All Collections
Enboarder API Docs
Workflow Data
SCIM API - User Provisioning And Management
SCIM API - User Provisioning And Management

Learn how to use our API to manage User Provisioning

Adam Faludi avatar
Written by Adam Faludi
Updated over a week ago

Overview

The System for Cross-domain Identity Management (SCIM) aims to simplify user provisioning and management in the cloud by defining two standards:

  • A canonical user schema

  • A RESTful API for all necessary user management operations

Enboarder currently supports SCIM 2.0.

Base URLs

SCIM User Schema Attribute

Detail

Schema

userType

required. Valid values are - Super Admin, General Admin, Account Manager, User Manager, Workflow Manager, Experience Manager, Author and Reporter

userName

Required. Unique Name of user

Core

phoneNumbers : value

phone of user

Core

name : givenName

Required. First Name of user

Core

name : middleName

middle Name of user

Core

name : familyName

Required. last Name of user

Core

meta : lastModified

$user.updated_at

Core

meta : created

$user.created Date

Core

id

unique id generated by system

Core

externalId

unique id of target system

Core

emails : value

Required. emailID of user. One is required

Core

displayName

display name if user

Core

active

user status. Once user reset the password, the status become active

Core

Get Service Provider config

/ServiceProviderConfig

Base URLs

API Endpoint : {{baseURL}}/scim/ServiceProviderConfig

Request Method: GET

Response:

200 OK

{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"documentationUri": "http://enboarder.com/help/scim.html", //optional
"patch": {
"supported": true
},
"bulk": {
"supported": false,
"maxOperations": 1,
"maxPayloadSize": 1048576
},
"filter": {
"supported": false,
"maxResults": 200
},
"changePassword": {
"supported": false
},
"sort": {
"supported": false
},
"etag": {
"supported": false
},
"authenticationSchemes": [
{
"name": "OAuth Token",
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"specUri": "http://www.rfc-editor.org/info/rfc6750",
"documentationUri": "https://help.enboarder.com/en/articles/4151199-enboarder-api-docs-authentication-overview",
"type": "oauthbearertoken",
"primary": true
},
{
"name": "HTTP Basic",
"description": "Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"documentationUri": "https://help.enboarder.com/en/articles/4151199-enboarder-api-docs-authentication-overview",
"type": "httpbasic"
"primary": true
}
],
"meta": {
"location": "https://api.syd.e1.enboarder.com/scim/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig",
"created": "2020-12-02T04:56:22Z",
"lastModified": "2020-12-13T04:42:34Z",
}
}

Get Resource Type

/ResourceTypes

Base URLs

API Endpoint : {{baseURL}}/scim/ResourceTypes

Request Method: GET

Response:

200 OK

[
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "User",
"name": "User",
"endpoint": "/Users",
"description": "User Account",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"schemaExtensions": [
{
"schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"required": true
}
],
"meta": {
"location": "https://example.com/v2/ResourceTypes/User",
"resourceType": "ResourceType"
}
}
]
Get Schemas

Get Schemas

/Schemas

Base URLs

API Endpoint : {{baseURL}}/scim/v2/Schemas

Request Method: GET

Response:

200 OK

[
{
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "User Account",
"attributes": [
{
"name": "userName",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. REQUIRED.",
"required": true,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "server"
},
{
"name": "externalId",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User in external system, typically used to identified user in source system.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "server"
},
{
"name": "name",
"type": "complex",
"multiValued": false,
"description": "The components of the user's real name. Providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.",
"required": true,
"subAttributes": [
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The family name of the User, or last name in most Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the User, or first name in most Western languages (e.g., 'Barbara' given the full name 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "middleName",
"type": "string",
"multiValued": false,
"description": "The middle name(s) of the User (e.g., 'Jane' given the full name 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "displayName",
"type": "string",
"multiValued": false,
"description": "The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "userType",
"type": "string",
"multiValued": false,
"description": "Used to identify the relationship between the organization and the user. Typical values used will be Super Admin, General Admin, Account Manager, User Manager, Workflow Manager, Experience Manager, Author and Reporter, but any value may be used.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "active",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the User's administrative status.",
"required": false,
"mutability": "readWrite",
"returned": "default"
},
{
"name": "emails",
"type": "complex",
"multiValued": true,
"description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
"required": true,
"subAttributes": [
{
"name": "value",
"type": "string",
"multiValued": false,
"description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function, e.g., 'work' or 'home'.",
"required": false,
"caseExact": false,
"canonicalValues": [
"work",
"home",
"other"
],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'true' MUST appear no more than once.",
"required": false,
"mutability": "readWrite",
"returned": "default"
}
],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "phoneNumbers",
"type": "complex",
"multiValued": true,
"description": "Phone numbers for the User. The value SHOULD be canonicalized by the service provider according to the format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'.",
"required": false,
"subAttributes": [
{
"name": "value",
"type": "string",
"multiValued": false,
"description": "Phone number of the User.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function, e.g., 'work', 'home', 'mobile'.",
"required": false,
"caseExact": false,
"canonicalValues": [
"work",
"home",
"mobile",
"fax",
"pager",
"other"
],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred phone number or primary phone number. The primary attribute value 'true' MUST appear no more than once.",
"required": false,
"mutability": "readWrite",
"returned": "default"
}
],
"mutability": "readWrite",
"returned": "default"
}
],
"meta": {
"resourceType": "Schema",
"location": "/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User"
}
}
]

RESTFUL SCIM APIs

Create User

/Users

BaseURLs:

API Endpoint :

  • Using API key: {{baseURL}}/scim/v1/Users

  • Using OAuth Token: {{baseURL}}/scim/v2/Users

Request Method: POST

This API create user and send a reset password link.

Header Parameters

  • Authorization: {{token}}

  • Content-Type: application/json

Request format

{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"externalId":"",
"userName":"john@example.com",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"userType":"Super Admin",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
}
]
}

Response:

  • 201 Created

{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"id":"I6zx4C8kq",
"externalId":"",
"meta":{
"created":"2020-12-11T12:40:59-08:00",
"location":"https://api.syd.e1.enboarder.com/scim/v2/Users/I6zx4C8kq"
},
"userName":"john@example.com",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"userType":"Super Admin",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
}
]
}

Get user by ID

/Users/{{id}}

Base URLs

API Endpoint :

  • Using API key: {{baseURL}}/scim/v1/Users/{{id}}

  • Using OAuth Token: {{baseURL}}/scim/v2/Users/{{{id}}

Request Method: GET

Header Parameters

  • Authorization: {{token}}

Response:

200 OK - User Exists

{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"id":"I6zx4C8kq",
"externalId":"",
"meta":{
"created":"2020-11-10T12:40:59-08:00",
"lastModified":"2020-12-10T21:32:44.882Z",
"location":"https://api.syd.e1.enboarder.com/scim/v2/Users/I6zx4C8kq"
},
"userName":"john@example.com",
"userType":"Super Admin",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
}
]
}

Update User

/Users/{{id}}

API Endpoint :

  • Using API key: {{baseURL}}/scim/v1/Users/{{id}}

  • Using OAuth Token: {{baseURL}}/scim/v2/Users/{{{id}}

Request Method: PUT

Base URLs

Header Parameters

  • Authorization: {{token}}

  • Content-Type: application/json

Request format

{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"externalId":"2819c223-7f76-453a-919d-413861904646",
"userName":"john@example.com",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"userType":"Super Admin",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
},
{
"value":"john2@example.com",
"primary":false
}
]
}

Response:

200 OK

{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"id":"I6zx4C8kq",
"externalId":"2819c223-7f76-453a-919d-413861904646",
"meta":{
"created":"2020-11-10T12:40:59-08:00",
"lastModified":"2020-12-13T21:32:44.882Z",
"location":"https://api.syd.e1.enboarder.com/scim/v2/Users/I6zx4C8kq"
},
"userName":"john@example.com",
"userType":"Super Admin",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
},
{
"value":"john2@example.com",
"primary":false
}
]
}

Delete User

/Users/{{id}}

API Endpoint :

  • Using API key: {{baseURL}}/scim/v1/Users/{{id}}

  • Using OAuth Token: {{baseURL}}/scim/v2/Users/{{{id}}

Request Method: DELETE

Base URLs

Header Parameters

  • Authorization: {{token}}

Response

A response with a 200 OK status code indicates a successful request.

API will return a 404 Not Found for all requests made for the deleted user.

List users

/Users

Base URLs

API Endpoint :

  • Using API key: {{baseURL}}/scim/v1/Users

  • Using OAuth Token: {{baseURL}}/scim/v2/Users

Request Method: GET

Header Parameters

  • Authorization: {{token}}

Response:

200 OK

Note: itemsPerPage and startIndex query parameters can be used for pagination. For example, use a URL like the following to return two records starting with the third record in the list of results: /Users?count=2&startIndex=3

{
"totalResults": 37,
"itemsPerPage": 2,
"startIndex": 3,
"schemas": [
"urn:scim:schemas:core:1.0"
],
"Resources": [
{
"schemas": [
"urn:scim:schemas:core:1.0"
],
"id": "I6zx4C8kq",
"externalId": "2819c223-7f76-453a-919d-413861904646",
"meta": {
"created": "2020-11-10T12:40:59-08:00",
"lastModified": "2020-12-13T21:32:44.882Z",
"location": "https://api.syd.e1.enboarder.com/scim/v2/Users/I6zx4C8kq"
},
"userName": "john@example.com",
"userType": "Super Admin",
"name": {
"givenName": "John",
"familyName": "Deo"
},
"displayName": "Justin Bibinka",
"active": true,
"emails": [
{
"value": "john@example.com",
"primary": true
},
{
"value": "john2@example.com",
"primary": false
}
]
},
{
"schemas": [
"urn:scim:schemas:core:1.0"
],
"id": "X5zx4C8kq",
"externalId": "1819c223-8f76-453a-919d-413861904556",
"meta": {
"created": "2020-10-10T12:40:59-08:00",
"lastModified": "2020-11-13T21:32:44.882Z",
"location": "https://api.syd.e1.enboarder.com/scim/v2/Users/X5zx4C8kq"
},
"userName": "jjalloh@example.com",
"userType": "Super Admin",
"name": {
"givenName": "Justin",
"familyName": "Jalloh"
},
"displayName": "Justin Jalloh",
"active": true,
"emails": [
{
"value": "jjalloh@example.com",
"primary": true
}
]
}
]
}

Got questions? Reach out directly to your Customer Success Manager for assistance!

Did this answer your question?