Can anybody please tell me, what is exactly mean by SCIM provisioning and how it works?
What is difference between SCIM endpoint and SCIM client?
Thanks in advance.
If you imagine a SCIM server as an LDAP repository but in the Cloud, you need to find a way to manage users and groups (CRUD operations) with a protocol which is HTTPs based as LDAPs is not recommended over Internet.
SPML (https://en.wikipedia.org/wiki/Service_Provisioning_Markup_Language) was created in the past to solve this. But it is SOAP / XML oriented so complex and heavy.
Modern standard are more oriented along JSON and towards API/REST protocols. Therefore SCIM was created.
A SCIM client is then an external agent (one application - web, Native, FAT-, one CLI console, etc.) that may want to manage users/groups on behalf of one authorized user (SCIM is OIDC compliant). The SCIM Endpoint is were the client will connect to, authenticate to and being authorized for those CRUD operations.
please see : http://www.simplecloud.info/
Currently an extension to SCIM is planned. SCIM-PAM will allow to manage policies for privileged access (à-la-SUDO).
Jeff