That’s a fancy way to say: people matter just as much as technology. In order to solve Service Ownership problems fully, a solution needs to be aware of the people as well as the services.
SCIM helps OpsLevel admins address the people side of the problem much more effectively. Using SCIM with OpsLevel enables the creation of accurate teams and groups on day one–because admins can import, create, and work with their entire user base in seconds.
Since teams own services in OpsLevel, this is a foundational step towards creating a comprehensive service catalog.
Improve the developer experience
You never get a second chance to make a first impression. Thanks to SCIM, when developers use OpsLevel for the first time, they’ll find a more complete catalog, with all their org’s users, teams, and groups in place.
Using SCIM with OpsLevel
OpsLevel can integrate with any SCIM 2.0 compatible client (e.g. IdPs like Okta). We have native support for using SCIM with Okta and Azure Active Directory via apps we’ve built.
Azure Active Directory
Learn more about how to configure Azure Active Directory SCIM with OpsLevel in our docs.
I'm ready to try out SCIM with OpsLevel. How do I get started?
Sign up for your custom demo of OpsLevel and our team will get you started.
I'm new to SCIM. Can you explain how the protocol works?
SCIM is an open, vendor-neutral protocol. Rather than reinvent the wheel, we like this overview from Okta.
Does OpsLevel's SCIM implementation support importing user groups?
Today it does not. We may in the future. Most engineering organizations still don't have a reliable source of truth for their functional org charts–but we're working on it!
Does OpsLevel's SCIM implementation support roles?
Today it does not, because role names, levels, etc vary so much from organization to organization. We may revisit this in the future.
Does OpsLevel's SCIM implementation support syncing data from OpsLevel to other systems?
Today it does not. We may in the future.