# Provisioning, Deprovisioning, and SCIM One-sentence definition: Automate account lifecycle across apps via the System for Cross-domain Identity Management. ## Key Facts - SCIM standardizes create/update/delete of identities and groups. - Driven by HR events; near-real-time revocation reduces orphan risk. - Map entitlements via roles; handle exceptions with approvals. - Log all changes; reconcile regularly; detect orphan/shared accounts. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose SCIM to eliminate manual account sprawl. **Mnemonic:** “**Sync** identities, **shrink** risk.” ## Mini Scenario Q: Ex-employee still active in SaaS—why? A: No SCIM/IGA integration; implement automated deprovisioning. ## Revision Checklist - SCIM purpose. - HR-driven triggers. - Reconciliation step. ## Related [[Identity Lifecycle (Joiner Mover Leaver)]] · [[Access Reviews and Certification (IGA)]] · [[Directory Services (LDAP and Active Directory)]] · [[Service Accounts and Secrets Management]] · [[Role Engineering and RBAC Design]] · [[Domain 5 - Index]]