SCIM + SSO + authority operations

Identity lifecycle control with evidence at every boundary.

FreeSCIM coordinates SSO providers, SCIM provisioning, LDAP/FreeIPA directories, Linux enforcement, Windows-style enterprise environments, federation targets, runtime readiness, rollback gates, and ITSM handoff workflows through one lifecycle-focused control plane.

Inspect the API platform Map the control plane
Lifecycle API Users + Groups

Create, update, disable, patch, filter, and paginate SCIM resources with Okta-compatible behavior.

 Access boundary SAML + Tokens

SAML protects operator access while SCIM endpoints use scoped integration tokens.

 Authority bridge Okta + FreeIPA

Okta remains the human identity authority while FreeIPA remains the Linux enforcement authority.

 Assurance Execution gates

Health checks, route inventory, SCIM mutation audit, runtime survivability, and rollback readiness stay visible.

 Operational handoff TeamDynamix + ITSM context

Escalations carry identity evidence into ticket workflows without turning FreeSCIM into a ticketing system.

Identity fabric

Unify identity authority without pretending there is only one source of truth.

Enterprise identity rarely lives in one clean place. FreeSCIM presents a SCIM-centered control plane where SSO providers, LDAP, FreeIPA, Linux systems, Windows-style identity environments, application federation targets, ITSM workflows, and custom IdM authorities can be modeled through common lifecycle contracts without hiding who owns enforcement, approval, or recovery.

Follow the data flow

Current platform posture

More than a bridge: an evidence-led operating layer.

01

Controlled execution

Mutation audit, dry-run controls, and approval gates separate observed state from write execution.

02

Identity provenance

Canonical identity views preserve the difference between login, contact email, SCIM username, FreeIPA uid, and Kerberos principal.

03

Runtime survivability

Health, readiness, middleware status, and blocked/degraded states are treated as product behavior, not hidden logs.

04

Recoverable operations

Rollback candidates, safety checks, and ITSM context help operators answer what happened, why it was allowed, and how to recover.

Lifecycle operations

Built around the actions identity teams actually need.

01

Create

Provision users through predictable SCIM resource contracts, mapped attributes, and FreeIPA-safe username handling.

02

Update

Keep profile, email, manager, and authority-backed state aligned as identity data changes.

03

Disable

Represent deactivation as a first-class lifecycle state that maps to enforceable account lock behavior.

04

Reconcile

Compare provider and FreeIPA snapshots, preview drift, and reason about safe changes before execution.

Mixed enterprise estates

Mesh Linux identity operations with Windows-centered enterprise identity.

FreeSCIM’s story is the hard middle: translating lifecycle intent between SSO providers, FreeIPA, Linux enforcement, Windows-centered enterprise identity, application platforms, ITSM handoffs, and APIs without hiding operational boundaries.

ProviderOkta / SAML / OIDC
DirectoryLDAP / FreeIPA
RuntimeLinux / SSSD
EnterpriseWindows
ITSMTeamDynamix / ServiceNow-ready
ContractSCIM 2.0 API
OutcomeLifecycle control

API platform proof

SCIM contracts are the product surface.

Users API

User lifecycle, patch behavior, and idempotency expectations.

Create · Update · Disable

Groups API

Membership semantics and reconciliation behavior.

Membership · Paging · Filters

Error Model

Structured failures for integration clients and operators.

Recover · Retry · Diagnose

Operational evidence

A control plane that can be inspected from protocol contract to recovery path.

Feature map: lifecycle, groups, filters, integrations Architecture: boundaries, data flow, trust model Security: tokens, secrets, LDAP, operations Operations: assurance, interface states, readiness