SCIM lifecycle control for mixed authority

FreeSCIM makes Linux identity provisioning auditable and recoverable.

FreeSCIM is a SCIM lifecycle control plane for Linux and mixed-authority identity environments. It helps identity teams connect Okta or Entra intent to FreeIPA, LDAP, SSSD, Kerberos, and downstream Linux enforcement without hiding authority boundaries.

See the product model Review integrations
Product fit Control Plane

Use FreeSCIM when Linux enforcement and upstream identity authority must be coordinated safely.

 Lifecycle API Users + Groups

Create, update, disable, patch, filter, and paginate SCIM resources with Okta-compatible behavior.

 Authority bridge FreeIPA + LDAP

Directory state remains an enforcement boundary rather than a hidden implementation detail.

 Assurance Evidence + Rollback

Dry-run, approval, audit evidence, and recovery posture are first-class adoption signals.

 Next action Technical Briefing

Bring your IdP, directory, Linux enforcement, rollout, and audit requirements into one review.

Identity fabric

Unify identity authority without pretending there is only one source of truth.

Enterprise identity rarely lives in one clean place. FreeSCIM presents a SCIM-centered control plane where SSO providers, LDAP, FreeIPA, Linux systems, Windows-style identity environments, application federation targets, ITSM workflows, and custom IdM authorities can be modeled through common lifecycle contracts without hiding who owns enforcement, approval, or recovery.

Follow the data flow

Current platform posture

More than a bridge: an evidence-led operating layer.

01

Controlled execution

Mutation audit, dry-run controls, and approval gates separate observed state from write execution.

02

Identity provenance

Canonical identity views preserve the difference between login, contact email, SCIM username, FreeIPA uid, and Kerberos principal.

03

Runtime survivability

Health, readiness, middleware status, and blocked/degraded states are treated as product behavior, not hidden logs.

04

Recoverable operations

Rollback candidates, safety checks, and ITSM context help operators answer what happened, why it was allowed, and how to recover.

Lifecycle operations

Built around the actions identity teams actually need.

01

Create

Provision users through predictable SCIM resource contracts, mapped attributes, and FreeIPA-safe username handling.

02

Update

Keep profile, email, manager, and authority-backed state aligned as identity data changes.

03

Disable

Represent deactivation as a first-class lifecycle state that maps to enforceable account lock behavior.

04

Reconcile

Compare provider and FreeIPA snapshots, preview drift, and reason about safe changes before execution.

Mixed enterprise estates

Mesh Linux identity operations with Windows-centered enterprise identity.

FreeSCIM’s story is the hard middle: translating lifecycle intent between SSO providers, FreeIPA, Linux enforcement, Windows-centered enterprise identity, application platforms, ITSM handoffs, and APIs without hiding operational boundaries.

ProviderOkta / SAML / OIDC
DirectoryLDAP / FreeIPA
RuntimeLinux / SSSD
EnterpriseWindows
ITSMTeamDynamix / ServiceNow-ready
ContractSCIM 2.0 API
OutcomeLifecycle control

API platform proof

SCIM contracts are the product surface.

Users API

User lifecycle, patch behavior, and idempotency expectations.

Create · Update · Disable

Groups API

Membership semantics and reconciliation behavior.

Membership · Paging · Filters

Error Model

Structured failures for integration clients and operators.

Recover · Retry · Diagnose

Operational evidence

A control plane that can be inspected from protocol contract to recovery path.

Feature map: lifecycle, groups, filters, integrations Architecture: boundaries, data flow, trust model Security: tokens, secrets, LDAP, operations Operations: assurance, interface states, readiness