User Lifecycle

Complete user provisioning lifecycle covering the four core SCIM operations: Create (POST), Update (PATCH), Deactivate (PATCH active=false), and Delete (DELETE) as defined in RFC 7644 §3. This flow represents the standard identity lifecycle pattern used by IdPs like Okta, Azure AD, and OneLogin to synchronize user accounts to downstream applications.

Try in Looking Glass
ProvisioningUser CRUDIdP Integration

Sequence Diagram

Click any step for details

IdPSCIM1Create User2User Created3Update User4User Updated5Deactivate User6User Deactivated7Delete User8User Deleted
Request
Response
Redirect
Internal

Step-by-Step Breakdown

1
Create User
IdPSCIM Server
2
User Created
SCIM ServerIdP
3
Update User
IdPSCIM Server
4
User Updated
SCIM ServerIdP
5
Deactivate User
IdPSCIM Server
6
User Deactivated
SCIM ServerIdP
7
Delete User
IdPSCIM Server
8
User Deleted
SCIM ServerIdP

Token Inspector

Specs for this flow

Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.

Security & privacy

· Dedicated security and privacy considerations.