What is SCIM synchronization and which attributes are commonly synced?

SCIM is the standard for System for Cross-domain Identity Management, used to provision and synchronize user identities across different systems. It provides a common data model and REST API to create, update, and delete users and groups, and to keep their attributes in sync as changes happen. In practice, the data most often synchronized includes the user’s login name (username), their email address, a display name for human-friendly identification, the groups they belong to (for access control), their account status (active or inactive), and entitlements such as licenses or specific permissions. These attributes support consistent lifecycle management and access control across connected applications. The other options don’t fit because SCIM isn’t about encrypting passwords at rest, nor is it limited to just group memberships or about exchanging OAuth tokens. SCIM focuses on provisioning and keeping user attributes and group memberships in sync across systems.