← Back to portfolio

SCIM Connector Platform

Status

In Development

Maturity

Production-oriented lab

Evidence

Architecture diagram added · Sanitized demo views added · Repo pending

Next

Add protected demo walkthrough

Problem

Enterprises using Okta, Entra ID, or Auth0 need reliable automated provisioning to downstream SaaS and internal platforms. Manual provisioning creates stale accounts, audit gaps, and inconsistent access states across systems.

What Was Built

A multi-tenant SCIM v2 connector platform. Customers self-service create tenants and connectors. Each connector receives a unique Bearer token used by the IdP to authenticate SCIM requests. Bearer tokens are hashed with PBKDF2-SHA256 using 600,000 iterations and a random per-token salt. Plaintext tokens are displayed only once and never stored.

Architecture Diagram

Identity Providers

OktaMicrosoft Entra IDAuth0Any SCIM-compatible IdP
↓ HTTPS · Bearer Token · TLS 1.2+

SCIM Connector Platform

Token ValidatorTenant RouterSCIM v2 HandlerEvent BusRequest Logger

Data & Operations

  • Tenant Store
  • Audit Log
  • Metrics Collector

Admin & Ops

  • Admin Console
  • Operator Dashboard
  • Customer Portal

Target Applications

Internal APIsSaaS PlatformsUser Directories

Request Flow

SCIM Endpoints Implemented

MethodEndpointOperation
GET/scim/v2/UsersList users (supports filter)
POST/scim/v2/UsersCreate user
GET/scim/v2/Users/{id}Get user by ID
PUT/scim/v2/Users/{id}Replace user
PATCH/scim/v2/Users/{id}Partial update
DELETE/scim/v2/Users/{id}Deprovision user
GET/scim/v2/GroupsList groups
POST/scim/v2/GroupsCreate group
GET/scim/v2/Groups/{id}Get group
PATCH/scim/v2/Groups/{id}Update group membership
DELETE/scim/v2/Groups/{id}Remove group
GET/scim/v2/ServiceProviderConfigAdvertise capabilities
GET/scim/v2/SchemasSchema discovery
GET/scim/v2/ResourceTypesResource type discovery

Security Controls

Operational Controls

Failure Handling

Design Trade-offs

Platform Views

Sanitized demo views — production data redacted. Real screenshots will replace these when live deployment is available.

Customer Portal — New Connector SetupSANITIZED DEMO VIEW

Tenant

acme-corp

Connector Name

okta-prod-scim

SCIM Base URL

https://scim.[redacted].com/scim/v2/

⚠ Bearer Token — shown once only, never retrievable

████████-████-████-████-████████████

Plaintext value redacted. Copy before closing this dialog.

Create ConnectorCancel
Audit Log — Recent Provisioning EventsSANITIZED DEMO VIEW
Timestamp (UTC)ConnectorActionResourceOutcome
2026-05-16 14:32:01conn-[redacted]user.createduser@[redacted]success
2026-05-16 14:31:58conn-[redacted]user.updateduser@[redacted]success
2026-05-16 09:15:22conn-[redacted]user.deprovisioneduser@[redacted]success
2026-05-16 09:14:55conn-[redacted]auth.failedfailed_auth
Metrics — Prometheus Endpoint OutputSANITIZED DEMO VIEW
# HELP scim_requests_total Total SCIM requests by tenant and status
# TYPE scim_requests_total counter
scim_requests_total{tenant="[redacted]",method="POST",status="201"} 1423
scim_requests_total{tenant="[redacted]",method="GET",status="200"}  8891
scim_requests_total{tenant="[redacted]",method="PATCH",status="204"} 346
scim_requests_total{tenant="[redacted]",method="POST",status="409"}   12

# HELP scim_request_duration_seconds Request latency histogram
# TYPE scim_request_duration_seconds histogram
scim_request_duration_seconds{quantile="0.5",tenant="[redacted]"}  0.021
scim_request_duration_seconds{quantile="0.99",tenant="[redacted]"} 0.187

# HELP scim_health_status Liveness probe result (1 = healthy)
# TYPE scim_health_status gauge
scim_health_status 1

Employer Value

Risk reduced

Orphaned accounts, access drift, provisioning audit gaps

Operational value

Automated lifecycle management across IdP and SaaS fleet

IAM domain

SCIM v2, identity lifecycle, multi-tenant SaaS architecture

Seniority signal

End-to-end platform design — not just SCIM client usage

Evidence Roadmap

Architecture and sanitized demo views are included above. Screenshots, repository, and walkthrough will be added as the project matures.

Architecture Diagram

[ Included above ]

Platform Views

[ Sanitized demo views added above ]

GitHub Repository

[ Repo pending ]

Protected Demo Walkthrough

[ Walkthrough pending ]