This rule monitors the configuration changes of the System for Cross-domain Identity Management (SCIM) within an OpenAI organization. SCIM enables automated user provisioning and deprovisioning from identity providers (IdP) to OpenAI systems, and its improper management can lead to several security issues. Disabling SCIM may bypass established identity governance policies and allow orphaned accounts to persist post offboarding, creating a potential security breach or unauthorized access scenario. This rule's detection capabilities focus on the enabling and disabling actions of SCIM, with alerts generated based on specific log types. The rule is classified as experimental and aims to enhance visibility into identity integration changes that could affect compliance and security posture. Users are instructed to verify any SCIM configuration changes with defined procedures to ensure their authenticity and compliance with organizational policies.