Coming Soon: SCIM 2.0 Support for Keymate

We are building native support for the SCIM 2.0 protocol to enable seamless, standards-based user and group provisioning across enterprise systems.

Standardized Provisioning for Users and Groups

Why It Matters

Modern IAM ecosystems must support automated user lifecycle management. SCIM (System for Cross-domain Identity Management) is the industry standard for: Creating, reading, updating, and deleting users and groups; Synchronizing user attributes between systems; Triggering downstream workflows for joiners, movers, and leavers. SCIM 2.0 enables Keymate to act as either a SCIM Provider (serving HRMS/IdP updates) or a SCIM Consumer (receiving updates from external sources).

SCIM Use Cases

Key Components:

Automated User Lifecycle Management

HRMS/IdP Integration

Downstream Workflow Automation

Cross-Domain Identity Sync

How SCIM Will Power Seamless Identity Provisioning

HR or external IdP triggers a user update. SCIM 2.0 standard JSON payload is sent to or received from Keymate. Users and groups are automatically created or updated. Custom mappers handle attribute transformation (e.g., department, title). Changes are propagated via internal events to Keycloak or OpenFGA.

Future SCIM Use Cases

Future Use Cases:

Key Components:

HRMS-driven user onboarding

AD or Azure AD integration

De-provisioning via SCIM DELETE operations

Real-time role/attribute propagation to downstream systems

What's Coming in SCIM Support

SCIM 2.0 REST API (Provider)

Keymate exposes a SCIM 2.0-compliant API for external consumers

SCIM 2.0 Client (Consumer)

Keymate will ingest SCIM payloads from HRMS or IdPs

Schema Flexibility

Support for both core and custom SCIM schemas

Attribute Mapping Layer

Map SCIM fields to internal Keycloak/Keymate structures

Event Emission

Every SCIM operation emits internal events for observability & audit

Frequently Asked Questions

Not yet. It's planned for Q1–Q2 2026 as part of Keymate's extended provisioning roadmap.

Yes. SCIM operations will sync with both Keycloak's user model and Keymate's attribute models.

Yes. The SCIM layer will support custom attribute mappings aligned with Keymate's schema flexibility.

Yes. Provisioning actions will generate events compatible with our Kafka-based observability pipeline.

How to Prepare

Follow these steps to prepare:

Review your HRMS or IdP's SCIM capabilities

Align your user/group schema with SCIM core and custom fields

Plan integration for joiners/movers/leavers lifecycle workflows

Stay tuned for early access updates and API previews

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.