Did you know that ServiceNow provides a SCIM 2.0 interface for Account and Entitlement management?
It’s been kept pretty quiet, but the SCIM API has been provided by ServiceNow since Utah release in early 2023. To be honest, in the early days it wasn’t that ready for enterprise deployment but functionality has been added in the later releases and now (since Vancouver) seems pretty rock solid. It provides endpoints to create, read, update, and delete operations on users and groups using the SCIM 2.0 protocol (from API Reference).
So why use it?
Well, SCIM is a Standards-based protocol. We all love Standards, right?
- Loose Coupling
Using a Standards-based protocol allows an integration to implement Loose Coupling of the components. Coupling refers to the degree of direct knowledge that one component has of another. Loose Coupling in computing is interpreted as encapsulation versus non-encapsulation. ServiceNow does all the mapping internally from standard SCIM attributes to fields in the internal sys_user table (also supporting SCIM extension schema and sys_user custom attributes). An ISC operator/developer doesn’t need to know about the internal workings of ServiceNow, they need to know about SCIM (hopefully that’s a given 
).
- Security
From a security perspective using SCIM helps meet the Least Privilege principle. The Service Account needed on the ServiceNow side only requires permissions to access the SCIM API (with rights to the sys_user table), rather than API access direct to the sys_user table.
- Simplicity
You could be using a REST based connector, or the SailPoint delivered ServiceNow App. Each of these requires a level of configuration on the ServiceNow side. SCIM 2.0 support is provided as a ServiceNow plugin (rather than an App) which only needs enabling by a ServiceNow administrator. Trust me, it’s easier to get a ServiceNow admin to agree to enable a plugin rather than install an App.
- Functionality
Check out the Supported Features of the Identity Governance SaaS Connector for ServiceNow vs the Supported Features of the SailPoint and SCIM 2.0 SaaS Connector, particularly around Entitlement management.
- SaaS Support
If you’re currently on a VA based integration and wanting to go SaaS, SCIM should definitely be in the mix, IMHO.
Is it time to migrate? What are your thoughts?