SCIM for AI: Inside the new IETF draft for agent and agentic application provisioning

The System for Cross-Domain Identity Management (SCIM) is a standard protocol that facilitates the automatic provisioning and deprovisioning of user accounts across a company's applications, and a new draft aims to extend this model to AI agents and their host applications. This draft proposes two new SCIM resource types, "Agents" and "Agentic Applications," to manage non-human identities like bots and automation workflows, leveraging SCIM's existing schemas and operational model. The extension addresses the growing need for standardized identity management of AI agents, which can now act independently in digital environments, by using the same trusted standards as human users. It introduces the concepts of "Agent" as a digital worker with its identifier, metadata, and privileges, and "Agentic Application" as the platform managing these agents. The draft suggests that these entities be integrated into identity platforms like WorkOS, allowing for automated lifecycle management, role assignment, app memberships, and accountability through ownership attributes. This move aims to ensure that AI-powered agents are managed with the same security, governance, and auditing standards as human users, emphasizing accountability, credential management, and clear app-agent boundaries while providing identity providers with a structured path to include digital workers in their systems.