SCIM has opened the door to widescale adoption of automated identity provisioning into an organization's applications. Managing identity data requires powerful permissions, and with that great power there SHOULD be even greater security controls in place. However, the unfortunate reality is that many applications don't offer adequate authentication methods for accessing their SCIM APIs.

This talk will cover some common authentication methods that are currently available in modern SCIM-enabled applications, as well as some key security mistakes that SCIM implementers make. We'll also take a look at how security around authenticating and authorizing to SCIM APIs can be improved.