Skip to main content

Learn more about SCIM

System for Cross-domain Identity Management (SCIM) enables automated user lifecycle management between your Identity Provider (IdP) and DigiCert​​®​​ account, DigiCert’s unified single sign‑in experience.

When SCIM is enabled, your IdP becomes the source of truth for user access to DigiCert services such as CertCentral, DigiCert® DNS, Document Trust, IoT Trust, Software Trust, and Trust Lifecycle Manager.

SCIM works alongside or without Single Sign-On (SSO) to ensure users are created, updated, and removed automatically-without manual administration in DigiCert. SCIM works independently of how users authenticate.

What can SCIM manage?

SCIM allows you to centrally manage:

  • User creation (provisioning)

  • User updates (profile and attributes)

  • User removal or access revocation (deprovisioning)

  • Role and service access assignments (via groups or attributes)

How does SCIM work?

SCIM ensures user access always reflects your organization’s identity policies:

  1. A user is added, updated, or removed in your IdP (for example, Okta or Microsoft Entra ID).

  2. The IdP sends a SCIM request to DigiCert​​®​​ account.

  3. DigiCert​​®​​ account applies the change across linked DigiCert services.

  4. The user’s access is updated automatically and consistently.

Supported identity providers

DigiCert® account supports SCIM integration with common enterprise IdPs, including:

  • Okta

  • Microsoft Entra ID (formerly Azure AD)

What is the difference between SSO and SCIM?

SCIM and SSO are independent capabilities within DigiCert® account.

  • SSO controls how users authenticate when signing in.

  • SCIM manages user lifecycle events such as provisioning, updates, and deprovisioning.

Tip

You can enable either or both of these capabilities, however SCIM and SSO are recommended for most enterprise environments.

About groups used for SCIM provisioning

SCIM provisioning for DigiCert​​®​​ account relies on groups in your IdP to manage user access. You can use existing groups or create new groups for DigiCert​​®​​ account.

Before assigning groups to the SCIM application, ensure that:

  • The group exists in your IdP

  • The group contains the correct users

  • The group is assigned to the SCIM application

  • The group is pushed to DigiCert​​®​​ account

In deze sectie: