zlacker

This looks great! Any plans to add SCIM? SAML is good but one of the main reasons larger customers want SSO in my experience is to automate deprovisioning—they want one-click access removal from all apps when an employee leaves the company. And for that you need SCIM.

If you had SAML plus SCIM (or even just a small subset of SCIM) I think it could be a no-brainer. Other services that offer it are closed-source and absurdly expensive, and DIY is a big pain.

>>danena+(OP)
Yeah SCIM is coming up. Auto-deprovisioning and stuff related to seat management are the big motivators I've seen.

Honestly IETF did a pretty good job with SCIM itself. It's not wacky in the way SAML is at all. In my experience the hardest part about integrating SCIM is setting up all the IDP-specific configuration around it. Like with SAML, it's a situation where Okta, Microsoft, OneLogin all have totally different terms for the exact same thing.

One thing I'm pretty excited about is that our SCIM support will also include a button where you can generate a setup link that you give to your customer. From that setup link they can self-serve configure their SAML+SCIM configuration.

We have that working for SAML right now, and it's nice because it means you don't need to write IDP-specific documentation walking customers through each product's weird terminology and quirky UI.

>>ucario+j3
Is OIDC2 also comming? While simpler - a similar "self-help" workflow that helped with all big three SAML, SCIM and OIDC2 - with self-hosting would be marvelous.

>>e12e+GR
Agree OIDC (applicable in more use cases than people probably think) means neither side has to worry about SAML + SCIM. That's a win.

Longer comment elsewhere in thread.