How do I install SCIM Relay for Agents?

Install SCIM Relay for Agents with a single command: npx mdskills install chenhunghan/scim-mcp. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support SCIM Relay for Agents?

SCIM Relay for Agents works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to MCP servers

SCIM Relay for Agents

Name: SCIM Relay for Agents: AI Agent Skill
Rating: 8.2 (1 reviews)
Author: chenhunghan

Verified

MCP ServerDevOps & InfrastructureIntermediate

title: System for Cross-domain Identity Management (SCIM) MCP Server colorFrom: pink colorTo: blue sdk: docker appport: 7860 pinned: false shortdescription: SCIM 2.0 relay for AI agents to manage identities - building-mcp-track-enterprise scim-mcp is a SCIM (System for Cross-domain Identity Management) relay for AI agents. This MCP server enables LLMs to manage enterprise user identities and group

by @chenhunghan0Updated 3/10/2026

Add this skill

npx mdskills install chenhunghan/scim-mcp

Fork & Edit

Skill Advisor8.2

Comprehensive SCIM 2.0 relay with strong privacy features and clear documentation

+Provides full SCIM 2.0 lifecycle management with RFC-compliant operations
+Implements built-in PII masking for GDPR compliance
+Includes clear setup examples, architecture diagram, and live demos
-Declares filesystem write and shell execution permissions without clear justification

SKILL.md

Edit in Browser

1---
2title: System for Cross-domain Identity Management (SCIM) MCP Server
3emoji: 🌖
4colorFrom: pink
5colorTo: blue
6sdk: docker
7app_port: 7860
8pinned: false
9short_description: SCIM 2.0 relay for AI agents to manage identities
10tags:
11  - building-mcp-track-enterprise
12---
13# SCIM Relay for Agents
14 
15**scim-mcp** is a SCIM (**S**ystem for **C**ross-domain **I**dentity **M**anagement) relay for AI agents. This MCP server enables LLMs to manage enterprise user identities and groups through the battle-tested SCIM 2.0 standard ([RFC7644](https://datatracker.ietf.org/doc/html/rfc7644)). It acts as a privacy first relay between AI agents and service providers (SP) or identity providers (IdP), allowing organizations to provision, de-provision, and manage authorization policies.
16 
17[Post on Social Media](https://www.linkedin.com/posts/chenhunghan_just-submittedscim-mcpto-the-mcp-1st-share-7398413559698829313-JSdb?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAj_AusB-Fxn1XTCx1_2KoYCcGej21tCMPI)
18 
19[Demo](https://huggingface.co/spaces/chenhunghan/scim-mcp)
20 
21![screencast](https://github.com/user-attachments/assets/48be9bd7-3c4f-4c12-a448-96190e23d290)
22 
23## Features
24 
25Full SCIM 2.0 user and group lifecycle management with **built-in PII masking** for GDPR/privacy compliance:
26 
27**Privacy & Compliance:**
28- **PII Masking** - Automatically masks sensitive personal data (emails, phone numbers, names, addresses) in LLM responses to minimize PII exposure while maintaining operational utility. Critical for GDPR Article 5 (data minimization) and Article 25 (privacy by design) compliance when AI agents process identity data.
29 
30**User Operations:**
31- **POST** - Create users with core and enterprise schema attributes ([RFC7644 §3.3](https://datatracker.ietf.org/doc/html/rfc7644#section-3.3))
32- **GET** - Retrieve user information ([RFC7644 §3.4.1](https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.1))
33- **PUT** - Replace user records entirely ([RFC7644 §3.5.1](https://datatracker.ietf.org/doc/html/rfc7644#section-3.5.1))
34- **PATCH** - Update specific user attributes ([RFC7644 §3.5.2](https://datatracker.ietf.org/doc/html/rfc7644#section-3.5.2))
35- **DELETE** - Remove users ([RFC7644 §3.6](https://datatracker.ietf.org/doc/html/rfc7644#section-3.6))
36- **Deactivation** - Disable user accounts by setting `active: false`
37 
38**Group Operations:**
39- **POST** - Create groups ([RFC7644 §3.3](https://datatracker.ietf.org/doc/html/rfc7644#section-3.3))
40- **GET** - Retrieve group information ([RFC7644 §3.4.1](https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.1))
41- **PUT** - Replace group records entirely ([RFC7644 §3.5.1](https://datatracker.ietf.org/doc/html/rfc7644#section-3.5.1))
42- **PATCH** - **Add/remove users to/from groups for authorization management** ([RFC7644 §3.5.2](https://datatracker.ietf.org/doc/html/rfc7644#section-3.5.2))
43- **DELETE** - Remove groups ([RFC7644 §3.6](https://datatracker.ietf.org/doc/html/rfc7644#section-3.6))
44 
45## Use Cases
46 
471. **Connect Enterprise App Directly** - Manage users and groups directly in your service provider without Azure AD, Okta, or other IdP interfaces
482. **SCIM Endpoint Development & Testing** - Validate your SCIM endpoint implementation without setting up Azure AD or Okta
493. **Control MCP Server Access** - Use Auth0's [inbound SCIM connector](https://auth0.com/docs/authenticate/protocols/scim/configure-inbound-scim#leverage-integration-galleries-for-streamlined-setup) to manage which OAuth accounts can access which MCP servers
50 
51## Demo
52 
53On Vercel
54<https://scim-mcp.vercel.app/mcp>
55 
56On Alpic
57<https://scim-mcp-d8a54d7b.alpic.live/>
58 
59[![Deploy on Alpic](https://assets.alpic.ai/button.svg)](https://app.alpic.ai/new/clone?repositoryUrl=https://github.com/chenhunghan/scim-mcp)
60 
61## Architecture
62 
63```mermaid
64sequenceDiagram
65    participant LLM as LLM/AI Agent
66    participant MCP as scim-mcp<br/>(MCP Server)
67    participant SP as Service Provider<br/>(SCIM Endpoint)
68    
69    Note over MCP: Credentials stored as<br/>environment variables:<br/>SCIM_API_TOKEN<br/>SCIM_API_BASE_URL
70    
71    LLM->>MCP: MCP Tool Request<br/>(e.g., create-user)
72    Note over LLM,MCP: No credentials exposed to LLM
73    
74    MCP->>MCP: Retrieve credentials<br/>from environment
75    
76    MCP->>SP: SCIM API Request<br/>Authorization: Bearer {token}
77    
78    SP->>MCP: SCIM Response
79    
80    MCP->>LLM: MCP Tool Response
81```
82 
83## Setup
84 
85### Codex
86 
87```toml
88[mcp_servers.scim]
89command = "npx"
90args = ["-y", "mcp-remote@latest", "https://scim-mcp-d8a54d7b.alpic.live/", "--header", "x-scim-api-token:${SCIM_AUTH_TOKEN}", "--header", "x-scim-base-url:https://service.provider.scim.base.url"]
91```
92 
93## Development
94 
95First, run the development server:
96 
97```sh
98npm run dev
99```
100

Full transparency — inspect the skill content before installing.