System for Cross-Domain Identity Management Overview

System for Cross-Domain Identity Management (SCIM) allows IT Admins to make changes to their employee’s identity information and access within their workforce IdP, and have those changes automatically propagated out to all of their connected applications. SCIM is absolutely critical for large enterprises, who rely on this protocol as a way to centrally and securely manage employee identity and access the thousands of SaaS tools companies use at scale.

API Objects & Endpoints

API Resources



A top-level tenant that groups members, auth settings, roles, and other identity configurations.


Represents an authenticated user who is a member of a specific Organization.

SCIM Connection

Represents a SCIM connection with an identity provider. A SCIM Connection is explicitly tied to an Organization.

How it works

Stytch’s SCIM implementation handles everything OOTB for you. We offer the relevant SCIM APIs, receive SCIM requests from the IdP, and immediately honor the requested changes – updating the Member object, handling session revocation, and granting/revoking RBAC Roles when relevant. While we ensure that the requested changes take effect immediately, preventing any access issues, we will also issue webhooks on each event so you can keep your internal system up to date.

SCIM sequence using Stytch